Open Policy Agent - v0.39.0

This release contains a number of fixes and enhancements.

Disk Storage

The on-disk storage backend has been fully integrated with the OPA server, and
can now be enabled via configuration:

    directory: /var/opa # put data here
    auto_create: true   # create directory if it doesn't exist
    partitions:         # partitioning is important for data storage,
    - /users/*          # please see the documentation

It is intended to enable the use of OPA in scenarios where the data needed for
policy evaluation exceeds the available memory.

The on-disk contents will persist among restarts, but should not be used as a
single source of truth: there are no backup mechanisms, and certain data partitioning
changes will require a start-over. These are things that may get improved in the

For all the details, please refer to the configuration
and detailled Disk Storage section
of the documentations.

Tooling, SDK, and Runtime

  • Server: Add warning when input attribute is missing in POST /v1/data API (#4386) authored by @aflmp
  • SDK: Support partial evaluation (#4240), authored by @kroekle; with a fix to avoid using different state (authored by @Iceber)
  • Runtime: Suppress payloads in debug logs for handlers that compress responses (/metrics and /debug/pprof) (authored by @christian1607)
  • opa test: Add file path to failing tests to make debugging failing tests easier (#4457), authored by @liamg
  • opa fmt: avoid whitespace mixed with tabs on with statements (#4376) reported by @tiwood
  • Coverage reporting: Remove duplicates from coverage report (#4393) reported by @gianna7wu
  • Plugins: Fix broken retry logic in decision logs plugin (#4486) reported by @iamatwork
  • Plugins: Update regular polling fallback mechanism for downloader
  • Plugins: Support for adding custom parameters and headers for OAuth2 Client Credentials Token request (authored by @srlk)
  • Plugins: Log message on unexpected bundle content type (#4278)
  • Plugins: Mask Authorization header value in debug logs (#4495)
  • Docker images: Use GID 1000 in -rootless images (#4380); also warn when using UID/GID 0.
  • Runtime: change processed file event log level to info

Rego and Topdown

  • Type checker: Skip pattern JSON Schema attribute compilation (#4426): These are not supported, but could have caused the parsing of a JSON Schema document to fail.
  • Topdown: Copy without modifying expr, fixing a bug that could occur when running multiple partial evaluation requests concurrently.
  • Compiler strict mode: Raise error on unused imports (#4354) authored by @damienjburks
  • AST: Fix print call rewriting in else rules (#4489)
  • Compiler: Improve error message on missing with target (#4431) reported by @gabrielfern
  • Parser: hint about 'every' future keyword import

Documentation and Website

  • AWS CloudFormation Hook: New tutorial
  • Community: Stretch background so it covers on larger screens (#4402) authored by @msorens
  • Build: Make local dev and PR preview not build everything (#4379)
  • Philosophy: Grammar fixes (authored by @ajonesiii)
  • README: Add note about Hugo version mismatch errors (authored by @ogazitt)
  • Integrations: Add GraphQL-Graphene (authored by @dolevf), Emissary-Ingress (authored by @tayyabjamadar), rekor-sidekick,
  • Integrations CI: ensure referenced software is listed, and logo file names match; allow SVG logos
  • Envoy: Update policy primer with new control headers
  • Envoy: Update bob_token and alice_token in tutorial (authored by @rokkiter)
  • Envoy: Include new configurable gRPC msg sizes (authored by @emaincourt)
  • Annotations: add missing title to index (authored by @itaysk)


  • Various dependency bumps, notably:
  • OpenTelemetry-go: 1.4.1 -> 1.6.1
  • Wasmtime-go: 0.34.0 -> 0.35.0
  • Binaries and Docker images are now built using Go 1.18; CI runs build/test for Ubuntu and macos with Go 1.16 and 1.17.
  • CI: remove go-fuzz, use native go 1.18 fuzzer


March 31, 2022, 12:41 p.m.
Register or login to:
  • 🔍View and search all Open Policy Agent releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google