Add Rego-Version attribute to Bundle #6578
Labels
Projects
Comments
johanfylling
added
feature-request
pre1.0
distribution
johanfylling
added a commit
to johanfylling/opa
that referenced
this issue
Feb 9, 2024
Implements: open-policy-agent#6578 Signed-off-by: Johan Fylling <johan.dev@fylling.se>
johanfylling
added a commit
that referenced
this issue
Apr 10, 2024
Adding a global `rego_version` attribute to bundle manifest, to inform OPA runtime about what rego-version (v0/v1) to use to parse/compile contained Rego files. The rego-version of individual Rego files can be overridden through the `file_rego_versions` manifest attribute. Implements: #6578 Signed-off-by: Johan Fylling <johan.dev@fylling.se>
tsidebottom
pushed a commit
to tsidebottom/opa-
that referenced
this issue
Apr 17, 2024
Adding a global `rego_version` attribute to bundle manifest, to inform OPA runtime about what rego-version (v0/v1) to use to parse/compile contained Rego files. The rego-version of individual Rego files can be overridden through the `file_rego_versions` manifest attribute. Implements: open-policy-agent#6578 Signed-off-by: Johan Fylling <johan.dev@fylling.se> Signed-off-by: Thomas Sidebottom <thomas.sidebottom@va.gov>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
May 4, 2024
Changes: v0.64.1 This is a bug fix release addressing the following issues: - plugins/discovery: Update comparison logic used in the discovery plugin for handling overrides. This fixes a panic that resulted from the comparison of uncomparable types v0.64.0 This release contains a mix of features, a new builtin function `json.marshal_with_options()`, performance improvements, and bugfixes. ### Breaking Change #### Bootstrap configuration overrides Discovered configuration Previously if Discovery was enabled, other features like bundle downloading and status reporting could not be configured manually. The reason for this was to prevent OPAs being deployed that could not be controlled through discovery. It's possible that the system serving the discovered config is unaware of all options locally available in OPA. Hence, we relax the configuration check when discovery is enabled so that the bootstrap configuration can contain plugin configurations. In case of conflicts, the bootstrap configuration for plugins wins. These local configuration overrides from the bootstrap configuration are included in the Status API messages so that management systems can get visibility into the local overrides. In general, the bootstrap configuration overrides the discovered configuration. Previously this was not the case for all configuration fields. For example, if the discovered configuration changes the `labels` section, only labels that are additional compared to the bootstrap configuration are used, all other changes are ignored. This implies labels in the bootstrap configuration override those in the discovered configuration. But for fields such as `default_decision`, `default_authorization_decision`, `nd_builtin_cache`, the discovered configuration would override the bootstrap configuration. Now the behavior is more consistent for the entire configuration and helps to avoid accidental configuration errors. ### Add `rego_version` attribute to the bundle manifest A new global `rego_version` attribute is added to the bundle manifest, to inform the OPA runtime about what Rego version (`v0`/`v1`) to use while parsing/compiling contained Rego files. There is also a new `file_rego_versions` attribute which allows individual files to override the global Rego version specified by `rego_version`. When the version of the contained Rego is advertised by the bundle through this attribute, it is not required to run OPA with the `--v1-compatible` (or future `--v0-compatible`) flag in order to correctly parse, compile and evaluate the bundle's modules. A bundle's `rego_version` attribute takes precedence over any applied `--v1-compatible`/`--v0-compatible` flag. ([#6578](open-policy-agent/opa#6578)) authored by @johanfylling v0.63.0 This release contains a mix of features, performance improvements, and bugfixes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When OPA builds a bundle, the Rego version (0.x or 1.0) should be included as a manifest attribute.
When the version of the contained Rego is advertised by the bundle through this attribute, the OPA runtime loading it will not be required to be executed with the
--v1-compatible(or future--v0-compatible) flag to correctly parse and evaluate the bundle's modules.A bundle's rego-version attribute should take precedence over any applied
--v1-compatible/--v0-compatibleflag.The text was updated successfully, but these errors were encountered: