chore: bump github.com/open-policy-agent/opa from 0.68.0 to 0.69.0 in /constraint

[dependabot[bot]]

Bumps github.com/open-policy-agent/opa from 0.68.0 to 0.69.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.69.0

This release contains a mix of features, bugfixes and necessary tooling and test changes required to support the upcoming OPA 1.0 release.

Inter-Query Value Cache (#6908)

OPA now has a new inter-query value cache added to the SDK. It is intended to be used for values that are expensive to compute and can be reused across multiple queries. The cache can be leveraged by built-in functions to store values that otherwise aren't appropriate for the existing inter-query cache; for instance when the entry size isn't an appropriate or primary limiting factor for cache eviction.

The default size of the inter-query value cache is unbounded, but can be configured via the caching.inter_query_builtin_value_cache.max_num_entries configuration field. OPA will drop random items from the cache if this limit is exceeded.

The cache is used by the regex and glob built-in functions, which previously had individual, non-configurable caches with a max entry size of 100 each.

Currently, the cache is only exercised when running OPA in server mode (ie. opa run -s). Also this feature is unsupported for WASM.

Authored by @​ashutosh-narkar, reported by @​amirsalarsafaei

Topdown and Rego

• Future-proofing tests in the ast, topdown, rego etc. packages to be 1.0 compatible (authored by @​johanfylling)
• ast: Attach annotation to static part of rule ref (#7050) authored by @​anderseknert
• ast: Make Module.String() include if/contains for v1 modules (#6973) authored by @​johanfylling reported by @​nikpivkin
• topdown/http: Stop http.send latency timer when an error is encountered (#7007) authored by @​lukyer
• ast/compile: Refactor local variable replacement and replace declared variables in with's target (#6979) authored by @​srenatus reported by @​bluebrown
• ast: Update type checker to cache schema types (#6970) authored by @​nikpivkin
• test: Fix indentation in a YAML test case (#7039) authored by @​matajoh
• format: Bracketing keyword ref elements in formatter output (#7010) authored by @​johanfylling

Runtime, Tooling, SDK

• Future-proofing tests in the sdk, downlaod, server , cmd etc. packages to be 1.0 compatible (authored by @​johanfylling)
• cmd: Add --v0-compatible flag to make OPA behave as v0.x post v1.0 release (#7065) authored by @​johanfylling
• util: Strip UTF-8 BOM from input JSON when found (#6988) authored by @​anderseknert reported by @​adhilto
• plugins/rest: Support reading AWS token from the filesystem for the AWS container credential provider (#6997) authored by @​cmaddalozzo
• debug: Add RegoOption launch option to debugger for setting custom Rego options (#7045) authored by @​johanfylling
• debug: Always include Input and Data variable scopes to ease discoverability of the scopes (#7074) authored by @​johanfylling
• wasm: Fix arithmetic comparison for large numbers, caused by an integer overflow (#6991) authored by @​Ptroger

Docs, Website, Ecosystem

• Add Marsh McLennan to adopters (#7060) authored by @​anderseknert reported by @​pratimsc
• Add APIwiz to adopters (#7067) authored by @​anderseknert
• docs: Fix misnomer in OPA-Istio tutorial to document Istio's AuthorizationPolicy API (#6984) authored by @​tjons
• docs: Readme updates to highlight more up-to-date information about OPA (#7066) authored by @​charlieegan3

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.69.0

This release contains a mix of features, bugfixes and necessary tooling and test changes required to support the upcoming OPA 1.0 release.

Inter-Query Value Cache (#6908)

OPA now has a new inter-query value cache added to the SDK. It is intended to be used for values that are expensive to compute and can be reused across multiple queries. The cache can be leveraged by built-in functions to store values that otherwise aren't appropriate for the existing inter-query cache; for instance when the entry size isn't an appropriate or primary limiting factor for cache eviction.

The default size of the inter-query value cache is unbounded, but can be configured via the caching.inter_query_builtin_value_cache.max_num_entries configuration field. OPA will drop random items from the cache if this limit is exceeded.

The cache is used by the regex and glob built-in functions, which previously had individual, non-configurable caches with a max entry size of 100 each.

Currently, the cache is only exercised when running OPA in server mode (ie. opa run -s). Also this feature is unsupported for WASM.

Authored by @​ashutosh-narkar, reported by @​amirsalarsafaei

Topdown and Rego

• Future-proofing tests in the ast, topdown, rego etc. packages to be 1.0 compatible (authored by @​johanfylling)
• ast: Attach annotation to static part of rule ref (#7050) authored by @​anderseknert
• ast: Make Module.String() include if/contains for v1 modules (#6973) authored by @​johanfylling reported by @​nikpivkin
• topdown/http: Stop http.send latency timer when an error is encountered (#7007) authored by @​lukyer
• ast/compile: Refactor local variable replacement and replace declared variables in with's target (#6979) authored by @​srenatus reported by @​bluebrown
• ast: Update type checker to cache schema types (#6970) authored by @​nikpivkin
• test: Fix indentation in a YAML test case (#7039) authored by @​matajoh
• format: Bracketing keyword ref elements in formatter output (#7010) authored by @​johanfylling

Runtime, Tooling, SDK

• Future-proofing tests in the sdk, downlaod, server , cmd etc. packages to be 1.0 compatible (authored by @​johanfylling)
• cmd: Add --v0-compatible flag to make OPA behave as v0.x post v1.0 release (#7065) authored by @​johanfylling
• util: Strip UTF-8 BOM from input JSON when found (#6988) authored by @​anderseknert reported by @​adhilto
• plugins/rest: Support reading AWS token from the filesystem for the AWS container credential provider (#6997) authored by @​cmaddalozzo
• debug: Add RegoOption launch option to debugger for setting custom Rego options (#7045) authored by @​johanfylling
• debug: Always include Input and Data variable scopes to ease discoverability of the scopes (#7074) authored by @​johanfylling
• wasm: Fix arithmetic comparison for large numbers, caused by an integer overflow (#6991) authored by @​Ptroger

Docs, Website, Ecosystem

• Add Marsh McLennan to adopters (#7060) authored by @​anderseknert reported by @​pratimsc
• Add APIwiz to adopters (#7067) authored by @​anderseknert
• docs: Fix misnomer in OPA-Istio tutorial to document Istio's AuthorizationPolicy API (#6984) authored by @​tjons

... (truncated)

Commits

• 4a3fd1a Prepare v0.69.0 release (#7076)
• af8f915 Add mirror linter
• 71ab7ba debug: Always including Input and Data variable scopes
• e16f22a docs: Another minor update to README.md (#7072)
• 27dcd29 rego-v1: Future-proofing misc tests to be 1.0 compatible
• 0385717 build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#7069)
• 5cbc1e0 topdown: glob|regex code nitpicks (#7071)
• 4ba95d0 format: Bracketing keyword ref elements in formatter output (#7010)
• 6148b0b Add APIwiz to adopters (#7067)
• c487e39 docs: Update generated CLI docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)