diff --git a/docs/modules/demos/pages/end-to-end-security.adoc b/docs/modules/demos/pages/end-to-end-security.adoc index 63f011e6..e9ef9c9b 100644 --- a/docs/modules/demos/pages/end-to-end-security.adoc +++ b/docs/modules/demos/pages/end-to-end-security.adoc @@ -227,8 +227,6 @@ The ACLs configuring this behavior (written with the {rego}[Rego language]) on t ---- package trino_policies -import rego.v1 - policies := { "tables": [ { @@ -270,8 +268,6 @@ The Rego rule for this behavior looks like this (again a snippet from the {trino ---- package trino_policies -import rego.v1 - policies := { "tables": [ { diff --git a/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml b/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml index 6ba799fd..1a75987d 100644 --- a/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml +++ b/stacks/data-lakehouse-iceberg-trino-spark/trino.yaml @@ -114,7 +114,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 servers: roleGroups: default: {} @@ -129,8 +129,6 @@ data: trino.rego: | package trino - import rego.v1 - default allow = false # Allow non-batched access diff --git a/stacks/dual-hive-hdfs-s3/trino.yaml b/stacks/dual-hive-hdfs-s3/trino.yaml index 08936df3..8b38a9f7 100644 --- a/stacks/dual-hive-hdfs-s3/trino.yaml +++ b/stacks/dual-hive-hdfs-s3/trino.yaml @@ -86,7 +86,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 servers: roleGroups: default: @@ -102,8 +102,6 @@ data: trino.rego: | package trino - import rego.v1 - default allow = false # Allow non-batched access diff --git a/stacks/end-to-end-security/hdfs-regorules.yaml b/stacks/end-to-end-security/hdfs-regorules.yaml index 6ee70e11..9736e6d6 100644 --- a/stacks/end-to-end-security/hdfs-regorules.yaml +++ b/stacks/end-to-end-security/hdfs-regorules.yaml @@ -9,8 +9,6 @@ data: hdfs.rego: | package hdfs - import rego.v1 - default allow := false default matches_identity(identity) := false diff --git a/stacks/end-to-end-security/opa.yaml b/stacks/end-to-end-security/opa.yaml index 371966e0..b91e4f03 100644 --- a/stacks/end-to-end-security/opa.yaml +++ b/stacks/end-to-end-security/opa.yaml @@ -5,7 +5,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 clusterConfig: userInfo: backend: diff --git a/stacks/end-to-end-security/trino-policies.yaml b/stacks/end-to-end-security/trino-policies.yaml index bb5df220..58f35054 100644 --- a/stacks/end-to-end-security/trino-policies.yaml +++ b/stacks/end-to-end-security/trino-policies.yaml @@ -9,8 +9,6 @@ data: trino_policies.rego: | package trino_policies - import rego.v1 - policies := { "catalogs": [ # Needed to bootstrap schemas and tables diff --git a/stacks/end-to-end-security/trino-regorules.yaml b/stacks/end-to-end-security/trino-regorules.yaml index 4a1afd9f..a1d68a2a 100644 --- a/stacks/end-to-end-security/trino-regorules.yaml +++ b/stacks/end-to-end-security/trino-regorules.yaml @@ -11,7 +11,6 @@ data: package trino import data.util - import rego.v1 # This file contains functions to determine the actual permissions # defined in the Trino policies for the given user and requested @@ -36,7 +35,6 @@ data: # # Example: # package trino_policies - # import rego.v1 # extra_groups := groups if { # request := { # "method": "POST", @@ -579,7 +577,6 @@ data: package trino import data.util - import rego.v1 # The final policies are a combination of policies offered by Stackable, # policies provided externally, and default policies. @@ -596,7 +593,6 @@ data: # # Example: # package trino_policies - # import rego.v1 # policies := { # "catalogs": [ # { @@ -757,8 +753,6 @@ data: requested_permissions.rego: | package trino - import rego.v1 - # This file contains the requested_permissions rule which returns a set # of required permissions for the given operation including the # requested resource. Operations with the same set of required @@ -1439,8 +1433,6 @@ data: # - data.trino_policies.policies: schema.policies package trino - import rego.v1 - # METADATA # description: | # Entry point for OPA policies, configured in the Trino property @@ -1780,8 +1772,6 @@ data: # description: Utility package which extends the built-in functions package util - import rego.v1 - # METADATA # description: | # Matches the entire string against a regular expression. diff --git a/stacks/keycloak-opa-poc/opa.yaml b/stacks/keycloak-opa-poc/opa.yaml index bcd2919f..ed7282b0 100644 --- a/stacks/keycloak-opa-poc/opa.yaml +++ b/stacks/keycloak-opa-poc/opa.yaml @@ -5,7 +5,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 servers: roleGroups: default: {} diff --git a/stacks/keycloak-opa-poc/policies.yaml b/stacks/keycloak-opa-poc/policies.yaml index cfaeb799..a43a3803 100644 --- a/stacks/keycloak-opa-poc/policies.yaml +++ b/stacks/keycloak-opa-poc/policies.yaml @@ -8,7 +8,6 @@ metadata: data: trino.rego: | package trino - import rego.v1 default allow = false @@ -31,7 +30,6 @@ data: druid.rego: | package druid import data.bundles.opagroups.admins - import rego.v1 default allow = false diff --git a/stacks/trino-iceberg/trino.yaml b/stacks/trino-iceberg/trino.yaml index b826b798..d5ed2791 100644 --- a/stacks/trino-iceberg/trino.yaml +++ b/stacks/trino-iceberg/trino.yaml @@ -99,7 +99,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 servers: roleGroups: default: @@ -115,8 +115,6 @@ data: trino.rego: | package trino - import rego.v1 - default allow = false # Allow non-batched access diff --git a/stacks/trino-superset-s3/trino.yaml b/stacks/trino-superset-s3/trino.yaml index 04a61a7e..378a2f4d 100644 --- a/stacks/trino-superset-s3/trino.yaml +++ b/stacks/trino-superset-s3/trino.yaml @@ -71,7 +71,7 @@ metadata: name: opa spec: image: - productVersion: 0.67.1 + productVersion: 1.0.0 servers: roleGroups: default: {} @@ -86,8 +86,6 @@ data: trino.rego: | package trino - import rego.v1 - default allow = false # Allow non-batched access