Merge branch 'main' into remove_locks_decision_logs

.github/workflows/nightly.yaml

@@ -111,7 +111,7 @@ jobs:
       # Equivalent to:
       # $ trivy image openpolicyagent/opa:edge-static
       - name: Run Trivy scan on image
-        uses: aquasecurity/trivy-action@0.21.0
+        uses: aquasecurity/trivy-action@0.22.0
         with:
           image-ref: 'openpolicyagent/opa:edge-static'
           format: table
@@ -139,7 +139,7 @@ jobs:
       # Equivalent to:
       # $ trivy fs .
       - name: Run Trivy scan on repo
-        uses: aquasecurity/trivy-action@0.21.0
+        uses: aquasecurity/trivy-action@0.22.0
         with:
           scan-type: fs
           format: table

ast/parser.go

@@ -2306,6 +2306,11 @@ func (b *metadataParser) Parse() (*Annotations, error) {
 				b.loc = comment.Location
 			}
 		}
+
+		if match == nil && len(b.comments) > 0 {
+			b.loc = b.comments[0].Location
+		}
+
 		return nil, augmentYamlError(err, b.comments)
 	}
 
@@ -2373,6 +2378,21 @@ func (b *metadataParser) Parse() (*Annotations, error) {
 	}
 
 	result.Location = b.loc
+
+	// recreate original text of entire metadata block for location text attribute
+	sb := strings.Builder{}
+	sb.WriteString("# METADATA\n")
+
+	lines := bytes.Split(b.buf.Bytes(), []byte{'\n'})
+
+	for _, line := range lines[:len(lines)-1] {
+		sb.WriteString("# ")
+		sb.Write(line)
+		sb.WriteByte('\n')
+	}
+
+	result.Location.Text = []byte(strings.TrimSuffix(sb.String(), "\n"))
+
 	return &result, nil
 }
 

ast/parser_test.go

@@ -5931,6 +5931,27 @@ func TestAnnotationsAugmentedError(t *testing.T) {
 	}
 }
 
+// https://github.com/open-policy-agent/opa/issues/6587
+func TestAnnotationsParseErrorOnFirstRowGetsCorrectLocation(t *testing.T) {
+	module := `# METADATA
+# description: ` + "`foo` bars" + `
+# title: foo
+package foo`
+
+	_, err := ParseModuleWithOpts("test.rego", module, ParserOptions{ProcessAnnotation: true})
+	if err == nil {
+		t.Fatalf("Expected error but got none")
+	}
+
+	if len(err.(Errors)) != 1 {
+		t.Fatalf("Expected exactly one error but got %v", err)
+	}
+
+	if err.(Errors)[0].Location.Row != 2 {
+		t.Errorf("Expected error on row 2 but got error on row %d", err.(Errors)[0].Location.Row)
+	}
+}
+
 func TestAuthorAnnotation(t *testing.T) {
 	tests := []struct {
 		note     string
@@ -6190,6 +6211,32 @@ func TestRelatedResourceAnnotation(t *testing.T) {
 	}
 }
 
+func TestAnnotationsLocationText(t *testing.T) {
+	module := `# METADATA
+# title: pkg
+# description: a package
+package pkg
+
+import rego.v1
+
+# METADATA
+# title: rule
+allow if {
+	true
+}
+`
+
+	m, err := ParseModuleWithOpts("test.rego", module, ParserOptions{ProcessAnnotation: true})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	assertLocationText(t, "# METADATA\n# title: pkg\n# description: a package", m.Annotations[0].Location)
+	assertLocationText(t, "# METADATA\n# title: rule", m.Annotations[1].Location)
+
+	assertLocationText(t, "# METADATA\n# title: rule", m.Rules[0].Annotations[0].Location)
+}
+
 func assertLocationText(t *testing.T, expected string, actual *Location) {
 	t.Helper()
 	if actual == nil || actual.Text == nil {

docs/content/integration.md

@@ -394,7 +394,7 @@ package in the Go documentation.
 #### Ecosystem Projects
 
 The Go API is made available to allow other projects to build policy functionality into their
-applications. 
+applications.
 {{<
   ecosystem_feature_link
   key="go-integration"
@@ -410,7 +410,7 @@ applications.
 
