Awesome
mcov
Minimum compatible Open Policy Agent (OPA) version, or mcov for short, is a tiny tool that, as the name implies, reports the minimum compatible OPA version for any given Rego files you point it at. This can be used to:
- Ensure that your policies are compatible with the OPA version you are running in production
- Check the impact on version requirements for any given change to policy
- That's it! There's literally nothing more to see
Usage
$ mcov policies/
v0.37.0
Caveats
Note that not all features of Rego that have been added over time — or changes made to existing ones — are possible to track using capabilities alone. Use the version reported by mcov as a starting point — not as a replacement for testing compatibility!
OPA Versions Cheatsheet
Below lists additions to the Rego language, as presented in the OPA capabilities file for each version. Features that may have an impact on the minimum compatible OPA version but are not covered by capabilities are mentioned separately.
v0.67.0
New built-in functions
strings.count
Not covered by capabilities
- Using a keyword, like
contains, as a rule name, is now a parser error whenrego.v1is imported
v0.64.0
New built-in functions
json.marshal_with_options
v0.63.0
New built-in functions
crypto.x509.parse_and_verify_certificates_with_options
v0.59.0
Features
import rego.v1(rego_v1_import)
v0.57.0
Features
- Support for General References in Rule Heads (
rule_head_refs)
Not covered by capabilities
- Short form
elsebodies
v0.56.0
New built-in functions
numbers.range_step
v0.55.0
New built-in functions
crypto.parse_private_keys
Not covered by capabilities
- Honor
defaultkeyword on functions
v0.53.0
New built-in functions
crypto.x509.parse_keypair
v0.52.0
New built-in functions
crypto.hmac.equal
v0.50.0
New built-in functions
json.verify_schemajson.match_schema
v0.48.0
New built-in functions
time.format
v0.47.0
New built-in functions
object.keysproviders.aws.sign_req
v0.46.0
Features
- Refs in rule heads (
rule_head_ref_string_prefixes)
New built-in functions
graphql.schema_is_validnet.cidr_is_valid
Not covered by capabilities
- Entrypoint annotation
with: Allow replacing functions with rules
v0.45.0
New built-in functions
regex.replace
v0.44.0
New built-in functions
strings.any_prefix_matchstrings.any_suffix_match
v0.43.0
Not covered by capabilities
- All
is_validfunctions made to return boolean false rather than throw errors
v0.42.0
Future keywords
containsif
New built-in functions
object.subset
v0.41.0
New built-in functions
graphql.is_validgraphql.parsegraphql.parse_and_verifygraphql.parse_querygraphql.parse_schemaunits.parse
v0.40.0
New built-in functions
rego.metadata.chainrego.metadata.rule
Not covered by capabilities
- Function mocking
- Assignment with
:=allowed in all locations (rule heads, functions, object generating rules)
v0.38.0
Future keywords
every
Not covered by capabilities
- Metadata annotations
v0.37.0
New built-in functions
object.union_ngraph.reachable_pathsindexof_n
Not covered by capabilities
object.get: accepting path argument as array
v0.36.0
New built-in functions
crypto.hmac.md5crypto.hmac.sha1crypto.hmac.sha256crypto.hmac.sha512array.reversestrings.reverse
Miscellaneous
allow_netcapability added
v0.35.0
New built-in functions
net.lookup_ip_addr
v0.34.0
Future keywords
in
New built-in functions
internal.member_2(inoperator)internal.member_3(inoperator)print
v0.33.0
New built-in functions
crypto.x509.parse_rsa_private_key
v0.31.0
New built-in functions
crypto.x509.parse_and_verify_certificatesrand.intn
v0.28.0
New built-in functions
time.diff
v0.26.0
New built-in functions
ceilfloor
v0.25.0
New built-in functions
base64url.encode_no_padhex.encodehex.decodejson.patchjson.is_validyaml.is_valid
v0.24.0
New built-in functions
base64.is_validnet.cidr_mergeurlquery.decode_object
v0.23.0
New built-in functions
regex.is_valid
v0.22.0
New built-in functions
numbers.rangesemver.is_validsemver.compare
Community
For questions, discussions and announcements related to Styra products, services and open source projects, please join the Styra community on Slack!