chore:upgrage OPAL to 0.9.6

horizon/enforcer/api.py

@@ -205,7 +205,7 @@ async def post_to_opa(request: Request, path: str, data: dict | None):
     exc = None
     _set_use_debugger(data)
     try:
-        logger.debug(f"calling OPA at '{url}' with input: {data}")
+        logger.info(f"calling OPA at '{url}' with input: {data}")
         async with aiohttp.ClientSession(trust_env=True) as session:  # noqa: SIM117
             async with session.post(
                 url,
@@ -251,7 +251,8 @@ def _set_use_debugger(data: dict | None) -> None:
 async def _is_allowed(query: BaseSchema, request: Request, policy_package: str):
     opa_input = {"input": query.dict()}
     path = policy_package.replace(".", "/")
-    return await post_to_opa(request, path, opa_input)
+    opa_response = await post_to_opa(request, path, opa_input)
+    return opa_response
 
 
 def init_enforcer_api_router(policy_store: BasePolicyStoreClient = None):  # noqa: C901
@@ -369,6 +370,7 @@ async def user_permissions(
         request: Request,
         query: UserPermissionsQuery,
     ):
+        logger.info("user-permissions request: {}", query.json())
         response = await _is_allowed(query, request, USER_PERMISSIONS_POLICY_PACKAGE)
         log_query_result(query, response)
         try:

requirements.txt

@@ -17,5 +17,5 @@ httpx>=0.27.0,<1
 # google-re2 # use re2 instead of re for regex matching because it's simiplier and safer for user inputted regexes
 protobuf>=6.33.5 # pinned to avoid CVE-2026-0994
 cryptography>=46.0.5,<47 # pinned to avoid CVE-2026-26007
-opal-common==0.9.5
-opal-client==0.9.5
+opal-common==0.9.6
+opal-client==0.9.6