Upgrade to opa v1.0.1

filters/openpolicyagent/evaluation.go

@@ -9,9 +9,10 @@ import (
 	ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"github.com/open-policy-agent/opa-envoy-plugin/envoyauth"
 	"github.com/open-policy-agent/opa-envoy-plugin/opa/decisionlog"
-	"github.com/open-policy-agent/opa/ast"
-	"github.com/open-policy-agent/opa/server"
-	"github.com/open-policy-agent/opa/topdown"
+	"github.com/open-policy-agent/opa/v1/ast"
+	"github.com/open-policy-agent/opa/v1/plugins/logs"
+	"github.com/open-policy-agent/opa/v1/server"
+	"github.com/open-policy-agent/opa/v1/topdown"
 	"github.com/opentracing/opentracing-go"
 	pbstruct "google.golang.org/protobuf/types/known/structpb"
 )
@@ -59,7 +60,7 @@ func (opa *OpenPolicyAgentInstance) Eval(ctx context.Context, req *ext_authz_v3.
 		return nil, fmt.Errorf("check request timed out before query execution: %w", ctx.Err())
 	}
 
-	logger := opa.manager.Logger().WithFields(map[string]interface{}{"decision-id": result.DecisionID})
+	logger := opa.Logger().WithFields(map[string]interface{}{"decision-id": result.DecisionID})
 	input, err = envoyauth.RequestToInput(req, logger, nil, opa.EnvoyPluginConfig().SkipRequestBodyParse)
 	if err != nil {
 		return nil, fmt.Errorf("failed to convert request to input: %w", err)
@@ -111,7 +112,12 @@ func (opa *OpenPolicyAgentInstance) logDecision(ctx context.Context, input inter
 		info.Path = opa.EnvoyPluginConfig().Path
 	}
 
-	return decisionlog.LogDecision(ctx, opa.manager, info, result, err)
+	plugin := logs.Lookup(opa.manager)
+	if plugin == nil {
+		return nil
+	}
+
+	return decisionlog.LogDecision(ctx, plugin, info, result, err)
 }
 
 func withDecisionID(decisionID string) func(*envoyauth.EvalResult) {

filters/openpolicyagent/internal/envoy/envoyplugin.go

@@ -5,9 +5,9 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/open-policy-agent/opa/ast"
-	"github.com/open-policy-agent/opa/plugins"
-	"github.com/open-policy-agent/opa/util"
+	"github.com/open-policy-agent/opa/v1/ast"
+	"github.com/open-policy-agent/opa/v1/plugins"
+	"github.com/open-policy-agent/opa/v1/util"
 )
 
 // Factory defines the interface OPA uses to instantiate a plugin.

filters/openpolicyagent/opaauthorizerequest/benchmark_test.go

@@ -4,7 +4,7 @@ import (
 	_ "embed"
 	"fmt"
 	"github.com/golang-jwt/jwt/v4"
-	opasdktest "github.com/open-policy-agent/opa/sdk/test"
+	opasdktest "github.com/open-policy-agent/opa/v1/sdk/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zalando/skipper/filters"
@@ -60,9 +60,11 @@ func BenchmarkMinimalPolicy(b *testing.B) {
 			"main.rego": `
 					package envoy.authz
 
+					import rego.v1
+
 					default allow = false
 
-					allow {
+					allow if {
 						input.parsed_path = [ "allow" ]
 					}
 				`,
@@ -100,9 +102,11 @@ func BenchmarkMinimalPolicyWithDecisionLogs(b *testing.B) {
 			"main.rego": `
 					package envoy.authz
 
+					import rego.v1
+
 					default allow = false
 
-					allow {
+					allow if {
 						input.parsed_path = [ "allow" ]
 					}
 				`,
@@ -200,7 +204,7 @@ func BenchmarkJwtValidation(b *testing.B) {
 			"main.rego": fmt.Sprintf(`
 					package envoy.authz
 
-					import future.keywords.if
+					import rego.v1
 
 					default allow = false
 

filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest_test.go

@@ -2,7 +2,7 @@ package opaauthorizerequest
 
 import (
 	"fmt"
-	opasdktest "github.com/open-policy-agent/opa/sdk/test"
+	opasdktest "github.com/open-policy-agent/opa/v1/sdk/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/zalando/skipper/eskip"
@@ -412,49 +412,51 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 					"main.rego": `
 						package envoy.authz
 
+						import rego.v1
+
 						default allow := false
 						default deny_with_query := false
 
