contrib
contrib copied to clipboard
Bump github.com/open-policy-agent/opa from 0.40.0 to 0.42.0 in /opa_fig_autocomplete
Bumps github.com/open-policy-agent/opa from 0.40.0 to 0.42.0.
Release notes
Sourced from github.com/open-policy-agent/opa's releases.
v0.42.0
This release contains a number of fixes and enhancements.
New built-in function:
object.subset
This function checks if a collection is a subset of another collection. It works on objects, sets, and arrays.
If both arguments are objects, then the operation is recursive, e.g.
{"c": {"x": {10, 15, 20}}
is considered a subset of{"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}
.See the built-in functions docs for all details
This implementation fixes #4358 and was authored by
@charlesdaniels
.New keywords: "contains" and "if"
These new keywords let you increase the expressiveness of your policy code:
Before
package authz allow { not denied } # `denied` left out for presentation purposes
deny[msg] { count(violations) > 0 msg := sprintf("there are %d violations", [count(violations)]) }
After
package authz import future.keywords
allow if not denied # one expression only => no { ... } needed!
deny contains msg if { count(violations) > 0 msg := sprintf("there are %d violations", [count(violations)]) }
Note that rule bodies containing only one expression can be abbreviated when using
if
.To use the new keywords, use
import future.keywords.contains
andimport future.keywords.if
; or import all of them at once viaimport future.keywords
. When these future imports are present, the pretty printer (opa fmt
) will introducecontains
andif
where applicable.
if
is allowed in all places to separate the rule head from the body, like</tr></table>
... (truncated)
Changelog
Sourced from github.com/open-policy-agent/opa's changelog.
0.42.0
This release contains a number of fixes and enhancements.
New built-in function:
object.subset
This function checks if a collection is a subset of another collection. It works on objects, sets, and arrays.
If both arguments are objects, then the operation is recursive, e.g.
{"c": {"x": {10, 15, 20}}
is considered a subset of{"a": "b", "c": {"x": {10, 15, 20, 25}, "y": "z"}
.See the built-in functions docs for all details
This implementation fixes #4358 and was authored by
@charlesdaniels
.New keywords: "contains" and "if"
These new keywords let you increase the expressiveness of your policy code:
Before
package authz allow { not denied } # `denied` left out for presentation purposes
deny[msg] { count(violations) > 0 msg := sprintf("there are %d violations", [count(violations)]) }
After
package authz import future.keywords
allow if not denied # one expression only => no { ... } needed!
deny contains msg if { count(violations) > 0 msg := sprintf("there are %d violations", [count(violations)]) }
Note that rule bodies containing only one expression can be abbreviated when using
if
.To use the new keywords, use
import future.keywords.contains
andimport future.keywords.if
; or import all of them at once viaimport future.keywords
. When these future imports are present, the
... (truncated)
Commits
9b5fb9b
Prepare release v0.42.0 (#4834)7305b16
server: pass IQBC to authorizer (#4838)a52e317
topdown/pe: plug nested every expressions (#4827)a453d2e
build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#4835)d5b8a61
release process: fix metadata logic (#4836)2f169d9
build(deps): bump aquasecurity/trivy-action from 0.5.0 to 0.5.1 (#4833)53b8192
docs/configuration: Fix profile_credentials AWS docs (#4831)568f020
docs/wasm: fix markup (#4828)c0c902c
topdown/eval: fix 'every' term plugging on save (#4775)8a3bf90
ast/compile: reorder body for safety differently (#4801)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the Security Alerts page.
LGTM but merging this alone will not update the fig database. We'll have to go through more steps, see the original work done by @developer-guy.
Superseded by #186.