From 430eed25dd999083156edf73250c33bba335202f Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Tue, 18 Feb 2025 11:48:44 +0100
Subject: [PATCH] Update OPA and Regal to their latest versions

---
 .github/actions/build-policies/action.yml             |  2 +-
 policies/Makefile                                     |  4 ++--
 policies/client_registration/client_registration.rego | 11 +++--------
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/.github/actions/build-policies/action.yml b/.github/actions/build-policies/action.yml
index dfe78917d..274aa8134 100644
--- a/.github/actions/build-policies/action.yml
+++ b/.github/actions/build-policies/action.yml
@@ -7,7 +7,7 @@ runs:
     - name: Install Open Policy Agent
       uses: open-policy-agent/setup-opa@v2.2.0
       with:
-        version: 0.70.0
+        version: 1.1.0
 
     - name: Build the policies
       run: make
diff --git a/policies/Makefile b/policies/Makefile
index 2659e3843..18cb2dbfc 100644
--- a/policies/Makefile
+++ b/policies/Makefile
@@ -1,8 +1,8 @@
 # Set to 1 to run OPA through Docker
 DOCKER := 0
 PODMAN := 0
-OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:0.70.0-debug
-REGAL_DOCKER_IMAGE := ghcr.io/styrainc/regal:0.29.2
+OPA_DOCKER_IMAGE := docker.io/openpolicyagent/opa:1.1.0-debug
+REGAL_DOCKER_IMAGE := ghcr.io/styrainc/regal:0.31.0
 
 INPUTS := \
 	common/common.rego \
diff --git a/policies/client_registration/client_registration.rego b/policies/client_registration/client_registration.rego
index 4f3e28516..ad1fa9e0b 100644
--- a/policies/client_registration/client_registration.rego
+++ b/policies/client_registration/client_registration.rego
@@ -18,8 +18,7 @@ parse_uri(url) := obj if {
 	obj := {"scheme": matches[1], "authority": matches[2], "host": matches[3], "port": matches[4], "path": matches[5]}
 }
 
-secure_url(x) if {
-	x
+secure_url(_) if {
 	data.client_registration.allow_insecure_uris
 }
 
@@ -37,16 +36,12 @@ secure_url(x) if {
 	url.port == ""
 }
 
-host_matches_client_uri(x) if {
-	x
-
+host_matches_client_uri(_) if {
 	# Do not check we allow host mismatch
 	data.client_registration.allow_host_mismatch
 }
 
-host_matches_client_uri(x) if {
-	x
-
+host_matches_client_uri(_) if {
 	# Do not check if the client_uri is missing and we allow that
 	data.client_registration.allow_missing_client_uri
 	not data.client_metadata.client_uri