Prepare v0.56.0 release #6202
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,18 +3,93 @@ | |
| All notable changes to this project will be documented in this file. This | ||
| project adheres to [Semantic Versioning](http://semver.org/). | ||
|
|
||
| ## 0.56.0 | ||
|
|
||
| This release contains a mix of new features, bugfixes and a new builtin function. | ||
|
|
||
| ### Support for General References in Rule Heads (Experimental) | ||
|
|
||
| A new experimental feature in OPA is support for general refs in rule heads. Where a general ref is a reference with variables at arbitrary locations. | ||
|
|
||
| ```rego | ||
| package example | ||
|
|
||
| import future.keywords | ||
|
|
||
| # A partial object rule that converts a list of users to a mapping by "role" and then "id". | ||
| users_by_role[role][id] := user if { | ||
| some user in data.users | ||
| id := user.id | ||
| role := user.role | ||
| } | ||
|
|
||
| # Partial rule with an explicit "admin" key override | ||
| users_by_role.admin[id] := user if { | ||
| some user in data.admins | ||
| id := user.id | ||
| } | ||
|
|
||
| # Leaf entries can be partial sets | ||
| users_by_country[country] contains user.id if { | ||
srenatus marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| some user in data.users | ||
| country := user.country | ||
| } | ||
| ``` | ||
|
|
||
| General refs are currently not supported by the OPA planner, making this feature unsupported for Wasm and IR. | ||
|
|
||
| Note: this feature is disabled by default, and needs to be enabled by setting the `EXPERIMENTAL_GENERAL_RULE_REFS` environment variable. | ||
|
There was a problem hiding this comment. Let's add something like
|
||
|
|
||
| Authored by @johanfylling. | ||
|
|
||
| ### New Built-In Function: `numbers.range_step` | ||
|
|
||
| Similar to hte `numbers.range` built-in function, `numbers.range_step` returns an array of numbers in a given range. The difference being the function as input also takes the step between each entry. | ||
johanfylling marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| See [the documentation on the new built-in](https://www.openpolicyagent.org/docs/v0.56.0/policy-reference/#builtin-numbers-numbersrange_step) | ||
| for all the details. | ||
|
|
||
| authored by @sspaink. | ||
johanfylling marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| ### Runtime, Tooling, SDK | ||
|
|
||
| - ast: Update strict error check message for unused args ([#6125](https://github.com/open-policy-agent/opa/pull/6125)) authored by @ashutosh-narkar | ||
| - ast: Remove unnecessary nil check ([#6155](https://github.com/open-policy-agent/opa/pull/6155)) authored by @Juneezee | ||
| - cmd: Make `opa test -z` fail with failing tests ([#6126](https://github.com/open-policy-agent/opa/issues/6126)) authored by @fdaguin | ||
| - cmd: Fix opa test `--ignore` when used together with `--bundle` ([#6185](https://github.com/open-policy-agent/opa/pull/6185)) authored by @joaobrandt | ||
| - cmd: Adding `--fail-non-empty` flag ([#6153](https://github.com/open-policy-agent/opa/pull/6153)) authored by @Ronnie-personal | ||
|
There was a problem hiding this comment. Can we add "to |
||
| - download: Sdd opa_no_oci flag to build without containerd ([#6159](https://github.com/open-policy-agent/opa/pull/6159)) authored by @slonka | ||
|
|
||
| - download: Remove not required basedir for oci bundles & add test to verify signature verification ([#6145](https://github.com/open-policy-agent/opa/pull/6145)) authored by @gitu | ||
| - fmt: Trim trailing whitespace in comments ([#6161](https://github.com/open-policy-agent/opa/issues/6161)) authored by @anderseknert | ||
| - fmt: Remove dedup comment function in opa fmt ([#6165](https://github.com/open-policy-agent/opa/pull/6165)) authored by @anderseknert | ||
| - runtime: Always read .tar.gz file provided in argument as a bundle ([#5879](https://github.com/open-policy-agent/opa/issues/5879)) authored by @yogisinha | ||
