v0.8.0

What's Changed

In the OPA ruleset v0.8, we upgraded the embedded OPA version from v0.70 to v1.2. This means that some deprecated features will no longer be available and policies will need to be rewritten. See also https://www.openpolicyagent.org/docs/v1.2.0/v0-upgrade

If you use v0 syntax (without if and contains keywords in rule head declarations), it is recommended to use opa fmt --write --v0-v1 to automatically rewrite your policy files. See also https://www.openpolicyagent.org/docs/v1.2.0/v0-upgrade/#upgrading-rego

Another new feature worth mentioning is support for ephemeral resources, which was added in Terraform v1.10. You can get "ephemeral" blocks by using the terraform.ephemeral_resources function. Also, because ephemeral attribute has been added in an expression, you can write policies such as "passwords must be ephemeral".

Breaking Changes

• Promote OPA 1.0 by @wata727 in #136

Enhancements

• Bump github.com/terraform-linters/tflint-plugin-sdk from 0.20.0 to 0.22.0 by @dependabot in #125
• Add support for ephemeral mark by @wata727 in #133
• Add terraform.ephemeral_resources function by @wata727 in #135

Chores

• release: Introduce Artifact Attestations by @wata727 in #106
• Bump goreleaser/goreleaser-action from 5 to 6 by @dependabot in #108
• Bump github.com/hashicorp/hcl/v2 from 2.20.1 to 2.21.0 by @dependabot in #109
• Bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 by @dependabot in #107
• Bump github.com/open-policy-agent/opa from 0.65.0 to 0.66.0 by @dependabot in #110
• Bump github.com/open-policy-agent/opa from 0.66.0 to 0.69.0 by @dependabot in #118
• Bump github.com/open-policy-agent/opa from 0.69.0 to 0.70.0 by @dependabot in #119
• Bump github.com/hashicorp/hcl/v2 from 2.21.0 to 2.23.0 by @dependabot in #120
• Bump actions/attest-build-provenance from 1 to 2 by @dependabot in #122
• Bump github.com/zclconf/go-cty from 1.14.4 to 1.16.2 by @dependabot in #127
• deps: Go 1.24 by @wata727 in #130
• Bump golang.org/x/net from 0.30.0 to 0.33.0 by @dependabot in #129
• Bump github.com/open-policy-agent/opa from 0.70.0 to 1.2.0 by @dependabot in #131
• Enable Dependabot auto-merge by @wata727 in #132
• Add make release for release automation by @wata727 in #137
• Bump GoReleaser to v2 by @wata727 in #138

Full Changelog: v0.7.0...v0.8.0

v0.7.0

0.7.0 (2024-05-05)

Enhancements

• #92 #95 #98 #102: Bump github.com/open-policy-agent/opa from 0.61.0 to 0.64.1
• #93 #99: Bump github.com/hashicorp/hcl/v2 from 2.19.1 to 2.20.1
  • This is required for provider-defined functions support

Chores

• #91 #97: Bump github.com/zclconf/go-cty from 1.14.2 to 1.14.4
• #100: Bump github.com/hashicorp/go-hclog from 1.6.2 to 1.6.3
• #101: Bump golang.org/x/net from 0.22.0 to 0.23.0
• #103: deps: Go 1.22.2
• #104: Bump github.com/terraform-linters/tflint-plugin-sdk from 0.18.0 to 0.20.0

v0.6.0

0.6.0 (2024-02-23)

Enhancements

• #83: Bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0
• #87: Add terraform.removed_blocks function

Chores

• #82: Bump github.com/zclconf/go-cty from 1.14.1 to 1.14.2
• #86: deps: Go 1.22
• #88: Rewrite policies with import rego.v1

v0.5.0

0.5.0 (2023-12-27)

Enhancements

• #67: Add support for scoped data sources
• #69: Add terraform.imports and terraform.checks functions
• #71 #74 #75 #79: Bump github.com/open-policy-agent/opa from 0.57.0 to 0.60.0

Chores

• #64 #72: Bump github.com/hashicorp/hcl/v2 from 2.18.0 to 2.19.1
• #65: Bump github.com/zclconf/go-cty from 1.14.0 to 1.14.1
• #66: Bump golang.org/x/net from 0.15.0 to 0.17.0
• #68: Fix incorrect examples of terraform.resources
• #70: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0
• #73: Bump google.golang.org/grpc from 1.58.2 to 1.58.3
• #76: Bump actions/setup-go from 4 to 5
• #77 #78: Bump github.com/hashicorp/go-hclog from 1.5.0 to 1.6.2
• #80: Fix E2E tests failing with TFLint v0.50

v0.4.0

0.4.0 (2023-10-09)

Enhancements

• #53 #59 #63: Bump github.com/open-policy-agent/opa from 0.54.0 to 0.57.0

Chores

• #54: Bump github.com/terraform-linters/tflint-plugin-sdk from 0.17.0 to 0.18.0
• #55: Add raw binary entries to checksums.txt
• #56 #58: Bump github.com/zclconf/go-cty from 1.13.2 to 1.14.0
• #57: Bump actions/checkout from 3 to 4
• #60: Bump github.com/hashicorp/hcl/v2 from 2.17.0 to 2.18.0
• #61: deps: Go 1.21
• #62: Bump goreleaser/goreleaser-action from 4 to 5

v0.3.0

0.3.0 (2023-07-19)

Enhancements

• #42 #51: Bump github.com/terraform-linters/tflint-plugin-sdk from 0.16.0 to 0.17.0
• #45 #47 #49 #52: Bump github.com/open-policy-agent/opa from 0.51.0 to 0.54.0

Chores

• #44: docs: Clarify what policy_dir is relative to
• #46: Bump github.com/zclconf/go-cty from 1.13.1 to 1.13.2
• #48: Bump github.com/hashicorp/hcl/v2 from 2.16.2 to 2.17.0

v0.2.0

0.2.0 (2023-04-10)

Enhancements

• #26 #29 #32 #33 #37 #39: Bump github.com/open-policy-agent/opa from 0.48.0 to 0.51.0

BugFixes

• #40: Fix internal marshal error of sensitive value

Chores

• #24 #25 #31: Bump github.com/hashicorp/hcl/v2 from 2.15.0 to 2.16.2
• #27: Bump golang.org/x/net from 0.5.0 to 0.7.0
• #28 #35: Bump github.com/zclconf/go-cty from 1.12.1 to 1.13.1
• #30: Bump sigstore/cosign-installer from 2 to 3
• #34: Bump actions/setup-go from 3 to 4
• #36: Bump github.com/hashicorp/go-hclog from 1.4.0 to 1.5.0
• #38: Bump github.com/terraform-linters/tflint-plugin-sdk from 0.15.0 to 0.16.0
• #41: deps: Go 1.20

v0.1.0

0.1.0 (2023-02-02)

Initial release 🎉