pkgsrc.se | The NetBSD package collection

./devel/opa, Open source, general-purpose policy engine

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.62.1nb1, Package name: opa-0.62.1nb1, Maintainer: leot

Open Policy Agent (OPA) is an open source, general-purpose policy
engine that enables unified, context-aware policy enforcement across
the cloud native stack.

Master sites:

https://github.com/open-policy-agent/ (Download)

Filesize: 107324.674 KB

Version history: (Expand)

(2024-04-05) Updated to version: opa-0.62.1nb1
(2024-03-24) Updated to version: opa-0.62.1
(2024-02-24) Updated to version: opa-0.61.0
(2024-02-07) Updated to version: opa-0.60.0nb2
(2024-01-10) Updated to version: opa-0.60.0nb1
(2023-12-31) Updated to version: opa-0.60.0

CVS history: (Expand)

2024-04-05 21:14:14 by Benny Siegert | Files touched by this commit (161) | Package updated

Log message:
Revbump all Go packages after go121 update

2024-03-24 19:34:00 by Leonardo Taccari | Files touched by this commit (3) | Package updated

Log message:
opa: Update to 0.62.1

Changes:
v0.62.1
-------
This is a security fix release for the fixes published in Go
1.22.1.

OPA servers using `--authentication=tls` would be affected: crafted
malicious client certificates could cause a panic in the server.

Also, crafted server certificates could panic OPA's HTTP clients, in
bundle plugin, status and decision logs; and `http.send` calls that
verify TLS.

This is CVE-2024-24783.

Note that there are other security fixes in this Golang release, but
whether or not OPA is affected is harder to assess. An update is
advised.

v0.62.0
-------
This release contains a mix of improvements and bugfixes.

2024-02-23 23:18:09 by Leonardo Taccari | Files touched by this commit (3)

Log message:
opa: Update to 0.16.0

Changes:
0.61.0
------
This release contains a mix of new features and bugfixes.

Runtime, SDK
------------
- Adding `--v1-compatible` flag to all previously unsupported command line
  commands
- Don't load files in tarball exceeding `size_limit_bytes`
- Allow TLS cipher suites to be set for the OPA server
- Removing deprecated fields and functions related to rego-v1 compatibility

Topdown
-------
- topdown: Clean expired `http.send` cache entries periodically

2024-02-07 15:51:04 by Benny Siegert | Files touched by this commit (156) | Package updated

Log message:
Revbump all Go packages after go121 update

2024-01-10 20:14:43 by Benny Siegert | Files touched by this commit (152) | Package updated

Log message:
Revbump all Go packages after go121 update

2023-12-31 19:50:41 by Leonardo Taccari | Files touched by this commit (3)

Log message:
opa: Update to 0.60.0

Changes:
v0.60.0
-------
### Runtime, Tooling, SDK
- OPA can be run in 1.0 compatibility mode by using the new
  `--v1-compatible` flag. When this mode is enabled, the current release
  of OPA will behave as OPA `v1.0` will eventually behave by default.
  This flag is currently supported on the `build`, `check`, `fmt`, `eval`
  and `test` commands
- Extend the telemetry report to include the minimum compatible version
  of policies loaded into OPA
- server: Support fsnotify based reloading of certificate, key and CA
  cert pool when they change on disk
- Add option on the unit test runner to surface builtin errors. This
  should help with debugging errors generated while running unit tests
- Fix issue in `opa fmt` where the assignment operator and term in the
  rule head of chain rules are removed from the re-written rule head
- cmd/fmt: Replace dependency on `diff` tool with an external golang
  library function

### Topdown and Rego
- topdown/providers: Preserve user provided http headers in the
  `providers.aws.sign_req` builtin command
- rego: Allow custom builtin function registration to provide a
  description for the builtin
- ast+cmd: Allow bundle to contain calls to unknown functions when
  inspected

v0.59.0
-------
This release adds tooling to help prepare existing policies for the
upcoming OPA 1.0 release.  It also contains a mix of improvements,
bugfixes and security fixes for third-party libraries.

### Rego v1
The upcoming release of OPA 1.0, which will be released at a future
date, will introduce breaking changes to the Rego language. Most
notably:

* the keywords that currently must be imported through
  `import future.keywords` into a module before use will be part of the
  Rego language by default, without the need to first import them.
* the `if` keyword will be required before the body of a rule.
* the `contains` keyword will be required when declaring a multi-value
  rule (partial set rule).
* deprecated built-in functions will be removed.

This current release (`0.59.0`) introduces a new `--rego-v1` flag to
the `opa fmt` and `opa check` commands to facilitate the transition of
existing policies to be compatible with the 1.0 syntax.

When used with `opa fmt`, the `--rego-v1` flag will format the
module(s) according to the new Rego syntax in OPA 1.0.  Formatted
modules are compatible with both the current version of OPA and 1.0.
Modules using deprecated built-ins will terminate formatting with an
error. Future versions of OPA will support rewriting applicable
function calls with equivalent Rego compatible with 1.0.

When used with `opa check`, the `--rego-v1` flag will check that the
modules are compatible with both the current version of OPA and 1.0.

v0.58.0
-------
This release contains a mix of performance improvements, bugfixes and
security fixes for third-party libraries.

v0.57.1
-------
This is a bug fix release addressing the following security issues:

- Golang security fix GO-2023-2102
- OpenTelemetry-Go Contrib security fix CVE-2023-45142

2023-12-05 20:46:19 by Benny Siegert | Files touched by this commit (146) | Package updated

Log message:
Revbump all Go packages after go121 update

2023-11-10 16:45:25 by Benny Siegert | Files touched by this commit (152) | Package updated

Log message:
Revbump all Go packages after go121 update