| - server/authorizer: Inline readBody ([#6156](https://github.com/open-policy-agent/opa/pull/6156)) authored by @srenatus | ||
| - test: Bind test server to localhost interface ([#6162](https://github.com/open-policy-agent/opa/issues/6162)) authored by @anderseknert | ||
|
|
||
| ### Topdown and Rego | ||
|
|
||
| - ast: Including "child" rules when fetching rules by ref ([#6182](https://github.com/open-policy-agent/opa/issues/6182)) authored by @johanfylling | ||
| - ast: Making partial object key rules contribute to dynamic portion of object type ([#6138](https://github.com/open-policy-agent/opa/issues/6138)) authored by @johanfylling | ||
| - rego: Expose PrepareOption, add BuiltinFuncs ([#6188](https://github.com/open-policy-agent/opa/pull/6188)) authored by @srenatus | ||
| - topdown: Support force cache even when server doesn't set the Date header ([#6175](https://github.com/open-policy-agent/opa/pull/6175)) authored by @c2zwdjnlcg | ||
| - topdown: Partial-eval for partial object/set ref head rules ([#6094](https://github.com/open-policy-agent/opa/issues/6094)) authored by @johanfylling | ||
|
|
||
| ### Miscellaneous | ||
|
|
||
| - Updates to Documentation and Website (authored by: @anderseknert, @ashutosh-narkar, @atkrad, @charlieegan3, @hmoazzem, @johndbro1, @Pushkarm029, @srenatus and @testwill) | ||
|
There was a problem hiding this comment. Since https://www.openpolicyagent.org/ecosystem/ has been made more prominent recently, it'd be nice to use the release notes to encourage folks to update entries and add new ones. Just an idea 💡 There was a problem hiding this comment. Sure 👍 , do you have a blurb to suggest? I'm not familiar with the process. There was a problem hiding this comment. Referring folk to these docs: https://github.com/open-policy-agent/opa/tree/main/docs#opa-ecosystem would be the best starting point. How about:
There was a problem hiding this comment. Thanks 👍 , I'll add a new section with this. |
||
| - Dependency updates; notably: | ||
| - golang: from 1.20.6 to 1.21 (authored by @ashutosh-narkar amd @srenatus) | ||
| - golang.org/x/net from 0.12.0 to 0.14.0 | ||
| - google.golang.org/grpc from 1.56.2 to 1.57.0 | ||
| - oras.land/oras-go/v2 from 2.2.1 to 2.3.0 | ||
| - Replace ghodss/yaml with sigs.k8s.io/yaml ([#6195](https://github.com/open-policy-agent/opa/pull/6195)) authored by @mrueg | ||
|
|
||
| ### Breaking changes | ||
|
|
||
| Since its introduction in 0.34.0, the `--exit-zero-on-skipped` option always made the `opa test` command return an exit code 0. When used, it now returns the exit code 0 only if no failed tests were found. | ||
|
|
||
| Test runs on existing projects using `--exit-zero-on-skipped` will fail if any failed tests were inhibited by this behavior. | ||
|
|
||
| ## 0.55.0 | ||
|
|
||
| > **_NOTES:_** | ||
|
|
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think ideally, we'd shift terminology we use to single-value and multi-value rules. This, albeit being the more generic cousin of a partial object rule, would be single-value rule. It's pretty much the same as
except that it happens to have vars instead of strings in the rule (head) ref.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You mean as in how we internally differentiate between set-building rules as multi-value, and object-building and primitives as single-value?
There's no need of differentiating between complete- and partial rules? Where the former terminates with an error on assignment conflicts, and the latter is additive to the result on conflicts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking about it a bit more, perhaps the single-/multi-value distinction covers all bases 🤔 ; as key conflicts for partial objects does result in an error too. I'll strip the description of mentions of partial-/complete-; they're not really necessary anyways.