build(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.38.0

[dependabot]

Bumps github.com/open-policy-agent/opa from 0.37.2 to 0.38.0.

Release notes

Sourced from github.com/open-policy-agent/opa's releases.

v0.38.0

This release contains a number of fixes and enhancements.

It contains one backwards-incompatible change to the JSON representation of metrics in Status API payloads, please see the section below.

Rich Metadata

It is now possible to annotate Rego policies in a way that can be processed programmatically, using Rich Metadata.

# METADATA
# title: My rule
# description: A rule that determines if x is allowed.
# authors:
# - Jane Austin <jane@example.com>
allow {
  ...
}

The available keys are:

• title
• description
• authors
• organizations
• related_resources
• schemas
• scope
• custom

Custom annotations can be used to annotate rules, packages, and documents with whatever you specifically need, beyond the generic keywords.

Annotations can be retrieved using the Golang library or via the CLI, opa inspect -a.

All the details can be found in the documentation on Annotations.

Every Keyword

A new keyword for explicit iteration is added to Rego: every.

It comes in two forms, iterating values, or keys and values, of a collection, and asserting that the body evaluates successfully for each binding of key and value to the collection's elements:

every k, v in {"foo": "FOO", "bar": "BAR" } {
  upper(k) == v

... (truncated)

Changelog

Sourced from github.com/open-policy-agent/opa's changelog.

0.38.0

This release contains a number of fixes and enhancements.

It contains one backwards-incompatible change to the JSON representation of metrics in Status API payloads, please see the section below.

Rich Metadata

It is now possible to annotate Rego policies in a way that can be processed programmatically, using Rich Metadata.

# METADATA
# title: My rule
# description: A rule that determines if x is allowed.
# authors:
# - Jane Austin <jane@example.com>
allow {
  ...
}

The available keys are:

• title
• description
• authors
• organizations
• related_resources
• schemas
• scope
• custom

Custom annotations can be used to annotate rules, packages, and documents with whatever you specifically need, beyond the generic keywords.

Annotations can be retrieved using the Golang library or via the CLI, opa inspect -a.

All the details can be found in the documentation on Annotations.

Every Keyword

A new keyword for explicit iteration is added to Rego: every.

It comes in two forms, iterating values, or keys and values, of a collection, and asserting that the body evaluates successfully for each binding of key and value to the collection's elements:

every k, v in {"foo": "FOO", "bar": "BAR" } {

... (truncated)

Commits

• 80db6d5 Prepare Release v0.38.0 (#4400)
• 521cd23 docs: Update generated CLI docs
• 60e564f cmd/inspect: render "related resources" and small misc changes (#4399)
• 64a03c1 docs: Update generated CLI docs
• 35d7e58 cmd: Adding annotations listing to inspect command (#4388)
• 3d93280 docs/rest-api: Update docs on 400 response (#4392)
• bbb8a41 docs/integrations: add OPToggles (#4398)
• cd36c74 build(deps): bump actions/checkout from 2 to 3 (#4395)
• 4ded78a docs+website: two small links fixes (#4391)
• 6991b00 website: Community Webpage Updates (#4390)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)