Skip to content

merge main to v33 #616

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: v33
Choose a base branch
from
+487 −433
Open

merge main to v33 #616

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
fb654b3
update runtime to v1.7.1 (#609)
gertd Aug 14, 2025
8042dcd
topaz-db (#611)
gertd Aug 16, 2025
66c8127
address CVE-2025-30153 (#613)
gertd Aug 17, 2025
532b021
runtime v1.8.0 (#614)
gertd Sep 3, 2025
be36924
[email protected] (#615)
gertd Sep 3, 2025
cfe6872
upd to runtime v1.9.0 (#617)
gertd Oct 1, 2025
7893edd
fix issue-618 (#619)
gertd Oct 3, 2025
6476d4a
upd golang to v1.25.3 (#621)
gertd Nov 3, 2025
61ded54
move ds builtins from builtins/edge/ds to builtins/ds (#620)
gertd Nov 3, 2025
c19a545
fix builtins helper (#622)
gertd Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ on:
env:
VAULT_ADDR: https://vault.aserto.com/
PRE_RELEASE: ${{ github.ref == 'refs/heads/main' && 'main' || '' }}
GO_VERSION: "1.24"
GO_VERSION: "1.25"
GO_RELEASER_VERSION: "v2.8.2"
GO_LANGCI_LINT_VERSION: "v2.0.2"
GO_TESTSUM_VERSION: "1.12.1"
GO_LANGCI_LINT_VERSION: "v2.6.0"
GO_TESTSUM_VERSION: "1.13.0"
SYFT_VERSION: "v1.13.0"

jobs:
Expand All @@ -42,10 +42,10 @@ jobs:
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
-
uses: actions/checkout@v4
uses: actions/checkout@v5
-
name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: ${{ env.GO_VERSION }}
-
Expand Down Expand Up @@ -80,7 +80,7 @@ jobs:
args: build --clean --snapshot --single-target
-
name: Lint
uses: golangci/golangci-lint-action@v7
uses: golangci/golangci-lint-action@v8
with:
version: ${{ env.GO_LANGCI_LINT_VERSION }}
args: --timeout=30m
Expand Down Expand Up @@ -141,12 +141,12 @@ jobs:
kv/data/github "DOCKER_PUSH_TOKEN" | DOCKER_PASSWORD;
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
-
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: ${{ env.GO_VERSION }}
-
Expand Down Expand Up @@ -217,12 +217,12 @@ jobs:
kv/data/github "READ_WRITE_TOKEN" | READ_WRITE_TOKEN;
kv/data/github "ASERTO_TAP" | ASERTO_TAP;
-
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0
-
name: Setup Go
uses: actions/setup-go@v5
uses: actions/setup-go@v6
with:
go-version: ${{ env.GO_VERSION }}
-
Expand Down Expand Up @@ -281,7 +281,7 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
fetch-depth: 0
-
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pr_checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ jobs:
check-commits:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: gitleaks-check
Expand Down
4 changes: 4 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,3 +63,7 @@ __debug_bin*
# latest container test-snapshot
.container-tag.env
.qodo

# LLM agent configs
AGENTS.md
CLAUDE.md
7 changes: 7 additions & 0 deletions .golangci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@ linters:
- gochecknoglobals # no configuration options
- nilnil
- nlreturn # redundant with wsl
- noinlineerr
- paralleltest
- revive
- tagalign
- thelper
- varnamelen
- wrapcheck
- wsl

settings:
cyclop:
Expand Down Expand Up @@ -83,6 +85,11 @@ linters:
- pkg: pkg/app/handlers
rules:
json: camel

wsl_v5:
allow-first-in-block: true
allow-whole-block: false
branch-max-lines: 2

exclusions:
generated: lax
Expand Down
4 changes: 2 additions & 2 deletions MAINTAINERS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@ The following table lists Topaz project maintainers and areas of expertise in al

| Name | GitHub | Email | Organization | Repositories/Area of Expertise | Added/Renewed On |
| --- | --- | --- | --- | --- | --- |
| Dani Carabas | @carabasdaniel | dani@aserto.com | Aserto | all repositories | 2022-10-23 |
| Gert Drapers | @gertd | gert@aserto.com | Aserto | all repositories | 2022-10-23 |
| Dani Carabas | @carabasdaniel | carabas.milan@gmail.com | self | all repositories | 2022-10-23 |
| Gert Drapers | @gertd | gert@d5s.io | D5S | all repositories | 2022-10-23 |
17 changes: 9 additions & 8 deletions builtins/edge/ds/check.go → builtins/ds/check.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package ds

import (
dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
"github.com/aserto-dev/topaz/builtins"
"github.com/aserto-dev/topaz/resolvers"