 Policies can be evaluated as compiled Wasm binaries. See [OPA Wasm docs](../wasm) for more details.
 
-There are a number of projects already built on OPA Wasm, 
+There are a number of projects already built on OPA Wasm,
 {{<
   ecosystem_feature_link
   key="wasm-integration"

docs/content/policy-language.md

@@ -2047,7 +2047,7 @@ count(input.x) with count as 3 with input as {}
 
 The `default` keyword allows policies to define a default value for documents
 produced by rules with [Complete Definitions](#complete-definitions). The
-default value is used when all of the rules sharing the same name are undefined.
+default value is used when all the rules sharing the same name are undefined.
 
 For example:
 
@@ -2112,6 +2112,12 @@ function satisfies the following properties:
 * arguments should only be plain variables ie. no composite values
 * argument names should not be repeated
 
+{{< info >}}
+A `default` function will still fail (as in not evaluate, even to the default value) if any of the arguments provided in
+the call are **undefined**. The reason for this is that the arguments are evaluated before the function is even called,
+and an undefined argument halts evaluation at that point.
+{{< /info >}}
+
 ## Else Keyword
 
 The ``else``  keyword is a basic control flow construct that gives you control

docs/website/content/integrations/asp-dotnet-core.md

@@ -1,13 +1,14 @@
 ---
-title: ASP.NET Core
+title: .NET Core Middleware (build-security)
 labels:
   category: application
   layer: network
 code:
 - https://github.com/build-security/OPA-AspDotNetCore-Middleware
 inventors:
 - build-security
+software:
+- csharp
 ---
 Use ASP.NET Core to create web apps and services that are fast, secure, cross-platform, and cloud-based.
 OPA can be used to implement authorization policies for APIs used in the ASP.NET Core framework.
-

docs/website/content/integrations/clojure.md

@@ -2,6 +2,7 @@
 title: App authorization for Clojure
 software:
 - clojure
+- java
 labels:
   layer: network
   category: application

docs/website/content/integrations/gradle-plugin.md

@@ -1,5 +1,5 @@
 ---
-title: Gradle Build Plugin
+title: Gradle Build Plugin (Bisnode)
 labels:
   layer: cicd
   category: cicdplugin

docs/website/content/integrations/nodejs-express.md

@@ -1,5 +1,5 @@
 ---
-title: NodeJS express
+title: NodeJS Express (build-security)
 labels:
   category: application
   layer: network
@@ -8,7 +8,7 @@ code:
 inventors:
 - build-security
 software:
-- nodejsexpress
+- javascript
 docs_features:
   rest-api-integration:
     note: |

docs/website/content/integrations/opa-csharp.md

@@ -0,0 +1,17 @@
+---
+title: C# OPA SDK (Styra)
+labels:
+  category: application
+  layer: network
+code:
+- https://github.com/StyraInc/opa-csharp
+- https://www.nuget.org/packages/Styra.Opa
+tutorials:
+- https://styrainc.github.io/opa-csharp/
+inventors:
+- styra
+software:
+- csharp
+---
+
+The Styra-supported driver to connect to Open Policy Agent (OPA) and Enterprise OPA deployments from C# applications.

docs/website/content/integrations/opa-dotnet-asp-core.md

@@ -1,5 +1,5 @@
 ---
-title: ASP.NET Core OPA Authorization
+title: .NET Package (me-viper)
 labels:
   category: application
   layer: network
@@ -8,7 +8,8 @@ code:
 - https://github.com/me-viper/OpaDotNet.Extensions
 - https://www.nuget.org/packages/OpaDotNet.Extensions.AspNetCore/
 inventors:
-- andriikurochka
+- me-viper
+software:
+- csharp
 ---
 Open Policy Agent (OPA) ASP.NET core authorization infrastructure
-

docs/website/content/integrations/opa-dotnet.md

@@ -1,5 +1,5 @@
 ---
-title: OPA Wasm .NET core SDK
+title: Wasm .NET Package (me-viper)
 software:
 - csharp
 inventors:
@@ -17,4 +17,3 @@ docs_features:
     note: 'This project implements Open Policy Agent (OPA) WebAssembly .NET core SDK.'
 ---
 Open Policy Agent (OPA) WebAssembly .NET core SDK
-

docs/website/content/integrations/opa-golang.md

@@ -0,0 +1,16 @@
+---
+title: OPA Go SDK
+software:
+- golang
+inventors:
+- styra
+labels:
+  category: application
+  layer: network
+tutorials:
+- https://www.openpolicyagent.org/docs/latest/integration/#integrating-with-the-go-sdk
+code:
+- https://pkg.go.dev/github.com/open-policy-agent/opa/sdk
+- https://github.com/open-policy-agent/opa/tree/main/sdk
+---
+OPA's native Go SDK allows application developers to run OPA functionality from within their application.

