Merge branch 'main' into chore/bitnami-migration

Author: xeniape

tests/templates/kuttl/opa-authorization/11-opa-rego.yaml

@@ -6,11 +6,11 @@ commands:
       # Trino Rego rules provided by the Stackable Data Platform
       kubectl create configmap trino-opa-rules \
         --namespace=$NAMESPACE \
-        --from-file=trino_rules/actual_permissions.rego \
-        --from-file=trino_rules/policies.rego \
-        --from-file=trino_rules/requested_permissions.rego \
-        --from-file=trino_rules/util.rego \
-        --from-file=trino_rules/verification.rego
+        --from-file=trino_rules/trino/actual_permissions.rego \
+        --from-file=trino_rules/trino/policies.rego \
+        --from-file=trino_rules/trino/requested_permissions.rego \
+        --from-file=trino_rules/trino/util.rego \
+        --from-file=trino_rules/trino/verification.rego
       kubectl label configmaps trino-opa-rules \
         opa.stackable.tech/bundle=true \
         --namespace=$NAMESPACE

tests/templates/kuttl/opa-authorization/trino_rules/.regal/config.yaml

@@ -1,17 +1,13 @@
 ---
 rules:
+  imports:
+    unresolved-reference:
+      # `data.trino_policies` is provided by the user and not included
+      # in the general trino rules.
+      except-paths:
+        - data.trino_policies.policies
+        - data.trino_policies.extra_groups
   style:
-    external-reference:
-      ignore:
-        files:
-          # The policy rules are used in the first_matching_rule
-          # functions. To avoid these external references to the policy
-          # rules, it would be necessary to add them as a parameter to
-          # all functions, and call these functions even from
-          # verification.rego with this parameter. Therefore, this
-          # linter warning is ignored because the policy rules are
-          # seen as the context for the actual_permissions.rego.
-          - actual_permissions.rego
     file-length:
       ignore:
         files: