Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Update docker.io/openpolicyagent/opa Docker tag to v1 #313

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Update docker.io/openpolicyagent/opa Docker tag to v1 #313

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Dec 21, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
docker.io/openpolicyagent/opa (source) major 0.70.0-debug -> 1.2.0-debug

Release Notes

open-policy-agent/opa (docker.io/openpolicyagent/opa)

v1.2.0

Compare Source

This release contains a mix of features, performance improvements, and bugfixes.

Parameterized Rego Tests (#​2176)

Rego tests now support parameterization, allowing a single test rule to include multiple, hierarchical, named test cases.
This feature is useful for data-driven testing, where a single test rule can be used for multiple test cases with different inputs and expected outputs.

package example_test

test_concat[note] if {
	some note, tc in {
		"empty + empty": {
			"a": [],
			"b": [],
			"exp": [],
		},
		"empty + filled": {
			"a": [],
			"b": [1, 2],
			"exp": [1, 2],
		},
		"filled + filled": {
			"a": [1, 2],
			"b": [3, 4],
			"exp": [1, 2, 3], # Faulty expectation, this test case will fail
		},
	}

	act := array.concat(tc.a, tc.b)
	act == tc.exp
}

v1.1.0

Compare Source

This release contains a mix of features, performance improvements, and bugfixes.

Performance Improvements
Topdown and Rego
Runtime, Tooling, SDK
Docs, Website, Ecosystem
Miscellaneous
  • ci(nightly): Remove vendor w/o modproxy check (#​7292) authored by @​srenatus
  • Dependency updates; notably:
    • build(go): bump to 1.23.5 (7279) authored by @​srenatus
    • build(deps): upgrade github.com/dgraph-io/badger to v4 (4.5.1) (#​7239) authored by @​Juneezee
    • build(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.25
    • build(deps): bump github.com/tchap/go-patricia/v2 from 2.3.1 to 2.3.2
    • build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
    • build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0
    • build(deps): bump google.golang.org/grpc from 1.69.2 to 1.70.0
    • build(deps): bump go.opentelemetry.io deps to 1.34.0/0.59.0

v1.0.1

Compare Source

This is a bug fix release addressing the following issues:

  • build(go): bump to 1.23.5 (authored by @​srenatus).
    Addressing CVE-2024-45341 and CVE-2024-45336 vulnerabilities in the Go runtime.
  • bundle: Add info about the correct rego version to parse modules on the store, co-authored by @​ashutosh-narkar and @​johanfylling in #​7278.
    Fixing an issue where the rego-version for individual modules was lost during bundle deactivation (bundle lifecycle) if this version diverged from the active runtime rego-version.
    This could cause reloading of v0 bundles to fail when OPA was not running with the --v0-compatible flag.

v1.0.0

Compare Source

NOTES:

  • The minimum version of Go required to build the OPA module is 1.22

We are excited to announce OPA 1.0, a milestone release consolidating an improved developer experience for the future of Policy as Code.
The release makes new functionality designed to simplify policy writing and improve the language's consistency the default.

Changes to Rego in OPA 1.0

Below we highlight some key changes to the defaults in OPA 1.0:

  • Using if for all rule definitions and contains for multi-value rules is now mandatory, not just when using the rego.v1 import.
  • Other new keywords (every, in) are available without any imports.
  • Previously requirements that were only run in "strict mode" (like opa check --strict) are now the default. Duplicate imports and imports which shadow each other are no longer allowed.
  • OPA 1.0 comes with a range of backwards compatibility features to aid your migrations, please see the v0 compatibility guide
    if you must continue to support v0 Rego.

Read more about the OPA 1.0 announcement on the OPA blog.

Following are other changes that are included in OPA 1.0.

