Bump github.com/open-policy-agent/opa from 0.31.0 to 0.32.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.31.0 to 0.32.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.32.0

This release includes a number of improvements and fixes.

💾 Disk-based Storage (Experimental)

This release adds a disk-based storage implementation to OPA. The implementation can be found in github.com/open-policy-agent/storage/disk. There is also an example in the rego package that shows how policies can be evaluated with the disk-based store. The disk-based store is currently only available as a library (i.e., it is not integrated into the rest of OPA yet.) In the next few releases, we are planning to integrate the implementation into the OPA server and provide tooling to help leverage the disk-based store.

Built-in Functions

This release includes a few improvements to existing built-in functions:

• The http.send function now supports UNIX domain sockets (#3661) authored by @kirk-patton
• The units.parse_bytes function now supports E* and P* units (#2911)
• The io.jwt.encode_sign function uses the built-in context randomization source (which is helpful for replay purposes)

Server

This release includes multiple improvements for OPA server deployments in serverless environments:

• Plugins can now be triggered manually within OPA. This feature allows users extending and customizing OPA to control exactly when operations like bundle downloads and decision log uploads occur. The built-in plugins now include a trigger configuration that can be set to manual or periodic (which is the default). When manual triggering is enabled, the plugins WILL NOT perform any periodic/background operations. Instead, the plugins will only execute when the Trigger API is invoked.
• Plugins can now wait for server initialization. When runtime initialization is finished, plugins can be notified. This allows plugins to synchronize their behaviour with server startup. #3701 authored by @gshively11.
• The Health API now supports an exclude-plugin parameter to control which plugins are checked. #3713 authored by @gshively11.

Tooling

• The compiler no longer fetches remote schemas by default when used as as library. Capabilities have been updated to include an allow_net field to control whether network operations can be performed (#3746). This field is only used to control schema fetching today. In future versions of OPA, the allow_net parameter will be used to control other behaviour like http.send.
• The WebAssembly runtime not supported error message has been improved #3739.

Rego

• Added support for anyOf and allOf keywords in JSON schema support in the type checker (#3592) authored by @​jchen10500 and @​juliafriedman8.
• Added support for custom JSON result marshalling in the rego package.
• Added a new convenience function (Allowed() bool) to the rego.ResultSet API.
• Improved string-representation construction performance for arrays, sets, and objects.
• Improved the topdown evaluator to support ast.Value results from the store so that unnecessary conversions can be avoided.
• Improved the rego package to make the wasmtime-go dependency optional at build-time (#3545).
• Fixed a bug in the comprehension indexer whereby index keys were not constructed correctly leading to incorrect outputs (#3579).
• Fixed a stack overflow during partial evaluation due to incorrect term rewriting in the copy propagation implementation (#3071).
• Fixed a bug in partial evaluation when shallow inlinign is enabled that resulted in built-in functions being invoked instead of saved (#3681).

WebAssembly

• The internal Wasm SDK now supports the inter-query built-in cache.
• The pre-compiled runtime is now built with llvm 12.0.1 and the builder image includes clang-format.
• The internal Wasm SDK has been updated to use wasmtime-go v0.29.0.

Documentation

This release includes a number of documentation improvements:

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.32.0

This release includes a number of improvements and fixes.

💾 Disk-based Storage (Experimental)

This release adds a disk-based storage implementation to OPA. The implementation can be found in github.com/open-policy-agent/storage/disk. There is also an example in the rego package that shows how policies can be evaluated with the disk-based store. The disk-based store is currently only available as a library (i.e., it is not integrated into the rest of OPA yet.) In the next few releases, we are planning to integrate the implementation into the OPA server and provide tooling to help leverage the disk-based store.

Built-in Functions

This release includes a few improvements to existing built-in functions:

• The http.send function now supports UNIX domain sockets (#3661) authored by @kirk-patton
• The units.parse_bytes function now supports E* and P* units (#2911)
• The io.jwt.encode_sign function uses the built-in context randomization source (which is helpful for replay purposes)

Server

This release includes multiple improvements for OPA server deployments in serverless environments:

• Plugins can now be triggered manually within OPA. This feature allows users extending and customizing OPA to control exactly when operations like bundle downloads and decision log uploads occur. The built-in plugins now include a trigger configuration that can be set to manual or periodic (which is the default). When manual triggering is enabled, the plugins WILL NOT perform any periodic/background operations. Instead, the plugins will only execute when the Trigger API is invoked.
• Plugins can now wait for server initialization. When runtime initialization is finished, plugins can be notified. This allows plugins to synchronize their behaviour with server startup. #3701 authored by @gshively11.
• The Health API now supports an exclude-plugin parameter to control which plugins are checked. #3713 authored by @gshively11.

Tooling

• The compiler no longer fetches remote schemas by default when used as as library. Capabilities have been updated to include an allow_net field to control whether network operations can be performed (#3746). This field is only used to control schema fetching today. In future versions of OPA, the allow_net parameter will be used to control other behaviour like http.send.
• The WebAssembly runtime not supported error message has been improved #3739.

Rego

• Added support for anyOf and allOf keywords in JSON schema support in the type checker (#3592) authored by @​jchen10500 and @​juliafriedman8.
• Added support for custom JSON result marshalling in the rego package.
• Added a new convenience function (Allowed() bool) to the rego.ResultSet API.
• Improved string-representation construction performance for arrays, sets, and objects.
• Improved the topdown evaluator to support ast.Value results from the store so that unnecessary conversions can be avoided.
• Improved the rego package to make the wasmtime-go dependency optional at build-time (#3545).
• Fixed a bug in the comprehension indexer whereby index keys were not constructed correctly leading to incorrect outputs (#3579).
• Fixed a stack overflow during partial evaluation due to incorrect term rewriting in the copy propagation implementation (#3071).
• Fixed a bug in partial evaluation when shallow inlinign is enabled that resulted in built-in functions being invoked instead of saved (#3681).

WebAssembly

• The internal Wasm SDK now supports the inter-query built-in cache.
• The pre-compiled runtime is now built with llvm 12.0.1 and the builder image includes clang-format.
• The internal Wasm SDK has been updated to use wasmtime-go v0.29.0.

Documentation

This release includes a number of documentation improvements:

... (truncated)

Commits

• 7a4f6e3 Prepare v0.32.0 release
• 4a4185d ci: ensure we can build with different go versions
• e3fa74a tester: remove pre-1.16 fixtures
• df2c0b4 e2e/tls: fix flag handling, tighten error expectation
• 763252e test/cases: update x509 error string
• f2cb3dd build: bump go-version (1.17)
• a03c8a9 rego: Add persistent storage example
• 1eb0220 storage/disk: Add new disk-based storage implementation
• b704668 vendor: Add badger library
• 968220f wasm-sdk: use wasmtime.Linker for resolving imports, only have one wasmtime.E...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.