-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prepare v0.56.0 release #6202
Prepare v0.56.0 release #6202
Changes from 4 commits
0b87e58
ab6cf37
56fc90a
f229e79
b9a6fdf
2a3a37a
863bb5b
849ed8b
48f4733
0eb4f7a
a0bfadf
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,18 +3,93 @@ | |
All notable changes to this project will be documented in this file. This | ||
project adheres to [Semantic Versioning](http://semver.org/). | ||
|
||
## Unreleased | ||
## 0.56.0 | ||
|
||
This release contains a mix of new features, bugfixes and a new builtin function. | ||
|
||
### Support for General References in Rule Heads (Experimental) | ||
|
||
A new experimental feature in OPA is support for general refs in rule heads. Where a general ref is a reference with variables at arbitrary locations. | ||
|
||
```rego | ||
package example | ||
|
||
import future.keywords | ||
|
||
# A partial object rule that converts a list of users to a mapping by "role" and then "id". | ||
users_by_role[role][id] := user if { | ||
some user in data.users | ||
id := user.id | ||
role := user.role | ||
} | ||
|
||
# Partial rule with an explicit "admin" key override | ||
users_by_role.admin[id] := user if { | ||
some user in data.admins | ||
id := user.id | ||
} | ||
|
||
# Leaf entries can be partial sets | ||
users_by_country[country] contains user.id if { | ||
srenatus marked this conversation as resolved.
Show resolved
Hide resolved
|
||
some user in data.users | ||
country := user.country | ||
} | ||
``` | ||
|
||
General refs are currently not supported by the OPA planner, making this feature unsupported for Wasm and IR. | ||
|
||
Note: this feature is disabled by default, and needs to be enabled by setting the `EXPERIMENTAL_GENERAL_RULE_REFS` environment variable. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Let's add something like
|
||
|
||
Authored by @johanfylling. | ||
|
||
### New Built-In Function: `numbers.range_step` | ||
|
||
Similar to hte `numbers.range` built-in function, `numbers.range_step` returns an array of numbers in a given range. The difference being the function as input also takes the step between each entry. | ||
johanfylling marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
See [the documentation on the new built-in](https://www.openpolicyagent.org/docs/v0.56.0/policy-reference/#builtin-numbers-numbersrange_step) | ||
for all the details. | ||
|
||
authored by @sspaink. | ||
johanfylling marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
### Runtime, Tooling, SDK | ||
|
||
- ast: Update strict error check message for unused args ([#6125](https://github.com/open-policy-agent/opa/pull/6125)) authored by @ashutosh-narkar | ||
- ast: Remove unnecessary nil check ([#6155](https://github.com/open-policy-agent/opa/pull/6155)) authored by @Juneezee | ||
- cmd: Make `opa test -z` fail with failing tests ([#6126](https://github.com/open-policy-agent/opa/issues/6126)) authored by @fdaguin | ||
- cmd: Fix opa test `--ignore` when used together with `--bundle` ([#6185](https://github.com/open-policy-agent/opa/pull/6185)) authored by @joaobrandt | ||
- cmd: Adding `--fail-non-empty` flag ([#6153](https://github.com/open-policy-agent/opa/pull/6153)) authored by @Ronnie-personal | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we add "to |
||
- download: Sdd opa_no_oci flag to build without containerd ([#6159](https://github.com/open-policy-agent/opa/pull/6159)) authored by @slonka | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Add? |
||
- download: Remove not required basedir for oci bundles & add test to verify signature verification ([#6145](https://github.com/open-policy-agent/opa/pull/6145)) authored by @gitu | ||
- fmt: Trim trailing whitespace in comments ([#6161](https://github.com/open-policy-agent/opa/issues/6161)) authored by @anderseknert | ||
- fmt: Remove dedup comment function in opa fmt ([#6165](https://github.com/open-policy-agent/opa/pull/6165)) authored by @anderseknert | ||
- runtime: Always read .tar.gz file provided in argument as a bundle ([#5879](https://github.com/open-policy-agent/opa/issues/5879)) authored by @yogisinha | ||
