diff --git a/Makefile b/Makefile index 6f3539014..bbfc95b08 100644 --- a/Makefile +++ b/Makefile @@ -120,8 +120,15 @@ acceptance: ## Run all acceptance tests cd acceptance && go test -coverprofile "$$ACCEPTANCE_WORKDIR/coverage-acceptance.out" -timeout $(ACCEPTANCE_TIMEOUT) ./... && \ go run -modfile "$$ACCEPTANCE_WORKDIR/tools/go.mod" github.com/wadey/gocovmerge "$$ACCEPTANCE_WORKDIR/coverage-acceptance.out" > "$(ROOT_DIR)/coverage-acceptance.out" +# Beware this doesn't produce the code coverage data, so it's not a good replacement for `make acceptance` +acceptance-steps: build ## Run acceptance tests feature by feature + @for f in $$(git ls-files features/*.feature | xargs -n1 -exec basename -s .feature); do + $(MAKE) feature_$$f; \ + done; + # Add @focus above the feature you're hacking on to use this # (Mainly for use with the feature-% target below) +# Fixme: It does a needless build every time .PHONY: focus-acceptance focus-acceptance: build ## Run acceptance tests with @focus tag @cd acceptance && go test -tags=acceptance . -args -tags=@focus diff --git a/acceptance/examples/allow_all.rego b/acceptance/examples/allow_all.rego index 8dc0196d0..64d1f1ccc 100644 --- a/acceptance/examples/allow_all.rego +++ b/acceptance/examples/allow_all.rego @@ -1,4 +1,6 @@ # Simplest never-failing policy package main +import rego.v1 + allow := [] diff --git a/acceptance/examples/disallowed_functions.rego b/acceptance/examples/disallowed_functions.rego index 48b032c32..8d7162ff3 100644 --- a/acceptance/examples/disallowed_functions.rego +++ b/acceptance/examples/disallowed_functions.rego @@ -6,8 +6,7 @@ # test that certain rego functions are not allowed. package policy.capabilities -import future.keywords.contains -import future.keywords.if +import rego.v1 # METADATA # title: use env var diff --git a/acceptance/examples/fail_with_data.rego b/acceptance/examples/fail_with_data.rego index fe737ecaf..e91b3bfb5 100644 --- a/acceptance/examples/fail_with_data.rego +++ b/acceptance/examples/fail_with_data.rego @@ -1,5 +1,7 @@ package main -deny[result] { +import rego.v1 + +deny contains result if { result := sprintf("Failure due to %s", [data.rule_data.banana_fail_reason]) } diff --git a/acceptance/examples/fetch_blob.rego b/acceptance/examples/fetch_blob.rego index a37d13fe3..a10f1a22d 100644 --- a/acceptance/examples/fetch_blob.rego +++ b/acceptance/examples/fetch_blob.rego @@ -1,8 +1,6 @@ package blobby -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # custom: diff --git a/acceptance/examples/filtering.rego b/acceptance/examples/filtering.rego index 489af8d10..7869420fe 100644 --- a/acceptance/examples/filtering.rego +++ b/acceptance/examples/filtering.rego @@ -6,9 +6,7 @@ # showcase the filtering logic with include/exclude/collection. package policy.filtering -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # title: always pass diff --git a/acceptance/examples/future_deny.rego b/acceptance/examples/future_deny.rego index ec6ecb8e8..0c2c51379 100644 --- a/acceptance/examples/future_deny.rego +++ b/acceptance/examples/future_deny.rego @@ -1,6 +1,8 @@ package main -deny[{"msg": result, "effective_on": effective_on}] { +import rego.v1 + +deny contains {"msg": result, "effective_on": effective_on} if { result := "Fails in 2099" effective_on := "2099-01-01T00:00:00Z" } diff --git a/acceptance/examples/gloomy_day.rego b/acceptance/examples/gloomy_day.rego index c7ad5c982..8cf24a871 100644 --- a/acceptance/examples/gloomy_day.rego +++ b/acceptance/examples/gloomy_day.rego @@ -1,13 +1,15 @@ # Provide one always passing rule and one always failing rule package gloomy +import rego.v1 + # METADATA # title: Allow gloomy rule # description: This rule will never fail # custom: # short_name: happy # failure_msg: Always succeeds -deny[result] { +deny contains result if { false result := "Never fails" } @@ -18,7 +20,7 @@ deny[result] { # custom: # short_name: sad # failure_msg: Always fails -deny[result] { +deny contains result if { result := { "code": "gloomy.sad", "effective_on": "2022-01-01T00:00:00Z", diff --git a/acceptance/examples/happy_day.rego b/acceptance/examples/happy_day.rego index 640957104..db80833c0 100644 --- a/acceptance/examples/happy_day.rego +++ b/acceptance/examples/happy_day.rego @@ -1,6 +1,8 @@ # Simplest never-failing policy package main +import rego.v1 + # METADATA # title: Allow rule # description: This rule will never fail @@ -10,7 +12,7 @@ package main # solution: Easy # collections: # - A -deny[result] { +deny contains result if { false result := "Never denies" } diff --git a/acceptance/examples/image_config.rego b/acceptance/examples/image_config.rego index d7c84c7d9..4448a42fb 100644 --- a/acceptance/examples/image_config.rego +++ b/acceptance/examples/image_config.rego @@ -1,9 +1,7 @@ # Verify image config data from input. package image_config -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # title: Image Title Label @@ -11,7 +9,7 @@ import future.keywords.in # custom: # short_name: image_title_set # failure_msg: Missing image title label -deny contains err(rego.metadata.rule()) { +deny contains err(rego.metadata.rule()) if { not input.image.config.Labels["org.opencontainers.image.title"] } @@ -21,7 +19,7 @@ deny contains err(rego.metadata.rule()) { # custom: # short_name: parent_image_title_set # failure_msg: Missing parent image title label -deny contains err(rego.metadata.rule()) { +deny contains err(rego.metadata.rule()) if { not input.image.parent.config.Labels["org.opencontainers.image.title"] } @@ -33,7 +31,7 @@ deny contains err(rego.metadata.rule()) { # custom: # short_name: image_distinct_title_set # failure_msg: Image does not have a distinct title -deny contains err(rego.metadata.rule()) { +deny contains err(rego.metadata.rule()) if { l1 := input.image.config.Labels["org.opencontainers.image.title"] l2 := input.image.parent.config.Labels["org.opencontainers.image.title"] l1 == l2 diff --git a/acceptance/examples/keyless.rego b/acceptance/examples/keyless.rego index 854b0caaf..e78ae8a96 100644 --- a/acceptance/examples/keyless.rego +++ b/acceptance/examples/keyless.rego @@ -1,8 +1,6 @@ package keyless -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # custom: diff --git a/acceptance/examples/oci_image_files.rego b/acceptance/examples/oci_image_files.rego index 525eab28e..e60f64b57 100644 --- a/acceptance/examples/oci_image_files.rego +++ b/acceptance/examples/oci_image_files.rego @@ -2,7 +2,6 @@ package files import rego.v1 - # METADATA # custom: # short_name: match diff --git a/acceptance/examples/olm_manifests.rego b/acceptance/examples/olm_manifests.rego index 78dd62e00..593a27460 100644 --- a/acceptance/examples/olm_manifests.rego +++ b/acceptance/examples/olm_manifests.rego @@ -1,8 +1,6 @@ package olm_manifests -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # title: Manifests are there diff --git a/acceptance/examples/pipeline_basic.rego b/acceptance/examples/pipeline_basic.rego index 45b219dfa..c582bac56 100644 --- a/acceptance/examples/pipeline_basic.rego +++ b/acceptance/examples/pipeline_basic.rego @@ -1,5 +1,7 @@ package pipeline.main +import rego.v1 + expected_kind := "Pipeline" # METADATA @@ -7,7 +9,7 @@ expected_kind := "Pipeline" # description: Check that the pipeline is a kind of "Pipeline" # custom: # short_name: expected_kind -deny[result] { +deny contains result if { expected_kind != input.kind result := "invalid kind" } diff --git a/acceptance/examples/purl.rego b/acceptance/examples/purl.rego index 6a61f8e38..4f5a3f13f 100644 --- a/acceptance/examples/purl.rego +++ b/acceptance/examples/purl.rego @@ -1,8 +1,6 @@ package purl -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # custom: diff --git a/acceptance/examples/reject.rego b/acceptance/examples/reject.rego index 704398d46..7792d7ada 100644 --- a/acceptance/examples/reject.rego +++ b/acceptance/examples/reject.rego @@ -1,9 +1,7 @@ # Simplest always-failing policy package main -import future.keywords.contains -import future.keywords.if -import future.keywords.in +import rego.v1 # METADATA # title: Reject rule diff --git a/acceptance/examples/rules_with_dependencies.rego b/acceptance/examples/rules_with_dependencies.rego index a6daedfc8..6f95f3981 100644 --- a/acceptance/examples/rules_with_dependencies.rego +++ b/acceptance/examples/rules_with_dependencies.rego @@ -1,7 +1,6 @@ package pkg -import future.keywords.contains -import future.keywords.if +import rego.v1 # METADATA # custom: diff --git a/acceptance/examples/trace_debug.rego b/acceptance/examples/trace_debug.rego index 867b00c69..beeacce03 100644 --- a/acceptance/examples/trace_debug.rego +++ b/acceptance/examples/trace_debug.rego @@ -1,7 +1,6 @@ package main -import future.keywords.contains -import future.keywords.if +import rego.v1 # METADATA # title: Debug diff --git a/acceptance/examples/unsupported.rego b/acceptance/examples/unsupported.rego index e236a37b7..599095021 100644 --- a/acceptance/examples/unsupported.rego +++ b/acceptance/examples/unsupported.rego @@ -1,5 +1,7 @@ package unsupported -deny { +import rego.v1 + +deny if { true } diff --git a/acceptance/examples/warn.rego b/acceptance/examples/warn.rego index 5d15ce453..5c8ed2d0d 100644 --- a/acceptance/examples/warn.rego +++ b/acceptance/examples/warn.rego @@ -1,6 +1,8 @@ # Simplest always-warning policy package main -warn[result] { +import rego.v1 + +warn contains result if { result := "Has a warning" } diff --git a/acceptance/examples/with_annotations.rego b/acceptance/examples/with_annotations.rego index 9361202a4..3f3e4842d 100644 --- a/acceptance/examples/with_annotations.rego +++ b/acceptance/examples/with_annotations.rego @@ -1,11 +1,13 @@ package policy.release.kitty +import rego.v1 + # METADATA # title: Kittens # description: Fluffy # custom: # short_name: purr # -deny[result] { +deny contains result if { result := "Meow" } diff --git a/acceptance/go.mod b/acceptance/go.mod index b10e9de74..053a81bfc 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -85,7 +85,7 @@ require ( github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gkampitakis/ciinfo v0.3.0 // indirect github.com/gkampitakis/go-diff v1.3.2 // indirect @@ -120,7 +120,7 @@ require ( github.com/google/safetext v0.0.0-20240722112252-5a72de7e7962 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect @@ -162,6 +162,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect github.com/oklog/ulid v1.3.1 // indirect + github.com/open-policy-agent/opa v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect @@ -171,7 +172,7 @@ require ( github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect - github.com/prometheus/client_golang v1.20.2 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.58.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -215,27 +216,31 @@ require ( github.com/yusufpapurcu/wmi v1.2.4 // indirect go.mongodb.org/mongo-driver v1.16.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.32.0 // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.34.0 // indirect - golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.29.0 // indirect golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/time v0.8.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.196.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.67.0 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.69.2 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/acceptance/go.sum b/acceptance/go.sum index de7cf3ed0..f4e2d0d94 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -26,8 +26,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= @@ -109,8 +109,8 @@ github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXx github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E= github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= +github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -322,8 +322,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -524,8 +524,8 @@ github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWS github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b h1:wDUNC2eKiL35DbLvsDhiblTUXHxcOPwQSCzi7xpQUN4= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b/go.mod h1:VzxiSdG6j1pi7rwGm/xYI5RbtpBgM8sARDXlvEvxlu0= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -704,8 +704,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= -github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= -github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= +github.com/open-policy-agent/opa v1.0.0 h1:fZsEwxg1knpPvUn0YDJuJZBcbVg4G3zKpWa3+CnYK+I= +github.com/open-policy-agent/opa v1.0.0/go.mod h1:+JyoH12I0+zqyC1iX7a2tmoQlipwAEGvOhVJMhmy+rM= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -748,8 +748,8 @@ github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -969,26 +969,30 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0 h1:QY7/0NeRPKlzusf40ZE4t1VlMKbqSNT7cJRYzWuja0s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.27.0/go.mod h1:HVkSiDhTM9BoUJU8qE6j2eSWLLXvi1USXjyd2BXT8PY= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.step.sm/crypto v0.51.2 h1:5EiCGIMg7IvQTGmJrwRosbXeprtT80OhoS/PJarg60o= go.step.sm/crypto v0.51.2/go.mod h1:QK7czLjN2k+uqVp5CHXxJbhc70kVRSP+0CQF3zsR5M0= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1091,8 +1095,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1179,8 +1183,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1291,10 +1295,10 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1308,8 +1312,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1324,8 +1328,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/cmd/inspect/inspect_policy.go b/cmd/inspect/inspect_policy.go index 70b53bb2c..fbaccf3f3 100644 --- a/cmd/inspect/inspect_policy.go +++ b/cmd/inspect/inspect_policy.go @@ -23,7 +23,7 @@ import ( "strings" hd "github.com/MakeNowJust/heredoc" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "golang.org/x/exp/slices" diff --git a/docs/modules/ROOT/pages/ec_opa_bench.adoc b/docs/modules/ROOT/pages/ec_opa_bench.adoc index 041ce8f6f..2f9448b74 100644 --- a/docs/modules/ROOT/pages/ec_opa_bench.adoc +++ b/docs/modules/ROOT/pages/ec_opa_bench.adoc @@ -48,7 +48,7 @@ ec opa bench [flags] -I, --stdin-input:: read input document from stdin (Default: false) -t, --target:: set the runtime to exercise (Default: rego) -u, --unknowns:: set paths to treat as unknown during partial evaluation (Default: [input]) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_build.adoc b/docs/modules/ROOT/pages/ec_opa_build.adoc index 71badcb8f..5ee933e32 100644 --- a/docs/modules/ROOT/pages/ec_opa_build.adoc +++ b/docs/modules/ROOT/pages/ec_opa_build.adoc @@ -184,10 +184,11 @@ ec opa build [ [...]] [flags] --signing-key:: set the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA) --signing-plugin:: name of the plugin to use for signing/verification (see https://www.openpolicyagent.org/docs/latest/management-bundles/#signature-plugin -t, --target:: set the output bundle target type (Default: rego) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) --verification-key:: set the secret (HMAC) or path of the PEM file containing the public key (RSA and ECDSA) --verification-key-id:: name assigned to the verification key used for bundle verification (Default: default) +--wasm-include-print:: enable print statements inside of WebAssembly modules compiled by the compiler (Default: false) == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_capabilities.adoc b/docs/modules/ROOT/pages/ec_opa_capabilities.adoc index 2f9fcc8ff..6a4f5e8d7 100644 --- a/docs/modules/ROOT/pages/ec_opa_capabilities.adoc +++ b/docs/modules/ROOT/pages/ec_opa_capabilities.adoc @@ -54,8 +54,9 @@ ec opa capabilities [flags] == Options --current:: print current capabilities (Default: false) ---file:: print current capabilities +--file:: print capabilities defined by a file -h, --help:: help for capabilities (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --version:: print capabilities of a specific version == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_check.adoc b/docs/modules/ROOT/pages/ec_opa_check.adoc index db688ea07..0065cec46 100644 --- a/docs/modules/ROOT/pages/ec_opa_check.adoc +++ b/docs/modules/ROOT/pages/ec_opa_check.adoc @@ -21,10 +21,11 @@ ec opa check [path [...]] [flags] -h, --help:: help for check (Default: false) --ignore:: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) (Default: []) -m, --max-errors:: set the number of errors to allow before compilation fails early (Default: 10) ---rego-v1:: check for Rego v1 compatibility (policies must also be compatible with current OPA version) (Default: false) +--rego-v1:: check for Rego v0 and v1 compatibility (policies must be compatible with both Rego versions) (Default: false) -s, --schema:: set schema file path or directory path -S, --strict:: enable compiler strict mode (Default: false) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) +--v0-v1:: check for Rego v0 and v1 compatibility (policies must be compatible with both Rego versions) (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_deps.adoc b/docs/modules/ROOT/pages/ec_opa_deps.adoc index 2bfb99827..69a22147f 100644 --- a/docs/modules/ROOT/pages/ec_opa_deps.adoc +++ b/docs/modules/ROOT/pages/ec_opa_deps.adoc @@ -15,8 +15,6 @@ Given a policy like this: package policy - import rego.v1 - allow if is_admin is_admin if "admin" in input.user.roles diff --git a/docs/modules/ROOT/pages/ec_opa_eval.adoc b/docs/modules/ROOT/pages/ec_opa_eval.adoc index 567b46fc5..39039244a 100644 --- a/docs/modules/ROOT/pages/ec_opa_eval.adoc +++ b/docs/modules/ROOT/pages/ec_opa_eval.adoc @@ -150,7 +150,7 @@ ec opa eval [flags] -t, --target:: set the runtime to exercise (Default: rego) --timeout:: set eval timeout (default unlimited) (Default: 0s) -u, --unknowns:: set paths to treat as unknown during partial evaluation (Default: [input]) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) --var-values:: show local variable values in pretty trace output (Default: false) diff --git a/docs/modules/ROOT/pages/ec_opa_exec.adoc b/docs/modules/ROOT/pages/ec_opa_exec.adoc index 856c46181..fcb1c863c 100644 --- a/docs/modules/ROOT/pages/ec_opa_exec.adoc +++ b/docs/modules/ROOT/pages/ec_opa_exec.adoc @@ -49,7 +49,7 @@ ec opa exec [ [...]] [flags] --set-file:: override config values with files on the command line (use commas to specify multiple values) (Default: []) -I, --stdin-input:: read input document from stdin rather than a static file (Default: false) --timeout:: set exec timeout with a Go-style duration, such