ci: align go toolchain and opa policies

haasonsaas · haasonsaas · commit 1fb22c597ff2 · 2025-10-18T13:21:00.000-07:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
     branches: [ main ]
 
 env:
-  GO_VERSION: '1.22'
+  GO_VERSION: '1.24'
   PYTHON_VERSION: '3.12'
 
 jobs:
diff --git a/policies/keep.rego b/policies/keep.rego
@@ -2,41 +2,36 @@ package keep
 
 default decision := "deny"
 
-# High trust score - allow access
-decision := "allow" {
+decision := "allow" if {
 	valid_user
 	input.device.trust_score >= 80
 }
 
-# Medium trust score - require step-up authentication  
-decision := "step-up" {
+decision := "step-up" if {
 	valid_user
 	input.device.trust_score >= 50
 	input.device.trust_score < 80
 }
 
-# Low trust score - deny access
-decision := "deny" {
+decision := "deny" if {
 	input.device.trust_score < 50
 }
 
-# Special case: unknown or unregistered devices
-decision := "deny" {
+decision := "deny" if {
 	valid_user
 	input.device.posture == "unknown"
 }
 
-decision := "deny" {
+decision := "deny" if {
 	valid_user
 	input.device.posture == "unregistered"
 }
 
-# Backward compatibility
-allow {
+allow if {
 	decision == "allow"
 }
 
-valid_user {
+valid_user if {
 	input.user.email != ""
 	input.user.email != null
 }
diff --git a/policies/test/allow_test.rego b/policies/test/allow_test.rego
@@ -1,8 +1,6 @@
 package keep_test
 
-import future.keywords
-
-test_allow_healthy_device {
+test_allow_healthy_device if {
 	input := {
 		"user": {"email": "alice@example.com"},
 		"device": {"posture": "healthy"},
@@ -12,7 +10,7 @@ test_allow_healthy_device {
 	result == "allow"
 }
 
-test_step_up_quarantined {
+test_step_up_quarantined if {
 	input := {
 		"user": {"email": "alice@example.com"},
 		"device": {"posture": "quarantined"},
@@ -21,7 +19,7 @@ test_step_up_quarantined {
 	result == "step-up"
 }
 
-test_deny_missing_user {
+test_deny_missing_user if {
 	input := {
 		"user": {"email": ""},
 		"device": {"posture": "healthy"},
diff --git a/services/authz/Dockerfile b/services/authz/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.22 AS build
+FROM golang:1.24 AS build
 
 WORKDIR /src
 COPY go.mod go.sum ./
diff --git a/services/inventory/Dockerfile b/services/inventory/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.22 AS build
+FROM golang:1.24 AS build
 
 WORKDIR /src
 COPY go.mod go.sum ./

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM golang:1.22 AS build`
	`1`	`+FROM golang:1.24 AS build`
`2`	`2`
`3`	`3`	`WORKDIR /src`
`4`	`4`	`COPY go.mod go.sum ./`