v0.4.10

This release includes a bunch of new built-in functions to help with string manipulation, JWTs, and more.

The JSON marshalling built-ins have been renamed. Policies that used json_unmarshal and json_marshal before will need to be updated to use json.marshal and json.unmarshal respectively.

Misc

• Add else keyword
• Improved undefined built-in error message
• Fixed error message in - built-in
• Fixed exit instructions in REPL tutorial
• Relax safety check for built-in outputs

v0.4.9

This release includes a bunch of cool stuff!

• Basic type checking for queries and virtual docs (#312)
• Optimizations for HTTP API authorization policies (#319)
• New /v0 API to support webhook integrations (docs)

Fixes

• Add support for namespaced built-ins (#314)
• Improve logging to include request/response bodies (#328)
• Add basic performance metrics (#320)

Miscellaneous

• Add built-ins to un/marshal JSON
• Add input form to diagnostic page

v0.4.8

Miscellaneous

• Fix top-level navigation links
• Improve file loader error handling

v0.4.7

Fixes

• Fix recursive binding by short-circuiting ref eval (#298)
• Fix reordering for unsafe ref heads (#297)
• Fix rewriting of single term exprs (#299)

v0.4.6

This release changes the run command options:

• Removed glog in favour of Sirupsen/logrus. This means the command line arguments to control logging have changed. See run --help for details.
• Removed --policy-dir option. For now, if policy persistence is required, users can treat policies as config files and manage them outside of OPA. Once OPA supports persistence of data (e.g., with file-based storage) then policy persistence will be added back in.

Fixes

• Add support for additional HTTP listener (#289)
• Allow slash in policy id/path (#292)
• Improve request logging (#281)

Miscellaneous

• Added deployment documentation

Also, updated Docker tagging so that latest points to most recent release (instead of most recent development build). The most recent development build can still be obtained with the {version}-dev tag.

v0.4.5

API security

This release adds support for TLS, token-based authentication, and authorization in the OPA APIs!

For details on how to secure the OPA API, go to http://openpolicyagent.org/documentation/references/security.

Fixes

• Fix stray built-in error messages (#275)
• Update error codes and messages throughout (#237)
• Fix evaluation bug with nested value refs
• Fix rego.Eval to close transactions
• Fix buggy usage of errors.Cause

Miscellaneous

• Updated to support Go 1.8

v0.4.4

Fixes

• Fix issue in high-level Go API (#261)

v0.4.3

Fixes

• Fix parsing of inline comments (#258)
• Fix unset of input/data in REPL (#259)
• Handle non-string/var values in rule tree lookup (#257)

v0.4.2

Rego

This release changes the Rego syntax. The two main changes are:

• Expressions are now separated by semicolons (instead of commas). When writing rules, the semicolons are optional.
• Rules are no longer written in the form: head :- body. Instead they are written as head { body }.

Also:

• Set, array, and object literals now support trailing commas.
• To declare a set literal with one element, you must include a trailing comma, e.g., { foo, }.
• Arithmetic and set operations can now be performed with infix notation, e.g., x = 2 + 1.
• Sets can be referred to like objects and arrays now (#243). E.g., p[_].foo = 1 # check if element in has attr foo equal to 1.

Evaluation

This release changes the evaluation behaviour for packages. Previously, if a package contained no rules OR all of the rules were undefined when evaluated, a query against the package path would return undefined. As of v0.4.2 the query will return an empty object.

REST API

This release changes the Data API to return an HTTP 200 response if the document is undefined. The message body will contain an object without the result property.

Fixes

• Allow sets to be treated like objects/arrays

Miscellaneous

• Added high level API for Go users. See github.com/open-policy-agent/opa/rego package.
• Improved expression String() function to handle infix operators better.
• Added support for set intersection and union built-ins. See language docs.

v0.4.1

Rego

For more details on these changes see sections in How Do I Write Policies.

• Added new default keyword. The default keyword can be used to provide a default value for rules with complete definitions.
• Added new with keyword. The with keyword can be used to programmatically set the value of the input document inside policies.

Fixes

• Fix input document definition in REPL (#231)
• Fix reference evaluation bug (#238)

Miscellaneous

• Add basic REST API authorization benchmark