as '5m 30s'. (default unlimited) (Default: 0s) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_fmt.adoc b/docs/modules/ROOT/pages/ec_opa_fmt.adoc index a7d2be02e..606834ab8 100644 --- a/docs/modules/ROOT/pages/ec_opa_fmt.adoc +++ b/docs/modules/ROOT/pages/ec_opa_fmt.adoc @@ -11,7 +11,7 @@ is provided - this tool will use stdin. The format of the output is not defined specifically; whatever this tool outputs is considered correct format (with the exception of bugs). -If the '-w' option is supplied, the 'fmt' command with overwrite the source file +If the '-w' option is supplied, the 'fmt' command will overwrite the source file instead of printing to stdout. If the '-d' option is supplied, the 'fmt' command will output a diff between the @@ -23,6 +23,25 @@ to stdout from the 'fmt' command. If the '--fail' option is supplied, the 'fmt' command will return a non zero exit code if a file would be reformatted. + +The 'fmt' command can be run in several compatibility modes for consuming and outputting +different Rego versions: + +* 'opa fmt': + * v1 Rego is formatted to v1 + * 'rego.v1'/'future.keywords' imports are NOT removed + * 'rego.v1'/'future.keywords' imports are NOT added if missing + * v0 rego is rejected +* 'opa fmt --v0-compatible': + * v0 Rego is formatted to v0 + * v1 Rego is rejected +* 'opa fmt --v0-v1': + * v0 Rego is formatted to be compatible with v0 AND v1 + * v1 Rego is rejected +* 'opa fmt --v0-v1 --v1-compatible': + * v1 Rego is formatted to be compatible with v0 AND v1 + * v0 Rego is rejected + [source,shell] ---- ec opa fmt [path [...]] [flags] @@ -31,11 +50,13 @@ ec opa fmt [path [...]] [flags] --check-result:: assert that the formatted code is valid and can be successfully parsed (default true) (Default: true) -d, --diff:: only display a diff of the changes (Default: false) +--drop-v0-imports:: drop v0 imports from the formatted code, such as 'rego.v1' and 'future.keywords' (Default: false) --fail:: non zero exit code on reformat (Default: false) -h, --help:: help for fmt (Default: false) -l, --list:: list all files who would change when formatted (Default: false) ---rego-v1:: format module(s) to be compatible with both Rego v1 and current OPA version) (Default: false) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--rego-v1:: format module(s) to be compatible with both Rego v0 and v1 (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) +--v0-v1:: format module(s) to be compatible with both Rego v0 and v1 (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) -w, --write:: overwrite the original source file (Default: false) diff --git a/docs/modules/ROOT/pages/ec_opa_inspect.adoc b/docs/modules/ROOT/pages/ec_opa_inspect.adoc index 1b8d330a8..8c4c77a54 100644 --- a/docs/modules/ROOT/pages/ec_opa_inspect.adoc +++ b/docs/modules/ROOT/pages/ec_opa_inspect.adoc @@ -37,6 +37,7 @@ ec opa inspect [ [...]] [flags] -a, --annotations:: list annotations (Default: false) -f, --format:: set output format (Default: pretty) -h, --help:: help for inspect (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) == Options inherited from parent commands diff --git a/docs/modules/ROOT/pages/ec_opa_run.adoc b/docs/modules/ROOT/pages/ec_opa_run.adoc index 1a02c1909..c38fcc1f5 100644 --- a/docs/modules/ROOT/pages/ec_opa_run.adoc +++ b/docs/modules/ROOT/pages/ec_opa_run.adoc @@ -135,7 +135,7 @@ ec opa run [flags] ---- == Options --a, --addr:: set listening address of the server (e.g., [ip]: for TCP, unix:// for UNIX domain socket) (Default: [:8181]) +-a, --addr:: set listening address of the server (e.g., [ip]: for TCP, unix:// for UNIX domain socket) (Default: [localhost:8181]) --authentication:: set authentication scheme (Default: off) --authorization:: set authorization scheme (Default: off) -b, --bundle:: load paths as bundle files or root directories (Default: false) @@ -172,7 +172,7 @@ ec opa run [flags] --tls-cipher-suites:: set list of enabled TLS 1.0–1.2 cipher suites (IANA) (Default: []) --tls-private-key-file:: set path of TLS private key file --unix-socket-perm:: specify the permissions for the Unix domain socket if used to listen for incoming connections (Default: 755) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) --verification-key:: set the secret (HMAC) or path of the PEM file containing the public key (RSA and ECDSA) --verification-key-id:: name assigned to the verification key used for bundle verification (Default: default) diff --git a/docs/modules/ROOT/pages/ec_opa_test.adoc b/docs/modules/ROOT/pages/ec_opa_test.adoc index 002bd734f..b1a16618a 100644 --- a/docs/modules/ROOT/pages/ec_opa_test.adoc +++ b/docs/modules/ROOT/pages/ec_opa_test.adoc @@ -21,8 +21,6 @@ Example policy (example/authz.rego): package authz - import rego.v1 - allow if { input.path == ["users"] input.method == "POST" @@ -37,8 +35,6 @@ Example test (example/authz_test.rego): package authz_test - import rego.v1 - import data.authz.allow test_post_allowed if { @@ -100,7 +96,7 @@ ec opa test [path [...]] [flags] -t, --target:: set the runtime to exercise (Default: rego) --threshold:: set coverage threshold and exit with non-zero status if coverage is less than threshold % (Default: 0) --timeout:: set test timeout (default 5s, 30s when benchmarking) (Default: 0s) ---v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible (Default: false) +--v0-compatible:: opt-in to OPA features and behaviors prior to the OPA v1.0 release (Default: false) --v1-compatible:: opt-in to OPA features and behaviors that are enabled by default in OPA v1.0 (Default: false) --var-values:: show local variable values in test output (Default: false) -v, --verbose:: set verbose reporting mode (Default: false) diff --git a/docs/policy/release/attestation.rego b/docs/policy/release/attestation.rego index 10533cb75..ac5303083 100644 --- a/docs/policy/release/attestation.rego +++ b/docs/policy/release/attestation.rego @@ -23,7 +23,7 @@ package policy.release.builtin.attestation # collections: # - builtin # -deny { +deny if { false # Here just to provide documentation } @@ -40,6 +40,6 @@ deny { # collections: # - builtin # -deny { +deny if { false # Here just to provide documentation } diff --git a/docs/policy/release/image.rego b/docs/policy/release/image.rego index b5a8671fa..626fef33d 100644 --- a/docs/policy/release/image.rego +++ b/docs/policy/release/image.rego @@ -23,6 +23,6 @@ package policy.release.builtin.image # collections: # - builtin # -deny { +deny if { false # Here just to provide documentation } diff --git a/features/__snapshots__/inspect_policy.snap b/features/__snapshots__/inspect_policy.snap index 7afd95553..ded89f859 100755 --- a/features/__snapshots__/inspect_policy.snap +++ b/features/__snapshots__/inspect_policy.snap @@ -22,7 +22,7 @@ Error: Merge error. The 'rule_data' key was found more than once! }, "location": { "file": "main.rego", - "row": 9, + "row": 11, "col": 1 }, "path": [ diff --git a/go.mod b/go.mod index 136f01c8c..5eef723e9 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/mattn/go-isatty v0.0.20 github.com/mitchellh/go-wordwrap v1.0.1 github.com/open-policy-agent/conftest v0.55.0 - github.com/open-policy-agent/opa v0.70.0 + github.com/open-policy-agent/opa v1.0.0 github.com/package-url/packageurl-go v0.1.3 github.com/qri-io/jsonpointer v0.1.1 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 @@ -57,7 +57,7 @@ require ( cloud.google.com/go v0.115.1 // indirect cloud.google.com/go/auth v0.9.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.0 // indirect cloud.google.com/go/storage v1.43.0 // indirect contrib.go.opencensus.io/exporter/ocagent v0.7.1-0.20200907061046-05415f1de66d // indirect @@ -134,8 +134,8 @@ require ( github.com/cloudflare/circl v1.4.0 // indirect github.com/cockroachdb/apd/v3 v3.2.1 // indirect github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect - github.com/containerd/containerd v1.7.23 // indirect - github.com/containerd/errdefs v0.3.0 // indirect + github.com/containerd/containerd v1.7.24 // indirect + github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect @@ -159,7 +159,7 @@ require ( github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gkampitakis/ciinfo v0.3.0 // indirect github.com/gkampitakis/go-diff v1.3.2 // indirect @@ -203,7 +203,7 @@ require ( github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/mux v1.8.1 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -304,34 +304,35 @@ require ( github.com/zclconf/go-cty v1.15.0 // indirect go.mongodb.org/mongo-driver v1.16.1 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/sdk v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect - go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/sdk v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect + go.opentelemetry.io/proto/otlp v1.4.0 // indirect go.step.sm/crypto v0.51.2 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.32.0 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/oauth2 v0.23.0 // indirect + golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sys v0.29.0 // indirect golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.7.0 // indirect + golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.196.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.67.1 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.69.2 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 0e496b2ab..415f1c606 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= @@ -466,12 +466,12 @@ github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= -github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= +github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA= +github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= -github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4= -github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= +github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= +github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= @@ -577,8 +577,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -815,8 +815,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c9 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99/go.mod h1:3bDW6wMZJB7tiONtC/1Xpicra6Wp5GgbTbQWCbI5fkc= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 h1:TmHmbvxPmaegwhDubVz0lICL0J5Ka2vwTzhoePEXsGE= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0/go.mod h1:qztMSjm835F2bXf+5HKAPIS5qsmQDqZna/PgVt4rWtI= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b h1:wDUNC2eKiL35DbLvsDhiblTUXHxcOPwQSCzi7xpQUN4= github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b/go.mod h1:VzxiSdG6j1pi7rwGm/xYI5RbtpBgM8sARDXlvEvxlu0= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= @@ -1048,8 +1048,8 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/open-policy-agent/conftest v0.55.0 h1:M6QXrrfQjmyFRsy11Q2ucFGNbbelhyaX0vtNcfcYS3I= github.com/open-policy-agent/conftest v0.55.0/go.mod h1:qL8de2Sr5QsDG0HVM3iZiHS2Qea3bLzut6OsYyiRyEY= -github.com/open-policy-agent/opa v0.70.0 h1:B3cqCN2iQAyKxK6+GI+N40uqkin+wzIrM7YA60t9x1U= -github.com/open-policy-agent/opa v0.70.0/go.mod h1:Y/nm5NY0BX0BqjBriKUiV81sCl8XOjjvqQG7dXrggtI= +github.com/open-policy-agent/opa v1.0.0 h1:fZsEwxg1knpPvUn0YDJuJZBcbVg4G3zKpWa3+CnYK+I= +github.com/open-policy-agent/opa v1.0.0/go.mod h1:+JyoH12I0+zqyC1iX7a2tmoQlipwAEGvOhVJMhmy+rM= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1371,25 +1371,29 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 h1:dIIDULZJpgdiHz5tXrTgKIMLkus6jEFa7x5SOKcyR7E= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0/go.mod h1:jlRVBe7+Z1wyxFSUs48L6OBQZ5JwH2Hg/Vbl+t9rAgI= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0 h1:nSiV3s7wiCam610XcLbYOmMfJxB9gO4uK3Xgv5gmTgg= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.29.0/go.mod h1:hKn/e/Nmd19/x1gvIHwtOwVWM+VhuITSWip3JUDghj0= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM= +go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= -go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg= +go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY= go.step.sm/crypto v0.51.2 h1:5EiCGIMg7IvQTGmJrwRosbXeprtT80OhoS/PJarg60o= go.step.sm/crypto v0.51.2/go.mod h1:QK7czLjN2k+uqVp5CHXxJbhc70kVRSP+0CQF3zsR5M0= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1560,8 +1564,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1706,8 +1710,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1945,10 +1949,10 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1984,8 +1988,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2002,8 +2006,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/documentation/asciidoc/rego/rego.go b/internal/documentation/asciidoc/rego/rego.go index 1b862c484..37544868c 100644 --- a/internal/documentation/asciidoc/rego/rego.go +++ b/internal/documentation/asciidoc/rego/rego.go @@ -25,7 +25,7 @@ import ( "strings" "text/template" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" _ "github.com/enterprise-contract/ec-cli/internal/rego" ) diff --git a/internal/evaluator/__testdir__/simple/a.rego b/internal/evaluator/__testdir__/simple/a.rego index 636773e32..92e5345d9 100644 --- a/internal/evaluator/__testdir__/simple/a.rego +++ b/internal/evaluator/__testdir__/simple/a.rego @@ -1,12 +1,16 @@ # A set of policies package a +# This is still parsed with conftest which is still on opa 0.x +# hence we need it still +import rego.v1 + # METADATA # title: Failure # description: Failure description. # custom: # short_name: failure -deny[result] { +deny contains result if { result := { "code": "a.failure", "msg": "Failure!", @@ -17,7 +21,7 @@ deny[result] { # description: Warning description. # custom: # short_name: warning -warn[result] { +warn contains result if { result := { "code": "a.warning", "msg": "Warning!", @@ -28,7 +32,7 @@ warn[result] { # description: Success description. # custom: # short_name: success -deny[result] { +deny contains result if { false result := "Success!" } diff --git a/internal/evaluator/__testdir__/simple/b.rego b/internal/evaluator/__testdir__/simple/b.rego index ab87656da..552f3490e 100644 --- a/internal/evaluator/__testdir__/simple/b.rego +++ b/internal/evaluator/__testdir__/simple/b.rego @@ -1,10 +1,14 @@ # B set of policies package b +# This is still parsed with conftest which is still on opa 0.x +# hence we need it still +import rego.v1 + # METADATA # custom: # short_name: failure -deny[result] { +deny contains result if { result := { "code": "b.failure", "msg": "Failure!", @@ -13,7 +17,7 @@ deny[result] { # METADATA # custom: # short_name: warning -warn[result] { +warn contains result if { result := { "code": "b.warning", "msg": "Warning!", @@ -22,7 +26,7 @@ warn[result] { # METADATA # custom: # short_name: success -deny[result] { +deny contains result if { false result := "Success!" } diff --git a/internal/evaluator/__testdir__/unconforming/no_msg.rego b/internal/evaluator/__testdir__/unconforming/no_msg.rego index 154660d96..df381d404 100644 --- a/internal/evaluator/__testdir__/unconforming/no_msg.rego +++ b/internal/evaluator/__testdir__/unconforming/no_msg.rego @@ -1,5 +1,5 @@ package no_msg -deny { +deny if { true } diff --git a/internal/evaluator/conftest_evaluator.go b/internal/evaluator/conftest_evaluator.go index 6b5c26ef8..c6bcfa9ad 100644 --- a/internal/evaluator/conftest_evaluator.go +++ b/internal/evaluator/conftest_evaluator.go @@ -32,8 +32,8 @@ import ( "github.com/open-policy-agent/conftest/output" conftest "github.com/open-policy-agent/conftest/policy" "github.com/open-policy-agent/conftest/runner" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/storage" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/storage" log "github.com/sirupsen/logrus" "github.com/spf13/afero" "k8s.io/apimachinery/pkg/util/sets" diff --git a/internal/evaluator/conftest_evaluator_test.go b/internal/evaluator/conftest_evaluator_test.go index 6202d92b7..1c8f4f1bf 100644 --- a/internal/evaluator/conftest_evaluator_test.go +++ b/internal/evaluator/conftest_evaluator_test.go @@ -37,7 +37,7 @@ import ( "github.com/MakeNowJust/heredoc" ecc "github.com/enterprise-contract/enterprise-contract-controller/api/v1alpha1" "github.com/gkampitakis/go-snaps/snaps" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -321,7 +321,7 @@ func setupTestContext(r *mockTestRunner, dl *mockDownloader) context.Context { # METADATA # title: Reject rule # description: This rule will always fail - deny[result] { + deny contains result if { result := "Fails always" }`)), 0644); err != nil { panic(err) @@ -1375,7 +1375,7 @@ func TestCollectAnnotationData(t *testing.T) { # collections: [A, B, C] # effective_on: 2022-01-01T00:00:00Z # depends_on: a.b.c - deny[msg] { + deny contains msg if { msg := "hi" }`), ast.ParserOptions{ ProcessAnnotation: true, @@ -1889,7 +1889,7 @@ func TestUnconformingRule(t *testing.T) { require.NoError(t, err) _, _, err = evaluator.Evaluate(ctx, EvaluationTarget{Inputs: []string{path.Join(dir, "inputs")}}) - assert.EqualError(t, err, `the rule "deny = true { true }" returns an unsupported value, at no_msg.rego:3`) + assert.EqualError(t, err, `the rule "deny = true if { true }" returns an unsupported value, at no_msg.rego:3`) } func TestNewConftestEvaluatorComputeIncludeExclude(t *testing.T) { diff --git a/internal/opa/inspect.go b/internal/opa/inspect.go index cc8362f7b..11680bfbe 100644 --- a/internal/opa/inspect.go +++ b/internal/opa/inspect.go @@ -25,8 +25,8 @@ import ( "regexp" "strings" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/ast/json" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/ast/json" log "github.com/sirupsen/logrus" "github.com/spf13/afero" ) diff --git a/internal/opa/inspect_test.go b/internal/opa/inspect_test.go index f572a4577..67464c60f 100644 --- a/internal/opa/inspect_test.go +++ b/internal/opa/inspect_test.go @@ -48,7 +48,7 @@ func Test_InspectMultiple(t *testing.T) { # METADATA # title: Enough spam - deny { + deny if { input.spam_count > 42 } `)}, @@ -174,14 +174,14 @@ func TestCheckRules(t *testing.T) { { name: "no message", rego: `package test - deny { true }`, + deny if { true }`, err: `the rule "deny = true { true }" returns an unsupported value, at rules.rego:2`, }, { // we can't check for this, we don't know the type of `x` name: "var assignement", rego: `package test - deny[x] { x := true }`, + deny contains x if { x := true }`, }, { // we can't check for this, we don't know if `o` is an empty object @@ -194,13 +194,13 @@ func TestCheckRules(t *testing.T) { { name: "not string", rego: `package test - deny { 2 }`, + deny if { 2 }`, err: `the rule "deny = true { 2 }" returns an unsupported value, at rules.rego:2`, }, { name: "string", rego: `package test - deny[msg] { msg := "str" }`, + deny contains msg if { msg := "str" }`, }, { name: "object", @@ -210,7 +210,7 @@ func TestCheckRules(t *testing.T) { { name: "function", rego: `package test - deny[fn()]{ + deny contains fn() if { true } fn := {"key": "val"}`, @@ -218,7 +218,7 @@ func TestCheckRules(t *testing.T) { { name: "assign", rego: `package test - deny := "value" { + deny := "value" if { true }`, }, diff --git a/internal/opa/output.go b/internal/opa/output.go index 708d650b6..0bf0e3cee 100644 --- a/internal/opa/output.go +++ b/internal/opa/output.go @@ -22,7 +22,7 @@ import ( "io" "strings" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "golang.org/x/exp/slices" "github.com/enterprise-contract/ec-cli/internal/opa/rule" diff --git a/internal/opa/output_test.go b/internal/opa/output_test.go index 5d0ecd60b..e4713d6fd 100644 --- a/internal/opa/output_test.go +++ b/internal/opa/output_test.go @@ -24,7 +24,7 @@ import ( "testing" hd "github.com/MakeNowJust/heredoc" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "github.com/stretchr/testify/assert" ) diff --git a/internal/opa/rule/rule.go b/internal/opa/rule/rule.go index 5b17b7fda..185cc4cf4 100644 --- a/internal/opa/rule/rule.go +++ b/internal/opa/rule/rule.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" ) func title(a *ast.AnnotationsRef) string { diff --git a/internal/opa/rule/rule_test.go b/internal/opa/rule/rule_test.go index 41e4c7e88..8c9d18f42 100644 --- a/internal/opa/rule/rule_test.go +++ b/internal/opa/rule/rule_test.go @@ -23,7 +23,7 @@ import ( "testing" "github.com/MakeNowJust/heredoc" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "github.com/stretchr/testify/assert" ) @@ -55,7 +55,7 @@ func TestTitle(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -65,7 +65,7 @@ func TestTitle(t *testing.T) { # METADATA # custom: # hmm: 14 - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -74,7 +74,7 @@ func TestTitle(t *testing.T) { package a # METADATA # title: title - deny() { true }`)), + deny if { true }`)), expected: "title", }, } @@ -101,7 +101,7 @@ func TestDescription(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -111,7 +111,7 @@ func TestDescription(t *testing.T) { # METADATA # custom: # hmm: 14 - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -120,7 +120,7 @@ func TestDescription(t *testing.T) { package a # METADATA # description: description - deny() { true }`)), + deny if { true }`)), expected: "description", }, { @@ -131,7 +131,7 @@ func TestDescription(t *testing.T) { # description: >- # See xref:release_policy.adoc#attestation_task_bundle_package[here] and # xref:attachment$trusted_tekton_tasks.yml[over there] for details. - deny() { true }`)), + deny if { true }`)), expected: "See here and over there for details.", }, } @@ -160,7 +160,7 @@ func TestKind(t *testing.T) { package a # METADATA # title: test - helper() { true }`)), + helper if { true }`)), expected: Other, }, { @@ -169,7 +169,7 @@ func TestKind(t *testing.T) { package a # METADATA # title: test - deny() { true }`)), + deny if { true }`)), expected: Deny, }, { @@ -178,7 +178,7 @@ func TestKind(t *testing.T) { package a # METADATA # title: test - warn() { true }`)), + warn if { true }`)), expected: Warn, }, } @@ -205,7 +205,7 @@ func TestShortName(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -214,7 +214,7 @@ func TestShortName(t *testing.T) { package a # METADATA # title: title - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -224,7 +224,7 @@ func TestShortName(t *testing.T) { # METADATA # custom: # hmm: 14 - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -234,7 +234,7 @@ func TestShortName(t *testing.T) { # METADATA # custom: # short_name: here - deny() { true }`)), + deny if { true }`)), expected: "here", }, } @@ -261,7 +261,7 @@ func TestEffectiveOn(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { false }`)), + deny if { false }`)), expected: "", }, { @@ -270,7 +270,7 @@ func TestEffectiveOn(t *testing.T) { package a # METADATA # title: title - deny() { false }`)), + deny if { false }`)), expected: "", }, { @@ -280,7 +280,7 @@ func TestEffectiveOn(t *testing.T) { # METADATA # custom: # hmm: 14 - deny() { false }`)), + deny if { false }`)), expected: "", }, { @@ -290,7 +290,7 @@ func TestEffectiveOn(t *testing.T) { # METADATA # custom: # effective_on: 2022-01-01T00:00:00Z - deny() { true }`)), + deny if { true }`)), expected: "2022-01-01T00:00:00Z", }, { @@ -300,7 +300,7 @@ func TestEffectiveOn(t *testing.T) { # METADATA # custom: # effective_on: '2022-01-01T00:00:00Z' - deny() { true }`)), + deny if { true }`)), expected: "2022-01-01T00:00:00Z", }, } @@ -327,7 +327,7 @@ func TestSolution(t *testing.T) { # METADATA # custom: # solution: Chunky bacon - deny() { true }`)), + deny if { true }`)), expected: "Chunky bacon", }, { @@ -339,7 +339,7 @@ func TestSolution(t *testing.T) { # solution: >- # See xref:release_policy.adoc#attestation_task_bundle_package[here] and # xref:attachment$trusted_tekton_tasks.yml[over there] for details. - deny() { true }`)), + deny if { true }`)), expected: "See here and over there for details.", }, } @@ -366,7 +366,7 @@ func TestCollections(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: []string{}, }, { @@ -375,7 +375,7 @@ func TestCollections(t *testing.T) { package a # METADATA # title: title - deny() { true }`)), + deny if { true }`)), expected: []string{}, }, { @@ -385,7 +385,7 @@ func TestCollections(t *testing.T) { # METADATA # custom: # hmm: 14 - deny() { true }`)), + deny if { true }`)), expected: []string{}, }, { @@ -396,7 +396,7 @@ func TestCollections(t *testing.T) { # custom: # collections: # - A - deny() { true }`)), + deny if { true }`)), expected: []string{"A"}, }, { @@ -409,7 +409,7 @@ func TestCollections(t *testing.T) { # - A # - B # - C - deny() { true }`)), + deny if { true }`)), expected: []string{"A", "B", "C"}, }, } @@ -436,7 +436,7 @@ func TestCode(t *testing.T) { name: "no annotations", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -446,14 +446,14 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.x", }, { name: "nested packages no annotations", annotation: annotationRef(heredoc.Doc(` package a.b.c - deny() { true }`)), + deny if { true }`)), expected: "", }, { @@ -463,7 +463,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -473,7 +473,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -483,7 +483,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "data.a.b.c.x", }, { @@ -493,7 +493,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.data.b.c.x", }, { @@ -503,7 +503,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.policy.b.c.x", }, { @@ -513,7 +513,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -523,7 +523,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -533,7 +533,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -543,7 +543,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "a.b.c.x", }, { @@ -553,7 +553,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "something.a.b.c.x", }, { @@ -563,7 +563,7 @@ func TestCode(t *testing.T) { # METADATA # custom: # short_name: x - deny() { true }`)), + deny if { true }`)), expected: "x", }, } @@ -590,7 +590,7 @@ func TestDependsOn(t *testing.T) { name: "no depends_on annotation", annotation: annotationRef(heredoc.Doc(` package a - deny() { true }`)), + deny if { true }`)), expected: []string{}, }, { @@ -600,7 +600,7 @@ func TestDependsOn(t *testing.T) { # METADATA # custom: # depends_on: a.b.c - deny() { true }`)), + deny if { true }`)), expected: []string{"a.b.c"}, }, { @@ -613,7 +613,7 @@ func TestDependsOn(t *testing.T) { # - a.b.c # - d.e.f # - g.h.i - deny() { true }`)), + deny if { true }`)), expected: []string{"a.b.c", "d.e.f", "g.h.i"}, }, } diff --git a/internal/rego/oci/oci.go b/internal/rego/oci/oci.go index 76e7eebc9..ccfa205e5 100644 --- a/internal/rego/oci/oci.go +++ b/internal/rego/oci/oci.go @@ -30,10 +30,10 @@ import ( "github.com/google/go-containerregistry/pkg/name" v1 "github.com/google/go-containerregistry/pkg/v1" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/topdown/builtins" - "github.com/open-policy-agent/opa/types" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" + "github.com/open-policy-agent/opa/v1/topdown/builtins" + "github.com/open-policy-agent/opa/v1/types" log "github.com/sirupsen/logrus" "github.com/enterprise-contract/ec-cli/internal/fetchers/oci/files" diff --git a/internal/rego/oci/oci_test.go b/internal/rego/oci/oci_test.go index b50fd692f..5924a9df4 100644 --- a/internal/rego/oci/oci_test.go +++ b/internal/rego/oci/oci_test.go @@ -29,8 +29,8 @@ import ( v1fake "github.com/google/go-containerregistry/pkg/v1/fake" "github.com/google/go-containerregistry/pkg/v1/static" "github.com/google/go-containerregistry/pkg/v1/types" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" diff --git a/internal/rego/purl/purl.go b/internal/rego/purl/purl.go index eec5b9843..bfc6913b1 100644 --- a/internal/rego/purl/purl.go +++ b/internal/rego/purl/purl.go @@ -21,9 +21,9 @@ package rego import ( - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/types" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" + "github.com/open-policy-agent/opa/v1/types" "github.com/package-url/packageurl-go" log "github.com/sirupsen/logrus" ) diff --git a/internal/rego/purl/purl_test.go b/internal/rego/purl/purl_test.go index 2e9b0e272..ffac15239 100644 --- a/internal/rego/purl/purl_test.go +++ b/internal/rego/purl/purl_test.go @@ -22,8 +22,8 @@ import ( "context" "testing" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" "github.com/stretchr/testify/require" ) diff --git a/internal/rego/sigstore/signature.go b/internal/rego/sigstore/signature.go index 91d0230d1..1524d91f8 100644 --- a/internal/rego/sigstore/signature.go +++ b/internal/rego/sigstore/signature.go @@ -17,8 +17,8 @@ package sigstore import ( - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/types" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/types" "github.com/enterprise-contract/ec-cli/internal/signature" ) diff --git a/internal/rego/sigstore/signature_test.go b/internal/rego/sigstore/signature_test.go index 984001d21..c8798c945 100644 --- a/internal/rego/sigstore/signature_test.go +++ b/internal/rego/sigstore/signature_test.go @@ -21,7 +21,7 @@ package sigstore import ( "testing" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "github.com/stretchr/testify/require" "github.com/enterprise-contract/ec-cli/internal/signature" diff --git a/internal/rego/sigstore/sigstore.go b/internal/rego/sigstore/sigstore.go index 2c059fe4c..dc3cec319 100644 --- a/internal/rego/sigstore/sigstore.go +++ b/internal/rego/sigstore/sigstore.go @@ -26,10 +26,10 @@ import ( "fmt" "github.com/google/go-containerregistry/pkg/name" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/topdown/builtins" - "github.com/open-policy-agent/opa/types" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" + "github.com/open-policy-agent/opa/v1/topdown/builtins" + "github.com/open-policy-agent/opa/v1/types" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/pkg/oci" diff --git a/internal/rego/sigstore/sigstore_test.go b/internal/rego/sigstore/sigstore_test.go index 08a7bdb8c..f9545aaab 100644 --- a/internal/rego/sigstore/sigstore_test.go +++ b/internal/rego/sigstore/sigstore_test.go @@ -27,8 +27,8 @@ import ( "github.com/google/go-containerregistry/pkg/name" "github.com/google/go-containerregistry/pkg/v1/types" - "github.com/open-policy-agent/opa/ast" - "github.com/open-policy-agent/opa/rego" + "github.com/open-policy-agent/opa/v1/ast" + "github.com/open-policy-agent/opa/v1/rego" "github.com/sigstore/cosign/v2/pkg/cosign" "github.com/sigstore/cosign/v2/pkg/oci" "github.com/sigstore/cosign/v2/pkg/oci/static" diff --git a/internal/test_data/policies/pipeline/basic.rego b/internal/test_data/policies/pipeline/basic.rego index 8c88bfdd8..edc0109e3 100644 --- a/internal/test_data/policies/pipeline/basic.rego +++ b/internal/test_data/policies/pipeline/basic.rego @@ -16,7 +16,7 @@ expected_kind := "Pipeline" # short_name: unexpected_kind # failure_msg: Unexpected kind '%s' # -deny[result] { +deny contains result if { expected_kind != input.kind result := lib.result_helper(rego.metadata.chain(), [input.kind]) }