docs/website/content/integrations/java.md → docs/website/content/integrations/opa-java-client.md

@@ -1,5 +1,5 @@
 ---
-title: Authorization for Java
+title: Java Client (Bisnode)
 labels:
   layer: network
   category: application

docs/website/content/integrations/opa-java.md

@@ -0,0 +1,17 @@
+---
+title: Java OPA SDK (Styra)
+labels:
+  layer: network
+  category: application
+software:
+- java
+code:
+- https://github.com/StyraInc/opa-java
+- https://central.sonatype.com/artifact/com.styra/opa
+tutorials:
+- https://styrainc.github.io/opa-java/javadoc/
+inventors:
+- styra
+---
+
+The Styra-supported driver to connect to Open Policy Agent (OPA) and Enterprise OPA deployments from Java applications.

docs/website/content/integrations/opa-python.md

@@ -0,0 +1,14 @@
+---
+title: Python Client (Turall)
+labels:
+  layer: network
+  category: application
+software:
+- python
+code:
+- https://github.com/Turall/OPA-python-client
+inventors:
+- turall
+---
+
+Python client for integrating with the OPA REST API.

docs/website/content/integrations/opa-typescript.md

@@ -0,0 +1,17 @@
+---
+title: Typescript OPA SDK (Styra)
+software:
+- javascript
+- typescript
+inventors:
+- styra
+labels:
+  layer: network
+  category: application
+tutorials:
+- https://styrainc.github.io/opa-typescript/
+code:
+- https://github.com/StyraInc/opa-typescript
+- https://www.npmjs.com/package/@styra/opa
+---
+The Styra-supported driver to connect to Open Policy Agent (OPA) and Enterprise OPA deployments from Typescript applications.

docs/website/content/integrations/opa-wasm-dotnet.md

@@ -1,5 +1,5 @@
 ---
-title: OPA Wasm .NET package
+title: Wasm .NET Package (christophwille)
 software:
 - csharp
 inventors:
@@ -19,4 +19,3 @@ docs_features:
 '
 ---
 Call Rego policies in Wasm from C# .NET Core
-

docs/website/content/integrations/opa-wasm-java.md

@@ -1,5 +1,5 @@
 ---
-title: OPA Wasm Java Gradle SDK
+title: Wasm Java Gradle SDK (sangkeon)
 software:
 - java
 inventors:
@@ -18,4 +18,3 @@ docs_features:
 '
 ---
 SDK to illustrate how to use Wasm compiled Rego policies from a Java application
-

docs/website/content/integrations/springsecurity-api.md

@@ -1,10 +1,10 @@
 ---
-title: Authorization for Java Spring Security
+title: Authorization for Spring Security
 labels:
   layer: network
   category: application
 software:
-- javaspringsecurity
+- java
 code:
 - https://github.com/open-policy-agent/contrib/tree/master/spring_authz
 - https://github.com/Bisnode/opa-spring-security

docs/website/content/organizations/me-viper.md

@@ -0,0 +1,4 @@
+---
+link: https://github.com/me-viper
+title: Andrii Kurochka
+---

docs/website/content/organizations/turall.md

@@ -0,0 +1,4 @@
+---
+link: https://github.com/Turall
+title: Tural
+---

docs/website/content/softwares/golang.md

@@ -1,4 +1,4 @@
 ---
 link: https://golang.org/
-title: golang
+title: Go
 ---

docs/website/content/softwares/python.md

@@ -0,0 +1,4 @@
+---
+link: https://www.python.org
+title: Python
+---

docs/website/content/softwares/typescript.md

@@ -0,0 +1,4 @@
+---
+link: http://typescriptlang.org
+title: Typescript
+---