-						allow {
+						allow if {
 							input.parsed_path == [ "allow" ]
 							input.parsed_query == {}
 						}
 
-						allow_with_http_path {
+						allow_with_http_path if {
 							input.attributes.request.http.path == "/some/api/path?q1=v1&msg=help%20me"
 						}
 
-						allow_with_space_in_path {
+						allow_with_space_in_path if{
 							input.parsed_path == [ "my path" ]
 						}
 
-						allow_with_path_having_empty_query {
+						allow_with_path_having_empty_query if {
 							input.parsed_path == [ "path-with-empty-query" ]
 							input.parsed_query == {}
 						}
 
-						allow_with_query {
+						allow_with_query if {
 							input.parsed_path == [ "allow-with-query" ]
 							input.parsed_query.pass == ["yes"]
 							input.parsed_query.id == ["1", "2"]
 							input.parsed_query.msg == ["help me"]
 						}
 
-						deny_with_query {
+						deny_with_query if {
 							input.attributes.request.http.path == "/allow-me?tofail=true"
 							not input.parsed_query.tofail == ["true"]
 						}
 
-						allow_with_path_having_fragment {
+						allow_with_path_having_fragment if {
 							input.parsed_path == [ "path-with-empty-query" ]
 							input.attributes.request.http.path == "/path-with-empty-query"
 						}
 
-						allow_context_extensions {
+						allow_context_extensions if {
 							input.attributes.contextExtensions["com.mycompany.myprop"] == "myvalue"
 						}
 
-						allow_runtime_environment {
+						allow_runtime_environment if {
 							opa.runtime().config.labels.environment == "test"
 						}
 
@@ -465,7 +467,7 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 							"http_status": 401
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "structured" ]
 							response := {
 								"allowed": true,
@@ -497,13 +499,13 @@ func TestAuthorizeRequestFilter(t *testing.T) {
 
 						default allow_body := false
 
-						allow_body {
+						allow_body if {
 							input.parsed_body.target_id == "123456"
 						}
 
 						decision_id := input.attributes.metadataContext.filterMetadata.open_policy_agent.decision_id
 
-						allow_object_decision_id_in_header := response {
+						allow_object_decision_id_in_header := response if {
 						    input.parsed_path = ["allow", "structured"]
 						    decision_id
 						    response := {
@@ -663,9 +665,11 @@ func TestAuthorizeRequestInputContract(t *testing.T) {
 					"main.rego": `
 						package envoy.authz
 
+						import rego.v1
+
 						default allow = false
 
-						allow {
+						allow if {
 							input.attributes.request.http.path == "/users/profile/amal?param=1"
 							input.parsed_path == ["users", "profile", "amal"]
 							input.parsed_query == {"param": ["1"]}

filters/openpolicyagent/opaserveresponse/opaserveresponse_test.go

@@ -7,7 +7,7 @@ import (
 	"strings"
 	"testing"
 
-	opasdktest "github.com/open-policy-agent/opa/sdk/test"
+	opasdktest "github.com/open-policy-agent/opa/v1/sdk/test"
 	"github.com/stretchr/testify/assert"
 	"github.com/zalando/skipper/eskip"
 	"github.com/zalando/skipper/filters"
@@ -172,9 +172,11 @@ func TestServerResponseFilter(t *testing.T) {
 					"main.rego": `
 						package envoy.authz
 
+						import rego.v1
+
 						default allow := false
 
-						allow {
+						allow if {
 							input.parsed_path == [ "allow" ]
 						}
 
@@ -185,7 +187,7 @@ func TestServerResponseFilter(t *testing.T) {
 							"http_status": 403
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "structured" ]
 							response := {
 								"allowed": true,
@@ -195,7 +197,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "structured", "with-empty-query-string" ]
 							input.parsed_query == {}
 							response := {
@@ -206,7 +208,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "structured", "with-query" ]
 							input.parsed_query.pass == ["yes"]
 							response := {
@@ -217,7 +219,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "production" ]
 							opa.runtime().config.labels.environment == "production"
 							response := {
@@ -228,7 +230,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object := response {
+						allow_object := response if {
 							input.parsed_path == [ "allow", "test" ]
 							opa.runtime().config.labels.environment == "test"
 							response := {
@@ -239,7 +241,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object_structured_body := response {
+						allow_object_structured_body := response if {
 							input.parsed_path == [ "allow", "structured" ]
 							response := {
 								"allowed": true,
@@ -249,7 +251,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object_contextextensions := response {
+						allow_object_contextextensions := response if {
 							input.parsed_path == [ "allow", "structured" ]
 							response := {
 								"allowed": true,
@@ -259,7 +261,7 @@ func TestServerResponseFilter(t *testing.T) {
 							}
 						}
 
-						allow_object_req_body := response {
+						allow_object_req_body := response if {
 							response := {
 								"allowed": true,
 								"headers": {},

filters/openpolicyagent/openpolicyagent.go

@@ -18,17 +18,17 @@ import (
 	ext_authz_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	"github.com/google/uuid"
 	"github.com/open-policy-agent/opa-envoy-plugin/envoyauth"
-	"github.com/open-policy-agent/opa/ast"
-	"github.com/open-policy-agent/opa/config"
-	"github.com/open-policy-agent/opa/logging"
-	"github.com/open-policy-agent/opa/plugins"
-	"github.com/open-policy-agent/opa/plugins/discovery"
-	"github.com/open-policy-agent/opa/rego"
-	"github.com/open-policy-agent/opa/runtime"
-	"github.com/open-policy-agent/opa/storage"
-	"github.com/open-policy-agent/opa/storage/inmem"
-	iCache "github.com/open-policy-agent/opa/topdown/cache"
-	opatracing "github.com/open-policy-agent/opa/tracing"
+	"github.com/open-policy-agent/opa/v1/ast"
+	"github.com/open-policy-agent/opa/v1/config"
+	"github.com/open-policy-agent/opa/v1/logging"
+	"github.com/open-policy-agent/opa/v1/plugins"
+	"github.com/open-policy-agent/opa/v1/plugins/discovery"
+	"github.com/open-policy-agent/opa/v1/rego"
+	"github.com/open-policy-agent/opa/v1/runtime"
+	"github.com/open-policy-agent/opa/v1/storage"
+	"github.com/open-policy-agent/opa/v1/storage/inmem"
+	iCache "github.com/open-policy-agent/opa/v1/topdown/cache"
+	opatracing "github.com/open-policy-agent/opa/v1/tracing"
 	"github.com/opentracing/opentracing-go"
 	"golang.org/x/sync/semaphore"
 	"google.golang.org/protobuf/encoding/protojson"

filters/openpolicyagent/openpolicyagent_test.go

@@ -14,14 +14,14 @@ import (
 
 	pbstruct "google.golang.org/protobuf/types/known/structpb"
 
-	"github.com/open-policy-agent/opa/ast"
+	"github.com/open-policy-agent/opa/v1/ast"
 
 	ext_authz_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	authv3 "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
 	"github.com/open-policy-agent/opa-envoy-plugin/envoyauth"
-	opaconf "github.com/open-policy-agent/opa/config"
-	opasdktest "github.com/open-policy-agent/opa/sdk/test"
-	"github.com/open-policy-agent/opa/storage/inmem"
+	opaconf "github.com/open-policy-agent/opa/v1/config"
+	opasdktest "github.com/open-policy-agent/opa/v1/sdk/test"
+	"github.com/open-policy-agent/opa/v1/storage/inmem"
 	"github.com/opentracing/opentracing-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -153,10 +153,12 @@ func mockControlPlaneWithResourceBundle() (*opasdktest.Server, []byte) {
 		opasdktest.MockBundle("/bundles/use_body", map[string]string{
 			"main.rego": `
 				package envoy.authz
+
+				import rego.v1
 
 				default allow = false
 
-				allow { input.parsed_body }
+				allow if { input.parsed_body }
 			`,
 		}),
 		opasdktest.MockBundle("/bundles/anotherbundlename", map[string]string{

filters/openpolicyagent/tracing.go

@@ -3,8 +3,8 @@ package openpolicyagent
 import (
 	"net/http"
 
-	"github.com/open-policy-agent/opa/plugins"
-	opatracing "github.com/open-policy-agent/opa/tracing"
+	"github.com/open-policy-agent/opa/v1/plugins"
+	opatracing "github.com/open-policy-agent/opa/v1/tracing"
 	"github.com/opentracing/opentracing-go"
 	"github.com/zalando/skipper/logging"
 	"github.com/zalando/skipper/proxy"

filters/openpolicyagent/tracing_test.go

@@ -6,8 +6,8 @@ import (
 	"net/url"
 	"testing"
 
-	"github.com/open-policy-agent/opa/config"
-	"github.com/open-policy-agent/opa/plugins"
+	"github.com/open-policy-agent/opa/v1/config"
+	"github.com/open-policy-agent/opa/v1/plugins"
 	"github.com/opentracing/opentracing-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"