This release contains a fix for crashes experienced when configuring OPA to use S3 signing as service credentials (#3255).
In addition to that, we have a small number of enhancements and fixes:
Tooling
- The
evalsubcommand now allows using--importwithout using--package. Authored by @onelittlenightmusic, #3240.
Compiler
- The
astpackage now exports another method for JSON conversion,ast.JSONWithOpts, that allows further options to be set (#3244.
Server
- REST plugins using
s3_signingas credentials method can now include the specified service in the signature (SigV4). Authored by @cogwirrel, #3210.
Documentation
- Remove soon-to-be deprecated
anyandallfrom the Policy Reference (#3241) -- see also #2437. - Add missing
discovery.servicefield to Discovery configuration table (#3237). - Fix dead links to the Envoy pages (#3248).
WebAssembly
- Executions using the internal Wasm SDK will now be interrupted when the provided context is done (cancelled or deadline reached).
- The generated Wasm modules could become much smaller: unused functions are replaced by
unreachablestubs, and the heavyweight runtime components related to regular expressions are excluded when none of the regex-related builtins are used:glob.match,regex.is_valid,regex.match,regex.is_valid, andregex.find_all_string_submatch_n. - The Wasm runtime now allows passing in the time to be used for evaluation, enabling callers to control the time-of-day observed by Wasm compiled policies.
- Wasmtime runtime has been updated to the latest version (v0.24.0).