charts: Update authz policy to be v1 compatible

ashutosh-narkar · ashutosh-narkar · commit eb30c73f95a5 · 2025-01-22T15:07:49.000-08:00
Fixes: #272 Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
diff --git a/charts/opa-kube-mgmt/templates/deployment.yaml b/charts/opa-kube-mgmt/templates/deployment.yaml
@@ -58,17 +58,18 @@ spec:
             TOKEN=`cat /bootstrap/mgmt-token`
             cat > /bootstrap/authz.rego <<EOF
             package system.authz
-            default allow = false
+            import rego.v1
+            default allow := false
             # Allow anonymous access to the default policy decision.
-            allow { input.path = [""]; input.method = "POST" }
-            allow { input.path = [""]; input.method = "GET" }
+            allow if { input.path = [""]; input.method == "POST" }
+            allow if { input.path = [""]; input.method == "GET" }
             # This is only used for health check in liveness and readiness probe
-            allow { input.path = ["health"]; input.method = "GET" }
+            allow if { input.path = ["health"]; input.method == "GET" }
 {{- if .Values.prometheus.enabled }}
             # This allows metrics to be scraped by prometheus
-            allow { input.path = ["metrics"]; input.method = "GET" }
+            allow if { input.path = ["metrics"]; input.method == "GET" }
 {{- end }}
-            allow { input.identity == "$TOKEN" }
+            allow if { input.identity == "$TOKEN" }
             EOF
 {{- end }}
 {{- range $policyName, $policy := .Values.bootstrapPolicies }}
diff --git a/charts/opa-kube-mgmt/values.yaml b/charts/opa-kube-mgmt/values.yaml
@@ -112,7 +112,7 @@ hostNetwork:
 # OPA docker image configuration.
 image:
   repository: openpolicyagent/opa
-  tag: 0.69.0
+  tag: 1.0.1
   pullPolicy: IfNotPresent
 
 # One or more secrets to be used when pulling images