"github.com/open-policy-agent/opa/v1/ast"
Expand Down Expand Up @@ -36,7 +37,7 @@ func RegisterCheck(logger *zerolog.Logger, fnName string, dr resolvers.Directory
}

if proto.Equal(&args, &dsr3.CheckRequest{}) {
return helpMsg(fnName, &dsr3.CheckRequest{
return builtins.HelpMsg(fnName, &dsr3.CheckRequest{
ObjectType: "",
ObjectId: "",
Relation: "",
Expand All @@ -47,7 +48,7 @@ func RegisterCheck(logger *zerolog.Logger, fnName string, dr resolvers.Directory

resp, err := dr.GetDS().Check(bctx.Context, &args)
if err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

Expand Down Expand Up @@ -77,12 +78,12 @@ func RegisterCheckRelation(logger *zerolog.Logger, fnName string, dr resolvers.D
var args dsr3.CheckRelationRequest

if err := ast.As(op1.Value, &args); err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

if proto.Equal(&args, &dsr3.CheckRelationRequest{}) {
return helpMsg(fnName, &dsr3.CheckRelationRequest{
return builtins.HelpMsg(fnName, &dsr3.CheckRelationRequest{
ObjectType: "",
ObjectId: "",
Relation: "",
Expand All @@ -95,7 +96,7 @@ func RegisterCheckRelation(logger *zerolog.Logger, fnName string, dr resolvers.D
//nolint: staticcheck // SA1019: client.CheckRelation is deprecated
resp, err := dr.GetDS().CheckRelation(bctx.Context, &args)
if err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

Expand Down Expand Up @@ -125,12 +126,12 @@ func RegisterCheckPermission(logger *zerolog.Logger, fnName string, dr resolvers
var args dsr3.CheckPermissionRequest

if err := ast.As(op1.Value, &args); err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

if proto.Equal(&args, &dsr3.CheckPermissionRequest{}) {
return helpMsg(fnName, &dsr3.CheckPermissionRequest{
return builtins.HelpMsg(fnName, &dsr3.CheckPermissionRequest{
ObjectType: "",
ObjectId: "",
Permission: "",
Expand All @@ -143,7 +144,7 @@ func RegisterCheckPermission(logger *zerolog.Logger, fnName string, dr resolvers
//nolint: staticcheck // SA1019: client.CheckPermission is deprecated
resp, err := dr.GetDS().CheckPermission(bctx.Context, &args)
if err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

Expand Down
9 changes: 5 additions & 4 deletions builtins/edge/ds/checks.go → builtins/ds/checks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"

dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
"github.com/aserto-dev/topaz/builtins"
"github.com/aserto-dev/topaz/resolvers"

"github.com/open-policy-agent/opa/v1/ast"
Expand All @@ -18,7 +19,7 @@ import (
"google.golang.org/protobuf/types/known/structpb"
)

// RegisterCheck - ds.checks
// RegisterChecks - ds.checks
//
// ds.checks({
// "object_type": "",
Expand All @@ -42,7 +43,7 @@ func RegisterChecks(logger *zerolog.Logger, fnName string, dr resolvers.Director
}

if proto.Equal(&args, &dsr3.ChecksRequest{}) {
return helpMsg(fnName, &dsr3.ChecksRequest{
return builtins.HelpMsg(fnName, &dsr3.ChecksRequest{
Default: &dsr3.CheckRequest{
ObjectType: "",
ObjectId: "",
Expand Down Expand Up @@ -72,12 +73,12 @@ func RegisterChecks(logger *zerolog.Logger, fnName string, dr resolvers.Director

resp, err := dr.GetDS().Checks(bctx.Context, &args)
if err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

buf := new(bytes.Buffer)
if err := ProtoToBuf(buf, resp); err != nil {
if err := builtins.ProtoToBuf(buf, resp); err != nil {
return nil, err
}

