Releases: open-policy-agent/opa
v0.5.0
User Functions
OPA now supports user-defined functions that have the same semantics as built-in
functions. This allows policy authors to quickly define reusable pieces of logic
in Rego without overloading the input document or thinking about variable
safety.
Storage Improvements
The storage layer has been improved to support single-writer/multiple-reader
concurrency. The storage interfaces have been simplified in the process. Users
can rely on https://godoc.org/github.com/open-policy-agent/opa/storage/inmem in
place of the old storage package.
Website Refresh
The website has been redesigned and the documentation has been ported over to
GitBook.
opa check
and opa fmt
OPA supports two new commands that check and format policies. Check out opa help
for more information.
Miscellaneous
- Add YAML serialization built-ins
- Add time built-ins
Fixes
- Fixed incorrect source locations on refs and manually constructed terms. All
term locations should be set correctly now. - Fixed evaluation bug that caused partial sets and partial objects to be
undefined in some cases.
v0.4.10
This release includes a bunch of new built-in functions to help with string manipulation, JWTs, and more.
The JSON marshalling built-ins have been renamed. Policies that used json_unmarshal
and json_marshal
before will need to be updated to use json.marshal
and json.unmarshal
respectively.
Misc
- Add
else
keyword - Improved undefined built-in error message
- Fixed error message in
-
built-in - Fixed exit instructions in REPL tutorial
- Relax safety check for built-in outputs
v0.4.9
This release includes a bunch of cool stuff!
- Basic type checking for queries and virtual docs (#312)
- Optimizations for HTTP API authorization policies (#319)
- New /v0 API to support webhook integrations (docs)
Fixes
- Add support for namespaced built-ins (#314)
- Improve logging to include request/response bodies (#328)
- Add basic performance metrics (#320)
Miscellaneous
- Add built-ins to un/marshal JSON
- Add input form to diagnostic page
v0.4.8
v0.4.7
v0.4.6
This release changes the run
command options:
- Removed glog in favour of Sirupsen/logrus. This means the command line arguments to control logging have changed. See
run --help
for details. - Removed
--policy-dir
option. For now, if policy persistence is required, users can treat policies as config files and manage them outside of OPA. Once OPA supports persistence of data (e.g., with file-based storage) then policy persistence will be added back in.
Fixes
- Add support for additional HTTP listener (#289)
- Allow slash in policy id/path (#292)
- Improve request logging (#281)
Miscellaneous
- Added deployment documentation
Also, updated Docker tagging so that latest points to most recent release (instead of most recent development build). The most recent development build can still be obtained with the {version}-dev tag.
v0.4.5
API security
This release adds support for TLS, token-based authentication, and authorization in the OPA APIs!
For details on how to secure the OPA API, go to http://openpolicyagent.org/documentation/references/security.
Fixes
- Fix stray built-in error messages (#275)
- Update error codes and messages throughout (#237)
- Fix evaluation bug with nested value refs
- Fix rego.Eval to close transactions
- Fix buggy usage of errors.Cause
Miscellaneous
- Updated to support Go 1.8
v0.4.4
v0.4.3
v0.4.2
Rego
This release changes the Rego syntax. The two main changes are:
- Expressions are now separated by semicolons (instead of commas). When writing rules, the semicolons are optional.
- Rules are no longer written in the form:
head :- body
. Instead they are written ashead { body }
.
Also:
- Set, array, and object literals now support trailing commas.
- To declare a set literal with one element, you must include a trailing comma, e.g.,
{ foo, }
. - Arithmetic and set operations can now be performed with infix notation, e.g.,
x = 2 + 1
. - Sets can be referred to like objects and arrays now (#243). E.g.,
p[_].foo = 1 # check if element in has attr foo equal to 1
.
Evaluation
This release changes the evaluation behaviour for packages. Previously, if a package contained no rules OR all of the rules were undefined when evaluated, a query against the package path would return undefined. As of v0.4.2 the query will return an empty object.
REST API
This release changes the Data API to return an HTTP 200 response if the document is undefined. The message body will contain an object without the result
property.
Fixes
- Allow sets to be treated like objects/arrays
Miscellaneous
- Added high level API for Go users. See
github.com/open-policy-agent/opa/rego
package. - Improved expression String() function to handle infix operators better.
- Added support for set intersection and union built-ins. See language docs.