This release contains some enhancements, bugfixes, and a new builtin function.
Runtime, Tooling, SDK
status: Ensure Status plugin is correctly reconfigured to register or unregister Prometheus Collectors based on the state provided in OPA's active config (#5918) authored by @johanfylling
opa eval: Update OPA eval's --profile-sort flag description to highlight the valid options to sort the profile results (#5924) authored by @ecbenezra
opa fmt: Fix cases in which invalid code was generated due to parentheses being improperly handled (#5537) authored by @Trolloldem
rest: Allow users to configure the AWS STS domain when using Web Identity Credentials (#5915) authored by @johanfylling
status: Add an OPA environment information Gauge to Prometheus metrics to capture information like OPA version (#5852) authored by @jmoghisi
server: Add ability to configure Unix socket permissions if OPA is listening on a Unix socket (#5888) authored by @ashutosh-narkar
loader: Allow extensions to the loader package that provide ability to register handlers for certain file extensions. This feature is currently EXPERIMENTAL (#5940) authored by @srenatus
Topdown and Rego
New built-in function crypto.x509.parse_keypair: Returns a key pair from a pair of PEM or base64 encoded strings of data. See the documentation on the new built-in for all the details. (#5853) authored by @volck.
ast: Abort query evaluation if the compiler has errors. These errors will be exposed via the Status API if enabled (#5947) authored by @johanfylling
io.jwt.decode_verify: Fix issue where token verification succeeded in case where iss constraint was required but JWT did not contain it (#5850) authored by @AleksanderBrzozowski
wasm: Fix memory leaks in WASM when incrementally adding or removing data (#5785) and (#5901) authored by @ctelfer-sophos
http.send: Add a new option to the http.send input object which allows policy authors to specify a retry count for executing a HTTP request. Retries are performed with an exponential backoff delay (#5891) authored by @ashutosh-narkar
ast: Fix issue with _ matching only scalars in rule indexing for arrays (#5916) authored by @jaspervdj
rego: Allow for extending the Rego evaluation targets with plugins (#5939) authored by @srenatus
Miscellaneous
Add PITS Global Data Recovery Services to ADOPTERS.md (authored by @pheianox)
Avoid unnecessary byte/string conversion by using alternative functions/methods (#5944) authored by @Juneezee
This release contains some enhancements, bugfixes, and a new builtin function.
Runtime, Tooling, SDK
status: Ensure Status plugin is correctly reconfigured to register or unregister Prometheus Collectors based on the state provided in OPA's active config (#5918) authored by @johanfylling
opa eval: Update OPA eval's --profile-sort flag description to highlight the valid options to sort the profile results (#5924) authored by @ecbenezra
opa fmt: Fix cases in which invalid code was generated due to parentheses being improperly handled (#5537) authored by @Trolloldem
rest: Allow users to configure the AWS STS domain when using Web Identity Credentials (#5915) authored by @johanfylling
status: Add an OPA environment information Gauge to Prometheus metrics to capture information like OPA version (#5852) authored by @jmoghisi
server: Add ability to configure Unix socket permissions if OPA is listening on a Unix socket (#5888) authored by @ashutosh-narkar
loader: Allow extensions to the loader package that provide ability to register handlers for certain file extensions. This feature is currently EXPERIMENTAL (#5940) authored by @srenatus
Topdown and Rego
New built-in function crypto.x509.parse_keypair: Returns a key pair from a pair of PEM or base64 encoded strings of data. See the documentation on the new built-in for all the details. (#5853) authored by @volck.
ast: Abort query evaluation if the compiler has errors. These errors will be exposed via the Status API if enabled (#5947) authored by @johanfylling
io.jwt.decode_verify: Fix issue where token verification succeeded in case where iss constraint was required but JWT did not contain it (#5850) authored by @AleksanderBrzozowski
wasm: Fix memory leaks in WASM when incrementally adding or removing data (#5785) and (#5901) authored by @ctelfer-sophos
http.send: Add a new option to the http.send input object which allows policy authors to specify a retry count for executing a HTTP request. Retries are performed with an exponential backoff delay (#5891) authored by @ashutosh-narkar
ast: Fix issue with _ matching only scalars in rule indexing for arrays (#5916) authored by @jaspervdj
rego: Allow for extending the Rego evaluation targets with plugins (#5939) authored by @srenatus
Miscellaneous
Add PITS Global Data Recovery Services to ADOPTERS.md (authored by @pheianox)
Avoid unnecessary byte/string conversion by using alternative functions/methods (#5944) authored by @Juneezee
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
⚠️ Dependabot is rebasing this PR ⚠️
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps github.com/open-policy-agent/opa from 0.52.0 to 0.53.0.
Release notes
Sourced from github.com/open-policy-agent/opa's releases.
Changelog
Sourced from github.com/open-policy-agent/opa's changelog.
Commits
5017e8cPrepare v0.53.0 release6109e6aAborting query-eval if the compiler has errors (#5949)d3811e2fix: CVE-2022-3517 (#5941)dfe947abuild(deps): bump oras.land/oras-go/v2 from 2.1.0 to 2.2.0 (#5952)6f543aerego: allow for extending the rego targets with plugins (#5939)34d5da4loader: allow extensions (experimental) (#5940)d3b8772wasm: Don't order small blocks and add bulk free63114e9adds builtin: crypto.x509.parse_keypair.b3ae18dperf: avoid unnecessary byte/string conversione903f5dAdd PITS Global Data Recovery Services to the list of adoptersDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)