Improvements to memory allocations

PRs #​7172, #​7190,
#​7193, #​7165,
#​7168, #​7191 &
#​7222 together improve the memory performance of OPA. Key strategies
include reusing pointers and optimizing array and object operations, minimizing intermediate object creation, and using sync.Pool
to manage memory-heavy operations. These changes cumulatively greatly reduced the number of allocations and improved
evaluation speed by 10-20%. Additional benchmarks highlighted significant memory and speed improvements in custom
function evaluation.

Authored by @​anderseknert.

Wrap http.RoundTripper for SDK users

PR #​7180 adds an EvalHTTPRoundTrip EvalOption and query-level WithHTTPRoundTrip option.
Both use a new function type which converts an http.Transport configured by topdown to an http.RoundTripper.
This supports use cases requiring the customization of the http.send built in behavior.

Authored by @​evankanderson.

Improvements to scientific notation parsing in units.parse

PR #​7147 extends the behaviour of extractNumAndUnit to support
scientific notation values. This means values such as 1e3KB can now be handled by this function.

Authored by @​berdanA.

Support customized buckets bundle_loading_duration_ns metric

PR #​7156 extends OPA’s Prometheus configuration to allow the
setting of user defined buckets for metrics. This aids when debugging the loading of slow bundles.

Authored by @​jwu730-1.

Test suite performance improvements

PR #​7126 updates tests to improve performance. Topdown and storage/disk/
tests now run around 50% and 75% faster respectively.

Authored by @​philipaconrad.

OPA 1.0 Preparation
Topdown and Rego
Runtime, Tooling, SDK
Docs, Website, Ecosystem
Dependency Updates
  • (build) golangci-lint: v1.59.1 -> v1.60.1 by @​srenatus in #​7175
  • github.com/containerd/containerd: v1.7.23 -> v1.7.24
  • github.com/fsnotify/fsnotify: v1.7.0 -> v1.8.0
  • golang.org/x/net: v0.30.0 -> v0.33.0
  • golang.org/x/time: v0.7.0 -> v0.8.0
  • google.golang.org/grpc: v1.67.1 -> v1.69.2
  • go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.53.0 -> v0.58.0
  • go.opentelemetry.io/otel: v1.28.0 -> v1.33.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.28.0 -> v1.33.0
  • go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.28.0 -> v1.33.0
  • go.opentelemetry.io/otel/sdk: v1.28.0 -> v1.33.0
  • go.opentelemetry.io/otel/trace: v1.28.0 -> v1.33.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner December 21, 2024 00:18
@renovate renovate bot requested review from thijslemmens and rschev December 21, 2024 00:18
@renovate renovate bot force-pushed the renovate/docker.io-openpolicyagent-opa-1.x branch 2 times, most recently from edd7ff1 to 61f31d1 Compare January 27, 2025 18:25
@renovate renovate bot force-pushed the renovate/docker.io-openpolicyagent-opa-1.x branch from 61f31d1 to ec5b55b Compare February 18, 2025 09:08
@renovate renovate bot force-pushed the renovate/docker.io-openpolicyagent-opa-1.x branch 12 times, most recently from 4b52ff1 to 9a3564d Compare March 7, 2025 07:47
@renovate renovate bot force-pushed the renovate/docker.io-openpolicyagent-opa-1.x branch from 9a3564d to 32fcb12 Compare March 7, 2025 07:53
NielsCW
NielsCW requested changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@NielsCW NielsCW left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update the version used in tests as well:

contentgrid-gateway/src/test/java/com/contentgrid/gateway/OpenPolicyAgentIntegrationTest.java

Line 32 in e64e640

private static final GenericContainer<?> openPolicyAgent = new GenericContainer<>("docker.io/openpolicyagent/opa:0.70.0-debug")

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Mar 7, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@NielsCW NielsCW NielsCW requested changes

@thijslemmens thijslemmens Awaiting requested review from thijslemmens thijslemmens is a code owner automatically assigned from xenit-eu/contentgrid

@rschev rschev Awaiting requested review from rschev rschev is a code owner automatically assigned from xenit-eu/contentgrid

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@NielsCW