Skip to content

Commit

Permalink
Prepare docs for OPA 1.0 compatibility (#1328)
Browse files Browse the repository at this point in the history
- Remove `import rego.v1` from examples
- Add new page covering Regal and OPA 1.0
- Update logic of any rules obsolete in 1.0 to make sure
  they're automatically disabled when 1.0 is targeted, and
  continue to work when older versions are linted
- Update a few tests to remove `import rego.v1`
- Many minor fixes related to this theme

Signed-off-by: Anders Eknert <[email protected]>
  • Loading branch information
anderseknert committed Jan 13, 2025
1 parent 8251595 commit 18943df
Show file tree
Hide file tree
Showing 98 changed files with 240 additions and 401 deletions.
11 changes: 11 additions & 0 deletions .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,17 @@
"--dry-run",
"bundle"
]
},
{
"name": "regal test bundle",
"type": "go",
"request": "launch",
"mode": "auto",
"program": "${workspaceFolder}",
"args": [
"test",
"bundle"
]
}
]
}
17 changes: 12 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,14 @@ development, whether you're an experienced Rego developer or just starting out.
\- [Merriam Webster](https://www.merriam-webster.com/dictionary/regal)

## **New!** Regal and OPA 1.0

OPA 1.0 was [just released](https://blog.openpolicyagent.org/announcing-opa-1-0-a-new-standard-for-policy-as-code-a6d8427ee828),
and starting from version v0.30.0, Regal supports working with both OPA 1.0 policies and Rego from earlier versions
of OPA. While everything should work without additional configuration, we recommend checking out our documentation on
using Regal with [OPA 1.0](https://docs.styra.com/regal/opa-one-dot-zero) for the best possible experience managing
projects of any given Rego version, or even a mix of them.

## Goals

- Deliver an outstanding policy development experience by providing the best possible tools for that purpose
Expand Down Expand Up @@ -105,8 +113,6 @@ First, author some Rego!
```rego
package authz
import rego.v1
default allow = false
allow if {
Expand Down Expand Up @@ -292,7 +298,9 @@ The following rules are currently available:

<!-- RULES_TABLE_END -->

By default, all rules except for those in the `custom` category are currently **enabled**.
Rules in all category except for those in `custom` are **enabled** by default. Some rules however — like `use-contains`
and `use-if` — are conditionally enabled only when a version of OPA/Rego before 1.0 is targeted. See the configuration
options below if you want to use Regal to lint "legacy" policies.

**Aggregate Rules**

Expand Down Expand Up @@ -510,8 +518,6 @@ alternatively on the same line to the right of the expression:
```rego
package policy
import rego.v1
# regal ignore:prefer-snake-case
camelCase := "yes"
Expand Down Expand Up @@ -824,6 +830,7 @@ in the near future:

### Linter

- [x] Full support for both OPA 1.0 policies and older versions of Rego
- [ ] Allow remediation of more `style` category rules using the `regal fix` command
- [ ] Add [unused-rule](https://github.com/StyraInc/regal/issues/358) linter
- [x] Add [unused-output-variable](https://github.com/StyraInc/regal/issues/60) linter
Expand Down
2 changes: 0 additions & 2 deletions build/simplecov/simplecov.rego
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@
# simplecov JSON, to be used for Codecov reports, et. al.
package build.simplecov

import rego.v1

# METADATA
# entrypoint: true
from_opa := {"coverage": _coverage}
Expand Down
2 changes: 0 additions & 2 deletions build/workflows/update_example_index.rego
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,6 @@
# ref: file:///./../../.github/workflows/update-example-index.yaml
package build.workflows

import rego.v1

# METADATA
# entrypoint: true
symbols := {"keywords": _keywords, "builtins": _builtins}
Expand Down
30 changes: 6 additions & 24 deletions bundle/regal/ast/ast_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ test_find_vars if {
policy := `
package p
import rego.v1
global := "foo"
allow if {
Expand Down Expand Up @@ -57,8 +55,6 @@ test_find_vars_comprehension_lhs if {
policy := `
package p
import rego.v1
allow if {
a := [b | input[b]]
c := {d | input[d]}
Expand All @@ -82,8 +78,6 @@ test_find_vars_function_ret_return_args if {
policy := `
package p
import rego.v1
allow if {
walk(input, [path, value])
}
Expand All @@ -102,8 +96,6 @@ test_find_vars_function_ret_return_args if {
test_function_decls_multiple_same_name if {
policy := `package p
import rego.v1
f(x) := x if true
f(y) := y if false
`
Expand Down Expand Up @@ -151,8 +143,6 @@ test_find_vars_in_local_scope if {
policy := `
package p
import rego.v1
global := "foo"
allow if {
Expand Down Expand Up @@ -189,8 +179,6 @@ test_find_vars_in_local_scope_complex_comprehension_term if {
policy := `
package p
import rego.v1
allow if {
a := [{"b": b} | c := input[b]]
}`
Expand All @@ -211,8 +199,6 @@ test_find_names_in_scope if {
policy := `
package p
import rego.v1
bar := "baz"
global := "foo"
Expand Down Expand Up @@ -242,8 +228,6 @@ test_find_names_in_scope if {
test_find_some_decl_names_in_scope if {
policy := `package p
import rego.v1
allow if {
foo := 1
some x
Expand All @@ -254,8 +238,8 @@ test_find_some_decl_names_in_scope if {

module := regal.parse_module("p.rego", policy)

