Sourced fromgithub.com/open-policy-agent/opa's releases.

v0.41.0

This release contains a number of fixes and enhancements.

GraphQL Built-in Functions

A new set of built-in functions are now available to validate, parse and verify GraphQL query and schema! Following arethe new built-ins:

graphql.is_valid: Checks that a GraphQL query is valid against a given schemagraphql.parse: Returns AST objects for a given GraphQL query and schemagraphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schemagraphql.parse_query: Returns an AST object for a GraphQL querygraphql.parse_schema: Returns an AST object for a GraphQL schema

Built-in Function Metadata

Built-in function declarations now support additional metadata to specify name and description for function argumentsand return values. The metadata can be programmatically consumed by external tools such as IDE plugins. The built-infunction documentation is created using the new built-in function metadata.Check out the new look of theBuilt-In Referencepage!

Under the hood, a new file calledbuiltins_metadata.json is generated viamake generate which can be consumed byexternal tools.

Tooling, SDK, and Runtime

• OCI Downloader: Add logic to skip bundle reloading based on the digest of the OCI artifact (#4637) authored by@​carabasdaniel
• Bundles: Exclude empty manifest from bundle signature (#4712) authored by@​friedrichsenm reported by@​friedrichsenm

Rego and Topdown

• units.parse: New built-in for parsing standard metric decimal and binary SI units (e.g., K, Ki, M, Mi, G, Gi)
• format: Fixopa fmt location for non-key rules (#4695) (authored by@​jaspervdj)
• token: Ignore keys of unknown alg when verifying JWTs with JWKS (#4699) reported by@​lenalebt

Documentation

• Adding Built-in Functions: Add note aboutcapabilities.json while creating a new built-in function
• Policy Reference: Add example forrego.metadata.rule() built-in function
• Policy Reference: Fix grammar forimport keyword (#4689) authored by@​mmzeeman reported by@​mmzeeman
• Security: Fix command line flag name for file containing the TLS certificate (#4678) authored by@​pramodak reported by@​pramodak

Website + Ecosystem

• Update Kubernetes policy examples on the website to use latest kubernetes schema (apiVersion:admission.k8s.io/v1) (authored by@​vicmarbev)
• Ecosystem:
  • Add Sansshell (authored by@​sfc-gh-jchacon)
  • Add Nginx

... (truncated)

Sourced fromgithub.com/open-policy-agent/opa's changelog.

0.41.0

This release contains a number of fixes and enhancements.

GraphQL Built-in Functions

A new set of built-in functions are now available to validate, parse and verify GraphQL query and schema! Following arethe new built-ins:

graphql.is_valid: Checks that a GraphQL query is valid against a given schemagraphql.parse: Returns AST objects for a given GraphQL query and schemagraphql.parse_and_verify: Returns a boolean indicating success or failure alongside the parsed ASTs for a given GraphQL query and schemagraphql.parse_query: Returns an AST object for a GraphQL querygraphql.parse_schema: Returns an AST object for a GraphQL schema

Built-in Function Metadata

Built-in function declarations now support additional metadata to specify name and description for function argumentsand return values. The metadata can be programmatically consumed by external tools such as IDE plugins. The built-infunction documentation is created using the new built-in function metadata.Check out the new look of theBuilt-In Referencepage!

Under the hood, a new file calledbuiltins_metadata.json is generated viamake generate which can be consumed byexternal tools.

Tooling, SDK, and Runtime

• OCI Downloader: Add logic to skip bundle reloading based on the digest of the OCI artifact (#4637) authored by@​carabasdaniel
• Bundles: Exclude empty manifest from bundle signature (#4712) authored by@​friedrichsenm reported by@​friedrichsenm

Rego and Topdown

• units.parse: New built-in for parsing standard metric decimal and binary SI units (e.g., K, Ki, M, Mi, G, Gi)
• format: Fixopa fmt location for non-key rules (#4695) (authored by@​jaspervdj)
• token: Ignore keys of unknown alg when verifying JWTs with JWKS (#4699) reported by@​lenalebt

Documentation

• Adding Built-in Functions: Add note aboutcapabilities.json while creating a new built-in function
• Policy Reference: Add example forrego.metadata.rule() built-in function
• Policy Reference: Fix grammar forimport keyword (#4689) authored by@​mmzeeman reported by@​mmzeeman
• Security: Fix command line flag name for file containing the TLS certificate (#4678) authored by@​pramodak reported by@​pramodak

Website + Ecosystem

• Update Kubernetes policy examples on the website to use latest kubernetes schema (apiVersion:admission.k8s.io/v1) (authored by@​vicmarbev)
• Ecosystem:
  • Add Sansshell (authored by@​sfc-gh-jchacon)
  • Add Nginx

... (truncated)

• 0d6a109 Prepare v0.41.0 release
• 7bfc76c build(deps): bump github.com/vektah/gqlparser/v2 from 2.4.3 to 2.4.4 (#4729)
• e971a8f bundle: dont sign manifest when empty
• cb6a4c0 Ignore keys of unknown alg when verifying JWTs with JWKS (#4725)
• 1889f24 Update docs on ordering expressions
• e1b4bee build(deps): bump github.com/go-ini/ini from 1.66.4 to 1.66.6
• b05eba0 build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0
• 0502529 test: Fix too many files open error on MacOS (#4727)
• 35f4523 Add Infracost to ADOPTERS.md (#4716)
• 1fde1ad built-ins: Add new GraphQL builtins.
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)