chore: Update druid-opa-authorizer for 26.3 (#138)

Techassi · web-flow · commit 31a65680fbad · 2026-01-19T08:41:21.000Z
* chore: Update druid-opa-authorizer for 26.3

* chore: Update changelog
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -21,8 +21,8 @@ jobs:
       matrix:
         profile:
           - {druid: druid-30.0.1, java: '17'}
-          - {druid: druid-33.0.0, java: '17'}
           - {druid: druid-34.0.0, java: '17'}
+          - {druid: druid-35.0.1, java: '21'}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,8 +10,8 @@ on:
         type: choice
         options:
           - druid-30.0.1
-          - druid-33.0.0
           - druid-34.0.0
+          - druid-35.0.1
       stackable-version:
         description: 'The stackable "patch" version to use for this release (e.g., "0").'
         required: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,13 +4,16 @@
 
 ### Added
 
-- Add support for Druid 34.0.0 ([#134]).
+- Add support for Druid 35.0.1 ([#138]).
+- Add support for Druid 34.0.0 (deprecated) ([#134], [#138]).
 
 ### Removed
 
+- Remove support for Druid 33.0.0 ([#138]).
 - Remove support for Druid 31.0.1 ([#134]).
 
 [#134]: https://github.com/stackabletech/druid-opa-authorizer/pull/134
+[#138]: https://github.com/stackabletech/druid-opa-authorizer/pull/138
 
 ## [0.7.0] - 2025-05-31
 
diff --git a/README.md b/README.md
@@ -6,15 +6,15 @@ An Apache Druid extension to request policy decisions from [Open Policy Agent](h
 
 This project was tested against these Druid versions:
 
-- 30.0.1
-- 33.0.0
-- 34.0.0
+- 30.0.1 (LTS)
+- 34.0.0 (Deprecated)
+- 35.0.1
 
 ## Building
 
 This repository uses Maven and requires at least Java 11 to build:
 
-        mvn -P druid-34.0.0 clean package
+        mvn -P druid-35.0.1 clean package
 
 Please check that the Druid version you are building for is supported and adapt the profile accordingly.
 The result of this is a JAR file in the `target` directory.
diff --git a/pom.xml b/pom.xml
@@ -163,7 +163,7 @@
             <banDuplicatePomDependencyVersions />
             <banDynamicVersions />
             <requireActiveProfile>
-              <profiles>druid-30.0.1,druid-33.0.0,druid-34.0.0</profiles>
+              <profiles>druid-30.0.1,druid-34.0.0,druid-35.0.1</profiles>
               <all>false</all>
             </requireActiveProfile>
             <requireJavaVersion>
@@ -315,6 +315,7 @@
   -->
   <profiles>
     <profile>
+      <!-- LTS version since SDP 25.3 (30.0.0 in 24.11)-->
       <id>druid-30.0.1</id>
       <properties>
         <java.version>17</java.version>
@@ -340,31 +341,7 @@
       </dependencies>
     </profile>
     <profile>
-      <id>druid-33.0.0</id>
-      <properties>
-        <java.version>17</java.version>
-        <druid.version>33.0.0</druid.version>
-        <guava.version>32.0.1-jre</guava.version>
-        <guice.version>4.1.0</guice.version>
-        <!--
-        jackson.version in 33.0.0 is actually specified as 2.12.7.20221012 but according to the release notes
-        https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12#micro-patches that is "only" the BOM which
-        specifies almost all dependencies to be 2.12.7 with the exception of jackson-databind which is at 2.12.7.1:
-        https://repo1.maven.org/maven2/com/fasterxml/jackson/jackson-bom/2.12.7.20221012/jackson-bom-2.12.7.20221012.pom
-        so we override that here
-        -->
-        <jackson.version>2.12.7</jackson.version>
-      </properties>
-      <dependencies>
-        <dependency>
-          <groupId>com.fasterxml.jackson.core</groupId>
-          <artifactId>jackson-databind</artifactId>
-          <version>2.12.7.1</version>
-          <scope>provided</scope>
-        </dependency>
-      </dependencies>
-    </profile>
-    <profile>
+      <!-- Deprecated in SDP 26.3 -->
       <id>druid-34.0.0</id>
       <properties>
         <java.version>17</java.version>
@@ -401,6 +378,32 @@
         </dependencies>
       </dependencyManagement>
     </profile>
+    <profile>
+      <!-- Supported since SPD 26.3 -->
+      <id>druid-35.0.1</id>
+      <properties>
+        <java.version>21</java.version>
+        <druid.version>35.0.1</druid.version>
+        <guava.version>32.1.3-jre</guava.version>
+        <guice.version>5.1.0</guice.version>
+        <jackson.version>2.19.2</jackson.version>
+      </properties>
+      <!--
+        We need to override the guice version using <dependencyManagement> here, otherwise maven chooses the highest
+        possible version in the range given by https://github.com/FasterXML/jackson-modules-base/blob/jackson-modules-base-2.18.4/guice/pom.xml#L30
+        which for some reason also wins in the conflict resolution, resulting in another version of the dependency than druid uses
+      -->
+      <dependencyManagement>
+        <dependencies>
+          <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>${guice.version}</version>
+            <scope>provided</scope>
+          </dependency>
+        </dependencies>
+      </dependencyManagement>
+    </profile>
   </profiles>
 
 </project>
