Upgrade to opa v1.1.0

Addresses breaking changes from open-policy-agent/opa-envoy-plugin#628 Signed-off-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de>
zalando · Feb 6, 2025 · 22f1665 · 22f1665
1 parent 5cf1f44
commit 22f1665
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 61 deletions.
diff --git a/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest.go b/filters/openpolicyagent/opaauthorizerequest/opaauthorizerequest.go
@@ -167,12 +167,13 @@ func (f *opaAuthorizeRequestFilter) Request(fc filters.FilterContext) {
 	}
 	removeRequestHeaders(fc, headersToRemove)
 
-	headers, err := result.GetResponseHTTPHeaders()
+	headerToAdd, err := result.GetResponseEnvoyHeaderValueOptions()
 	if err != nil {
 		f.opa.HandleInvalidDecisionError(fc, span, result, err, !f.opa.EnvoyPluginConfig().DryRun)
 		return
 	}
-	addRequestHeaders(fc, headers)
+
+	addRequestHeaders(fc, headerToAdd)
 
 	if responseHeaders, err := result.GetResponseHTTPHeadersToAdd(); err != nil {
 		f.opa.HandleInvalidDecisionError(fc, span, result, err, !f.opa.EnvoyPluginConfig().DryRun)
@@ -188,14 +189,14 @@ func removeRequestHeaders(fc filters.FilterContext, headersToRemove []string) {
 	}
 }
 
-func addRequestHeaders(fc filters.FilterContext, headers http.Header) {
-	for key, values := range headers {
-		for _, value := range values {
-			// This is the default behavior from https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#config-core-v3-headervalueoption
-			fc.Request().Header.Add(key, value)
-		}
+func addRequestHeaders(fc filters.FilterContext, headerOptions []*ext_authz_v3_core.HeaderValueOption) {
+	for _, option := range headerOptions {
+		key := option.GetHeader().GetKey()
+		value := option.GetHeader().GetValue()
+		fc.Request().Header.Add(key, value)
 	}
 }
+
 func (f *opaAuthorizeRequestFilter) Response(fc filters.FilterContext) {
 	if headers, ok := fc.StateBag()[responseHeadersKey].([]*ext_authz_v3_core.HeaderValueOption); ok {
 		addResponseHeaders(fc, headers)

diff --git a/filters/openpolicyagent/response.go b/filters/openpolicyagent/response.go
@@ -64,7 +64,22 @@ func (opa *OpenPolicyAgentInstance) ServeResponse(fc filters.FilterContext, span
 		return
 	}
 
-	resp.Header, err = result.GetResponseHTTPHeaders()
+	headerOptions, err := result.GetResponseEnvoyHeaderValueOptions()
+	if err != nil {
+		opa.ServeInvalidDecisionError(fc, span, result, err)
+		return
+	}
+
+	if resp.Header == nil {
+		resp.Header = make(http.Header)
+	}
+
+	for _, option := range headerOptions {
+		key := option.GetHeader().GetKey()
+		value := option.GetHeader().GetValue()
+		resp.Header.Add(key, value)
+	}
+
 	if err != nil {
 		opa.ServeInvalidDecisionError(fc, span, result, err)
 		return

diff --git a/go.mod b/go.mod
@@ -27,8 +27,8 @@ require (
 	github.com/lightstep/lightstep-tracer-go v0.26.0
 	github.com/miekg/dns v1.1.63
 	github.com/oklog/ulid v1.3.1
-	github.com/open-policy-agent/opa v1.0.0
-	github.com/open-policy-agent/opa-envoy-plugin v1.0.0-envoy
+	github.com/open-policy-agent/opa v1.1.0
+	github.com/open-policy-agent/opa-envoy-plugin v1.1.0-envoy-1
 	github.com/opentracing/basictracer-go v1.1.0
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/prometheus/client_golang v1.20.5
@@ -76,16 +76,15 @@ require (
 	github.com/bmizerany/perks v0.0.0-20141205001514-d9a9656a3a4b // indirect
 	github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cespare/xxhash v1.1.0 // indirect
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/containerd/containerd v1.7.25 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/cpuguy83/dockercfg v0.3.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/dgraph-io/badger/v3 v3.2103.5 // indirect
-	github.com/dgraph-io/ristretto v0.2.0 // indirect
+	github.com/dgraph-io/badger/v4 v4.5.1 // indirect
+	github.com/dgraph-io/ristretto/v2 v2.1.0 // indirect
 	github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/docker v27.1.1+incompatible // indirect
@@ -103,7 +102,6 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.0 // indirect
 	github.com/google/flatbuffers v24.12.23+incompatible // indirect
 	github.com/gorilla/mux v1.8.1 // indirect