{"x"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 8}) with input as module
{"x", "y", "z"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 10}) with input as module
{"x"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 6}) with input as module
{"x", "y", "z"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 8}) with input as module
}

var_names(vars) := {var.value | some var in vars}
Expand Down Expand Up @@ -332,8 +316,6 @@ test_ref_static_to_string if {
test_rule_head_locations if {
policy := `package policy
import rego.v1
default allow := false
allow if true
Expand All @@ -351,10 +333,10 @@ ref_rule[foo] := true if {
result := ast.rule_head_locations with input as regal.parse_module("p.rego", policy)

result == {
"data.policy.allow": {{"col": 9, "row": 5}, {"col": 1, "row": 7}},
"data.policy.reasons": {{"col": 1, "row": 9}, {"col": 1, "row": 10}},
"data.policy.my_func": {{"col": 9, "row": 12}, {"col": 1, "row": 13}},
"data.policy.ref_rule": {{"col": 1, "row": 15}},
"data.policy.allow": {{"col": 9, "row": 3}, {"col": 1, "row": 5}},
"data.policy.reasons": {{"col": 1, "row": 7}, {"col": 1, "row": 8}},
"data.policy.my_func": {{"col": 9, "row": 10}, {"col": 1, "row": 11}},
"data.policy.ref_rule": {{"col": 1, "row": 13}},
}
}

Expand Down
18 changes: 7 additions & 11 deletions bundle/regal/ast/keywords_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ test_keywords_package if {
test_keywords_import if {
policy := `package policy
import rego.v1`
import data.foo`

kwds := ast.keywords with input as regal.parse_module("p.rego", policy)

Expand All @@ -41,8 +41,6 @@ import rego.v1`
test_keywords_if if {
policy := `package policy
import rego.v1
allow if {
# if things
true
Expand All @@ -54,23 +52,21 @@ allow if {
{"regal": {"file": {"lines": split(policy, "\n")}}},
)

count(kwds) == 3 # lines with keywords
count(kwds) == 2 # lines with keywords

_keyword_on_row(
kwds,
5,
3,
{
"name": "if",
"location": {"row": 5, "col": 7},
"location": {"row": 3, "col": 7},
},
)
}

test_keywords_if_on_another_line if {
policy := `package policy
import rego.v1
allow contains {
"foo": true,
} if {
Expand All @@ -84,14 +80,14 @@ allow contains {
{"regal": {"file": {"lines": split(policy, "\n")}}},
)

count(kwds) == 4 # lines with keywords
count(kwds) == 3 # lines with keywords

_keyword_on_row(
kwds,
7,
5,
{
"name": "if",
"location": {"row": 7, "col": 3},
"location": {"row": 5, "col": 3},
},
)
}
Expand Down
16 changes: 4 additions & 12 deletions bundle/regal/lsp/completion/providers/booleans/booleans_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ import data.regal.lsp.completion.providers.test_utils as utils
test_suggested_in_head if {
workspace := {"file:///p.rego": `package policy
import rego.v1
allow := f`}

regal_module := {"regal": {
Expand All @@ -16,7 +14,7 @@ allow := f`}
"lines": split(workspace["file:///p.rego"], "\n"),
},
"context": {"location": {
"row": 5,
"row": 3,
"col": 10,
}},
}}
Expand All @@ -33,8 +31,6 @@ allow := f`}
test_suggested_in_body if {
workspace := {"file:///p.rego": `package policy
import rego.v1
allow if {
foo := t
}`}
Expand All @@ -45,7 +41,7 @@ allow if {
"lines": split(workspace["file:///p.rego"], "\n"),
},
"context": {"location": {
"row": 6,
"row": 4,
"col": 10,
}},
}}
Expand All @@ -62,8 +58,6 @@ allow if {
test_suggested_after_equals if {
workspace := {"file:///p.rego": `package policy
import rego.v1
allow if {
foo == t
}`}
Expand All @@ -74,7 +68,7 @@ allow if {
"lines": split(workspace["file:///p.rego"], "\n"),
},
"context": {"location": {
"row": 6,
"row": 4,
"col": 10,
}},
}}
Expand All @@ -91,8 +85,6 @@ allow if {
test_not_suggested_at_start if {
workspace := {"file:///p.rego": `package policy
import rego.v1
allow if {
t
}`}
Expand All @@ -103,7 +95,7 @@ allow if {
"lines": split(workspace["file:///p.rego"], "\n"),
},
"context": {"location": {
"row": 6,
"row": 4,
"col": 3,
}},
}}
Expand Down
13 changes: 13 additions & 0 deletions bundle/regal/rules/bugs/deprecated-builtin/deprecated_builtin.rego
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,23 @@
package regal.rules.bugs["deprecated-builtin"]

import data.regal.ast
import data.regal.capabilities
import data.regal.config
import data.regal.result
import data.regal.util

# METADATA
# description: |
# Since OPA 1.0, deprecated-builtin enabled only when provided a v0 policy,
# BUT please note that this may change in the future if new built-in functions
# are deprecated.
# custom:
# severity: none
notices contains result.notice(rego.metadata.chain()) if {
capabilities.is_opa_v1
input.regal.file.rego_version != "v0"
}

report contains violation if {
deprecated_builtins := {
"any", "all", "re_match", "net.cidr_overlap", "set_diff", "cast_array",
Expand Down
4 changes: 0 additions & 4 deletions bundle/regal/rules/custom/one-liner-rule/one_liner_rule.rego
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
# description: Rule body could be made a one-liner
package regal.rules.custom["one-liner-rule"]

import data.regal.ast
import data.regal.capabilities
import data.regal.config
import data.regal.result
Expand All @@ -15,9 +14,6 @@ import data.regal.util
notices contains result.notice(rego.metadata.chain()) if not capabilities.has_if

report contains violation if {
# No need to traverse rules here if we're not importing `if`
ast.imports_keyword(input.imports, "if")

# Note: this covers both rules and functions, which is what we want here
some rule in input.rules

Expand Down
Loading

0 comments on commit 18943df

Please sign in to comment.