Bump OPA version from v0.68.0 to v0.69.0 and Set new accepted minimum to v0.69.0 #1348
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
github-actions
bot
added
the
version bump
buidav
changed the title
buidav
changed the title
|
@buidav Do we want to prevent use of previous versions of OPA and start anew with 0.69? Our NoBOM fixes means ScubaGear is still compatible with previous versions, and 0.69 wasn't a security fix release. |
Yes. From a previous discussion, the thought there was to start anew with the new version as an extra layer of assurance that the BOM issue will never appear again. |
|
@buidav During testing/review I also noticed a small error (not directly from this update) that caused the error message from Install-OPAforSCuBA to not correctly list acceptable versions if asked to install a specific version outside the list due to a variable name typo. Added that fix to this PR as it is straightforward and related. Hope you don't mind. |
huh that's probably been there for a while. Good find! |
There was a problem hiding this comment.
Ran Install-OPAforSCuBA with default options and -ExpectedVersion outside the acceptable list. Worked as expected (after fixing error message with commit).
Also ran Initialize-SCuBA which calls same function to confirm it would update older OPA versions as expected as well. Worked as expected.
Invoke-SCuBA and unit tests all ran and passed as expected with 0.69 version of OPA Rego engine as well.
Seems reasonable to cut the acceptable list to the latest at this time to prevent further issues with the BOM and to trim support for older releases at this time.
There was a problem hiding this comment.
I ran Invoke-Scuba before upgrading my OPA, then ran Initialize-SCuBA to upgrade, then ran Invoke-Scuba again. Results of the two runs matched.
I also ran Invoke-ScubaCached with an old provider output JSON I had that had the BOM. Our favorite unable to parse input: yaml error happened when run with the old OPA executable but ran successfully with the latest version!
|
@nanda-katikaneni ready to merge |
schrolla
force-pushed
the
opa-version-bump-0.69.0
branch
from
92f06d4
to
9ee9bfc
Compare
🗣 Description
💭 Motivation and context
🧪 Testing
Currently a human should still check if bumping the OPA version affects ScubaGear.Import-Module .\PowerShell\ScubaGearrunInstall-OPAforSCuBAto download the latest version.`Invoke-SCuBAagainst a few of the tenants no issues.📷 Screenshots
Passing unit tests.
✅ Pre-approval checklist
✅ Pre-merge checklist
PR passed smoke test check.
Feature branch has been rebased against changes from parent branch, as needed
Use
Rebase branchbutton below or use this reference to rebase from the command line.Resolved all merge conflicts on branch
Notified merge coordinator that PR is ready for merge via comment mention
✅ Post-merge checklist