From 6f8aa58c392d5ab7e3be156dc44e32883bf83f1f Mon Sep 17 00:00:00 2001 From: Ashutosh Narkar Date: Tue, 3 Dec 2024 18:06:56 -0800 Subject: [PATCH] mark v1-compatible as hidden Signed-off-by: Ashutosh Narkar --- cmd/flags.go | 3 ++- docs/content/cli.md | 55 +++++++++++++++++++++++++-------------------- 2 files changed, 33 insertions(+), 25 deletions(-) diff --git a/cmd/flags.go b/cmd/flags.go index c0e65b5219..50c93926fd 100644 --- a/cmd/flags.go +++ b/cmd/flags.go @@ -158,11 +158,12 @@ func addRegoV1FlagWithDescription(fs *pflag.FlagSet, regoV1 *bool, value bool, d } func addV0CompatibleFlag(fs *pflag.FlagSet, v1Compatible *bool, value bool) { - fs.BoolVar(v1Compatible, "v0-compatible", value, "opt-in to OPA features and behaviors prior to the OPA v1.0 release. Takes precedence over --v1-compatible") + fs.BoolVar(v1Compatible, "v0-compatible", value, "opt-in to OPA features and behaviors prior to the OPA v1.0 release") } func addV1CompatibleFlag(fs *pflag.FlagSet, v1Compatible *bool, value bool) { fs.BoolVar(v1Compatible, "v1-compatible", value, "opt-in to OPA features and behaviors that are enabled by default in OPA v1.0") + _ = fs.MarkHidden("v1-compatible") } func addReadAstValuesFromStoreFlag(fs *pflag.FlagSet, readAstValuesFromStore *bool, value bool) { diff --git a/docs/content/cli.md b/docs/content/cli.md index b01edae3cb..18bd3f9526 100755 --- a/docs/content/cli.md +++ b/docs/content/cli.md @@ -40,29 +40,30 @@ opa bench [flags] ### Options ``` - --benchmem report memory allocations with benchmark results (default true) - -b, --bundle string set bundle file(s) or directory path(s). This flag can be repeated. - -c, --config-file string set path of configuration file - --count int number of times to repeat each benchmark (default 1) - -d, --data string set policy or data file(s). This flag can be repeated. - --e2e run benchmarks against a running OPA server - --fail exits with non-zero exit code on undefined/empty result and errors (default true) - -f, --format {json,pretty,gobench} set output format (default pretty) - -h, --help help for bench - --ignore strings set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) - --import string set query import(s). This flag can be repeated. - -i, --input string set input file path - --metrics report query performance metrics (default true) - --package string set query package - -p, --partial perform partial evaluation - -s, --schema string set schema file path or directory path - --shutdown-grace-period int set the time (in seconds) that the server will wait to gracefully shut down. This flag is valid in 'e2e' mode only. (default 10) - --shutdown-wait-period int set the time (in seconds) that the server will wait before initiating shutdown. This flag is valid in 'e2e' mode only. - --stdin read query from stdin - -I, --stdin-input read input document from stdin - -t, --target {rego,wasm} set the runtime to exercise (default rego) - -u, --unknowns stringArray set paths to treat as unknown during partial evaluation (default [input]) - --v0-compatible opt-in to OPA features and behaviors prior to the OPA v1.0 release + --benchmem report memory allocations with benchmark results (default true) + -b, --bundle string set bundle file(s) or directory path(s). This flag can be repeated. + -c, --config-file string set path of configuration file + --count int number of times to repeat each benchmark (default 1) + -d, --data string set policy or data file(s). This flag can be repeated. + --e2e run benchmarks against a running OPA server + --fail exits with non-zero exit code on undefined/empty result and errors (default true) + -f, --format {json,pretty,gobench} set output format (default pretty) + -h, --help help for bench + --ignore strings set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) + --import string set query import(s). This flag can be repeated. + -i, --input string set input file path + --metrics report query performance metrics (default true) + --optimize-store-for-read-speed optimize default in-memory store for read speed. Has possible negative impact on memory footprint and write speed. See https://www.openpolicyagent.org/docs/latest/policy-performance/#storage-optimization for more details. + --package string set query package + -p, --partial perform partial evaluation + -s, --schema string set schema file path or directory path + --shutdown-grace-period int set the time (in seconds) that the server will wait to gracefully shut down. This flag is valid in 'e2e' mode only. (default 10) + --shutdown-wait-period int set the time (in seconds) that the server will wait before initiating shutdown. This flag is valid in 'e2e' mode only. + --stdin read query from stdin + -I, --stdin-input read input document from stdin + -t, --target {rego,wasm} set the runtime to exercise (default rego) + -u, --unknowns stringArray set paths to treat as unknown during partial evaluation (default [input]) + --v0-compatible opt-in to OPA features and behaviors prior to the OPA v1.0 release ``` ____ @@ -353,6 +354,7 @@ opa check [path [...]] [flags] -h, --help help for check --ignore strings set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) -m, --max-errors int set the number of errors to allow before compilation fails early (default 10) + --rego-v1 check for Rego v1 compatibility (policies must also be compatible with current OPA version) -s, --schema string set schema file path or directory path -S, --strict enable compiler strict mode --v0-compatible opt-in to OPA features and behaviors prior to the OPA v1.0 release @@ -631,6 +633,7 @@ opa exec [ [...]] [flags] --timeout duration set exec timeout with a Go-style duration, such as '5m 30s'. (default unlimited) --v0-compatible opt-in to OPA features and behaviors prior to the OPA v1.0 release ``` + ____ ## opa fmt @@ -861,6 +864,10 @@ OPA will automatically perform type checking based on a schema inferred from kno resulting from the schema check. Currently this check is performed on OPA's Authorization Policy Input document and will be expanded in the future. To disable this, use the --skip-known-schema-check flag. +The --v1-compatible flag can be used to opt-in to OPA features and behaviors that will be enabled by default in a future OPA v1.0 release. +Current behaviors enabled by this flag include: +- setting OPA's listening address to "localhost:8181" by default. + The --tls-cipher-suites flag can be used to specify the list of enabled TLS 1.0–1.2 cipher suites. Note that TLS 1.3 cipher suites are not configurable. Following are the supported TLS 1.0 - 1.2 cipher suites (IANA): TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, @@ -880,7 +887,7 @@ opa run [flags] ### Options ``` - -a, --addr strings set listening address of the server (e.g., [ip]: for TCP, unix:// for UNIX domain socket) (default [:8181]) + -a, --addr strings set listening address of the server (e.g., [ip]: for TCP, unix:// for UNIX domain socket) (default [localhost:8181]) --authentication {token,tls,off} set authentication scheme (default off) --authorization {basic,off} set authorization scheme (default off) -b, --bundle load paths as bundle files or root directories