- server/authorizer: Inline readBody ([#6156](https://github.com/open-policy-agent/opa/pull/6156)) authored by @srenatus | ||
- test: Bind test server to localhost interface ([#6162](https://github.com/open-policy-agent/opa/issues/6162)) authored by @anderseknert | ||
|
||
### Topdown and Rego | ||
|
||
- ast: Including "child" rules when fetching rules by ref ([#6182](https://github.com/open-policy-agent/opa/issues/6182)) authored by @johanfylling | ||
- ast: Making partial object key rules contribute to dynamic portion of object type ([#6138](https://github.com/open-policy-agent/opa/issues/6138)) authored by @johanfylling | ||
- rego: Expose PrepareOption, add BuiltinFuncs ([#6188](https://github.com/open-policy-agent/opa/pull/6188)) authored by @srenatus | ||
- topdown: Support force cache even when server doesn't set the Date header ([#6175](https://github.com/open-policy-agent/opa/pull/6175)) authored by @c2zwdjnlcg | ||
- topdown: Partial-eval for partial object/set ref head rules ([#6094](https://github.com/open-policy-agent/opa/issues/6094)) authored by @johanfylling | ||
|
||
### Miscellaneous | ||
|
||
- Updates to Documentation and Website (authored by: @anderseknert, @ashutosh-narkar, @atkrad, @charlieegan3, @hmoazzem, @johndbro1, @Pushkarm029, @srenatus and @testwill) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Since https://www.openpolicyagent.org/ecosystem/ has been made more prominent recently, it'd be nice to use the release notes to encourage folks to update entries and add new ones. Just an idea 💡 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sure 👍 , do you have a blurb to suggest? I'm not familiar with the process. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Referring folk to these docs: https://github.com/open-policy-agent/opa/tree/main/docs#opa-ecosystem would be the best starting point. How about:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks 👍 , I'll add a new section with this. |
||
- Dependency updates; notably: | ||
- golang: from 1.20.6 to 1.21 (authored by @ashutosh-narkar amd @srenatus) | ||
- golang.org/x/net from 0.12.0 to 0.14.0 | ||
- google.golang.org/grpc from 1.56.2 to 1.57.0 | ||
- oras.land/oras-go/v2 from 2.2.1 to 2.3.0 | ||
- Replace ghodss/yaml with sigs.k8s.io/yaml ([#6195](https://github.com/open-policy-agent/opa/pull/6195)) authored by @mrueg | ||
|
||
### Breaking changes | ||
|
||
Since its introduction in 0.34.0, the `--exit-zero-on-skipped` option always made the `opa test` command return an exit code 0. When used, it now returns the exit code 0 only if no failed tests were found. | ||
|
||
Test runs on existing projects using `--exit-zero-on-skipped` will fail if any failed tests were inhibited by this behavior. | ||
|
||
### Tooling, SDK, and Runtime | ||
|
||
- `opa test`: Fix `--exit-zero-on-skipped` behavior to make test runs fail with failing test rules ([#6126](https://github.com/open-policy-agent/opa/issues/6126)) reported and authored by @fdaguin | ||
|
||
## 0.55.0 | ||
|
||
> **_NOTES:_** | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think ideally, we'd shift terminology we use to single-value and multi-value rules. This, albeit being the more generic cousin of a partial object rule, would be single-value rule. It's pretty much the same as
except that it happens to have vars instead of strings in the rule (head) ref.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean as in how we internally differentiate between set-building rules as multi-value, and object-building and primitives as single-value?
There's no need of differentiating between complete- and partial rules? Where the former terminates with an error on assignment conflicts, and the latter is additive to the result on conflicts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking about it a bit more, perhaps the single-/multi-value distinction covers all bases 🤔 ; as key conflicts for partial objects does result in an error too. I'll strip the description of mentions of partial-/complete-; they're not really necessary anyways.