Bump github.com/open-policy-agent/opa from 0.56.0 to 0.57.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.56.0 to 0.57.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.57.0

This release contains an updated Rego syntax to allow general references in rule heads, and a mix of new features and bugfixes.

Support for General References in Rule Heads

In OPA 0.56.0, we introduced support for general references in rule heads as an experimental feature. It has now graduated to a fully supported feature, and is no longer experimental.

A general reference is a reference with variables at arbitrary locations. In Rego, partial rules are used for generating sets and objects. In previous versions of OPA, variables were only allowed in the very last position in the rule's reference. Now, Rego has been expanded to allow rules to be declared with general references in their head, with variables at arbitrary locations. This allows for generating nested dynamic object structures:

package example
import future.keywords
Converting a flat list of users to a mapping by "role" and then "id".
users_by_role[role][id] := user if {
some user in data.users
id := user.id
role := user.role
}
Explicit "admin" key override to the above mapping.
users_by_role.admin[id] := user if {
some user in data.admins
id := user.id
}
Leaf entries can be multi-value.
users_by_country[country] contains user.id if {
some user in data.users
country := user.country
}

See the documentation for more information.

Authored by @​johanfylling.

Runtime, Tooling, SDK

• ast/runtime: Extend type checking for authz policies (#6213) authored by @​ashutosh-narkar
• server: Add test case for bundle update - query API handler scenario (#4792) authored by @​ashutosh-narkar

Topdown and Rego

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.57.0

This release contains an updated Rego syntax to allow general references in rule heads, and a mix of new features and bugfixes.

Support for General References in Rule Heads

In OPA 0.56.0, we introduced support for general references in rule heads as an experimental feature. It has now graduated to a fully supported feature, and is no longer experimental.

A general reference is a reference with variables at arbitrary locations. In Rego, partial rules are used for generating sets and objects. In previous versions of OPA, variables were only allowed in the very last position in the rule's reference. Now, Rego has been expanded to allow rules to be declared with general references in their head, with variables at arbitrary locations. This allows for generating nested dynamic object structures:

package example
import future.keywords
Converting a flat list of users to a mapping by "role" and then "id".
users_by_role[role][id] := user if {
some user in data.users
id := user.id
role := user.role
}
Explicit "admin" key override to the above mapping.
users_by_role.admin[id] := user if {
some user in data.admins
id := user.id
}
Leaf entries can be multi-value.
users_by_country[country] contains user.id if {
some user in data.users
country := user.country
}

See the documentation for more information.

Authored by @​johanfylling.

Runtime, Tooling, SDK

• ast/runtime: Extend type checking for authz policies (#6213) authored by @​ashutosh-narkar
• server: Add test case for bundle update - query API handler scenario (#4792) authored by @​ashutosh-narkar

Topdown and Rego

... (truncated)

Commits

• c2f42aa Prepare v0.57.0 release (#6256)
• c36a605 docs: Documenting general refs in rule heads (#6244)
• 974586e server: Add test case for bundle update - query API handler scenario
• c5314e3 Removing EXPERIMENTAL_GENERAL_RULE_REFS feature flag (#6252)
• c9d1a8d planner: Adding support for general ref rule heads (#6235)
• 391cb0c Add rego-cpp to OPA Ecosystem
• 83a295f [docs] Use links on support page (#6249)
• 919b290 plugins: Surface AWS authentication error details
• 276702f Updating all vars in rule ref
• b07e60a nightly: skip Fri/Sat night (#6242)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/open-policy-agent/opa	[>= 0.50.a, < 0.51]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[zregvart]

Duplicate of #1066

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.