Expand Down
9 changes: 5 additions & 4 deletions builtins/edge/ds/graph.go → builtins/ds/graph.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"

dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
"github.com/aserto-dev/topaz/builtins"
"github.com/aserto-dev/topaz/resolvers"

"github.com/open-policy-agent/opa/v1/ast"
Expand Down Expand Up @@ -36,12 +37,12 @@ func RegisterGraph(logger *zerolog.Logger, fnName string, dr resolvers.Directory
var args dsr3.GetGraphRequest

if err := ast.As(op1.Value, &args); err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

if proto.Equal(&args, &dsr3.GetGraphRequest{}) {
return helpMsg(fnName, &dsr3.GetGraphRequest{
return builtins.HelpMsg(fnName, &dsr3.GetGraphRequest{
ObjectType: "",
ObjectId: "",
Relation: "",
Expand All @@ -55,13 +56,13 @@ func RegisterGraph(logger *zerolog.Logger, fnName string, dr resolvers.Directory

resp, err := dr.GetDS().GetGraph(bctx.Context, &args)
if err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

buf := new(bytes.Buffer)
if len(resp.GetResults()) > 0 {
if err := ProtoToBuf(buf, resp); err != nil {
if err := builtins.ProtoToBuf(buf, resp); err != nil {
return nil, err
}
}
Expand Down
7 changes: 4 additions & 3 deletions builtins/edge/ds/identity.go → builtins/ds/identity.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package ds

import (
"github.com/aserto-dev/topaz/builtins"
"github.com/aserto-dev/topaz/directory"
"github.com/aserto-dev/topaz/resolvers"
"google.golang.org/grpc/codes"
Expand Down Expand Up @@ -30,7 +31,7 @@ func RegisterIdentity(logger *zerolog.Logger, fnName string, dr resolvers.Direct
}

if err := ast.As(op1.Value, &args); err != nil {
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)
return nil, err
}

Expand All @@ -39,14 +40,14 @@ func RegisterIdentity(logger *zerolog.Logger, fnName string, dr resolvers.Direct
ID string `json:"id"`
}

return help(fnName, argsV3{})
return builtins.Help(fnName, argsV3{})
}

user, err := directory.ResolveIdentity(bctx.Context, dr.GetDS(), args.ID)

switch {
case status.Code(err) == codes.NotFound:
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)

astVal, err := ast.InterfaceToValue(map[string]any{})
if err != nil {
Expand Down
7 changes: 4 additions & 3 deletions builtins/edge/ds/object.go → builtins/ds/object.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"bytes"

dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
"github.com/aserto-dev/topaz/builtins"
"github.com/aserto-dev/topaz/resolvers"
"google.golang.org/protobuf/encoding/protojson"

Expand Down Expand Up @@ -53,7 +54,7 @@ func RegisterObject(logger *zerolog.Logger, fnName string, dr resolvers.Director
}

if proto.Equal(req, &dsr3.GetObjectRequest{}) {
return helpMsg(fnName, &dsr3.GetObjectRequest{
return builtins.HelpMsg(fnName, &dsr3.GetObjectRequest{
ObjectType: "",
ObjectId: "",
WithRelations: false,
Expand All @@ -64,7 +65,7 @@ func RegisterObject(logger *zerolog.Logger, fnName string, dr resolvers.Director

switch {
case status.Code(err) == codes.NotFound:
traceError(&bctx, fnName, err)
builtins.TraceError(&bctx, fnName, err)

astVal, err := ast.InterfaceToValue(map[string]any{})
if err != nil {
Expand All @@ -77,7 +78,7 @@ func RegisterObject(logger *zerolog.Logger, fnName string, dr resolvers.Director
}

buf := new(bytes.Buffer)
if err := ProtoToBuf(buf, resp); err != nil {
if err := builtins.ProtoToBuf(buf, resp); err != nil {
return nil, err
}

Expand Down
Loading