build(deps): bump github.com/open-policy-agent/opa from 0.70.0 to 1.0.0

examples/envoy-uds/quick_start.yaml

@@ -206,36 +206,36 @@ data:
 
     default allow = false
 
-    token = {"valid": valid, "payload": payload} {
+    token = {"valid": valid, "payload": payload} if {
         [_, encoded] := split(http_request.headers.authorization, " ")
         [valid, _, payload] := io.jwt.decode_verify(encoded, {"secret": "secret"})
     }
 
-    allow {
+    allow if {
         is_token_valid
         action_allowed
     }
 
-    is_token_valid {
+    is_token_valid if {
       token.valid
       now := time.now_ns() / 1000000000
       token.payload.nbf <= now
       now < token.payload.exp
     }
 
-    action_allowed {
+    action_allowed if {
       http_request.method == "GET"
       token.payload.role == "guest"
       glob.match("/people*", [], http_request.path)
     }
 
-    action_allowed {
+    action_allowed if {
       http_request.method == "GET"
       token.payload.role == "admin"
       glob.match("/people*", [], http_request.path)
     }
 
-    action_allowed {
+    action_allowed if {
       http_request.method == "POST"
       token.payload.role == "admin"
       glob.match("/people", [], http_request.path)

examples/gloo-edge/README.md

@@ -115,11 +115,11 @@ import input.attributes.request.http as http_request
 
 default allow = false
 
-allow {
+allow if {
     action_allowed
 }
 
-action_allowed {
+action_allowed if {
   http_request.method == "GET"
 }
 ```

examples/gloo-edge/opa.yaml

@@ -61,11 +61,11 @@ data:
 
     default allow = false
 
-    allow {
+    allow if {
         action_allowed
     }
 
-    action_allowed {
+    action_allowed if {
       http_request.method == "GET"
     }
 

examples/grpc/policy.rego

@@ -2,12 +2,12 @@ package envoy.authz
 
 default allow = false
 
-allow {
+allow if {
   # for test.KitchenSink/Ping, we don't require anything
   input.parsed_path = ["test.KitchenSink", "Ping"]
 }
 
-allow {
+allow if {
   input.parsed_path = ["test.KitchenSink", "Exchange"]
   input.parsed_body = {
     "neededNumA": 1.23,

examples/istio/README.md

@@ -106,28 +106,28 @@ import input.parsed_path
 
 default allow = false
 
-allow {
+allow if {
     roles_for_user[r]
     required_roles[r]
 }
 
 # allow health checks of the opa sidecar
-allow {
+allow if {
     parsed_path[0] == "health"
     http_request.method == "GET"
 }
 
-roles_for_user[r] {
+roles_for_user contains r if {
     r := user_roles[user_name][_]
 }
 
-required_roles[r] {
+required_roles contains r if {
     perm := role_perms[r][_]
     perm.method = http_request.method
     perm.path = http_request.path
 }
 
-user_name = parsed {
+user_name = parsed if {
     [_, encoded] := split(http_request.headers.authorization, " ")
     [parsed, _] := split(base64url.decode(encoded), ":")
 }
@@ -222,7 +222,7 @@ package istio.authz
 
 default allow = false
 
-allow {
+allow if {
    input.parsed_path = ["api", "v1", "products"]
 }
 ```
@@ -236,7 +236,7 @@ package istio.authz
 
 default allow = false
 
-allow {
+allow if {
    input.parsed_path = ["api", "v1", "products"]
    input.parsed_query.lang = ["en"]
    input.parsed_query.id = ["1", "2"]
@@ -252,7 +252,7 @@ package istio.authz
 
 default allow = false
 
-allow {
+allow if {
    input.parsed_body.id == "ext1"
    input.parsed_body.name == "opa_authz"
 }

examples/istio/quick_start.yaml

@@ -415,27 +415,27 @@ data:
 
     default allow = false
 
-    allow {
+    allow if {
         parsed_path[0] == "health"
         http_request.method == "GET"
     }
 
-    allow {
+    allow if {
         roles_for_user[r]
         required_roles[r]
     }
 
-    roles_for_user[r] {
+    roles_for_user contains r if {
         r := user_roles[user_name][_]
     }
 
-    required_roles[r] {
+    required_roles contains r if {
         perm := role_perms[r][_]
         perm.method = http_request.method
         perm.path = http_request.path
     }
 
-    user_name = parsed {
+    user_name = parsed if {
         [_, encoded] := split(http_request.headers.authorization, " ")
         [parsed, _] := split(base64url.decode(encoded), ":")
     }

go.mod

@@ -1,53 +1,52 @@
 module github.com/open-policy-agent/opa-envoy-plugin
 
-go 1.22.0
+go 1.22.7
 
 toolchain go1.23.1
 
 require (
 	github.com/envoyproxy/go-control-plane/envoy v1.32.3
 	github.com/golang/protobuf v1.5.4
-	github.com/open-policy-agent/opa v0.70.0
+	github.com/open-policy-agent/opa v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.20.5
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0
-	go.opentelemetry.io/otel v1.31.0
-	go.opentelemetry.io/otel/sdk v1.31.0
-	go.opentelemetry.io/otel/trace v1.31.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0
+	go.opentelemetry.io/otel v1.33.0
+	go.opentelemetry.io/otel/sdk v1.33.0
+	go.opentelemetry.io/otel/trace v1.33.0
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/tools v0.29.0
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241223144023-3abc09e42ca8
 	google.golang.org/grpc v1.69.2
 	google.golang.org/protobuf v1.36.2
 )
 
 require (
-	github.com/containerd/errdefs v0.3.0 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
-	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/locafero v0.6.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
-	github.com/spf13/viper v1.18.2 // indirect
-	github.com/stretchr/testify v1.10.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.9.0 // indirect
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
 require (
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/agnivade/levenshtein v1.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -56,39 +55,38 @@ require (
 	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
-	github.com/containerd/containerd v1.7.23 // indirect
+	github.com/containerd/containerd v1.7.24 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/dgraph-io/badger/v3 v3.2103.5 // indirect
-	github.com/dgraph-io/ristretto v0.1.1 // indirect
-	github.com/dustin/go-humanize v1.0.0 // indirect
+	github.com/dgraph-io/ristretto v0.2.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/glog v1.2.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/flatbuffers v1.12.1 // indirect
+	github.com/google/flatbuffers v24.12.23+incompatible // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/klauspost/compress v1.17.9 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/peterh/liner v1.2.2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/common v0.61.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cobra v1.8.1 // indirect
@@ -99,18 +97,18 @@ require (
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/propagators/b3 v1.28.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect
-	go.opentelemetry.io/otel/metric v1.31.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.33.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	go.uber.org/automaxprocs v1.6.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.29.0 // indirect
 	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
-	oras.land/oras-go/v2 v2.3.1 // indirect
+	golang.org/x/time v0.8.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d // indirect
+	oras.land/oras-go/v2 v2.5.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )