feat!: OPA v1 support

* upgrade OPA to v1 * update authz policy to be v1 compatible * fix E2E tests Fixes: #272 Signed-off-by: Ashutosh Narkar <[email protected]> Signed-off-by: Ievgenii Shepeliuk <[email protected]>
open-policy-agent · Jan 23, 2025 · 5fc8d4e · 5fc8d4e
1 parent 56b2960
commit 5fc8d4e
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 10 deletions.
diff --git a/charts/opa-kube-mgmt/templates/deployment.yaml b/charts/opa-kube-mgmt/templates/deployment.yaml
@@ -58,17 +58,18 @@ spec:
             TOKEN=`cat /bootstrap/mgmt-token`
             cat > /bootstrap/authz.rego <<EOF
             package system.authz
-            default allow = false
+            import rego.v1
+            default allow := false
             # Allow anonymous access to the default policy decision.
-            allow { input.path = [""]; input.method = "POST" }
-            allow { input.path = [""]; input.method = "GET" }
+            allow if { input.path = [""]; input.method == "POST" }
+            allow if { input.path = [""]; input.method == "GET" }
             # This is only used for health check in liveness and readiness probe
-            allow { input.path = ["health"]; input.method = "GET" }
+            allow if { input.path = ["health"]; input.method == "GET" }
 {{- if .Values.prometheus.enabled }}
             # This allows metrics to be scraped by prometheus
-            allow { input.path = ["metrics"]; input.method = "GET" }
+            allow if { input.path = ["metrics"]; input.method == "GET" }
 {{- end }}
-            allow { input.identity == "$TOKEN" }
+            allow if { input.identity == "$TOKEN" }
             EOF
 {{- end }}
 {{- range $policyName, $policy := .Values.bootstrapPolicies }}

diff --git a/charts/opa-kube-mgmt/values.yaml b/charts/opa-kube-mgmt/values.yaml
@@ -112,7 +112,7 @@ hostNetwork:
 # OPA docker image configuration.
 image:
   repository: openpolicyagent/opa
-  tag: 0.69.0
+  tag: 1.0.1
   pullPolicy: IfNotPresent
 
 # One or more secrets to be used when pulling images

diff --git a/justfile b/justfile
@@ -98,7 +98,7 @@ test-e2e-all: build
   #!/usr/bin/env bash
   set -euo pipefail
 
-  for E in $(find test/e2e/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n' | sort); do
+  for E in $(find test/e2e/ -mindepth 1 -maxdepth 1 -type d -printf '%f\n'|grep -E -v '^skip_'|sort); do
     echo "===================================================="
     echo "= Running e2e: \`${E}\` "
     echo "===================================================="

diff --git a/test/e2e/fixture-multi.yaml b/test/e2e/fixture-multi.yaml
@@ -9,9 +9,10 @@ apiVersion: v1
 data:
   a.rego: |
     package my_pkg
+    import rego.v1
     import data.my_pkg.functions.my_func
     default my_rule := false
-    my_rule {
+    my_rule if {
       my_func(input.hello)
     }
   b.rego: |
@@ -28,8 +29,9 @@ apiVersion: v1
 data:
   f.rego: |
     package my_pkg_fail
+    import rego.v1
     import data.my_pkg_fail.functions.my_func
     default my_rule := false
-    my_rule {
+    my_rule if {
       my_func(input.hello)
     }