Prepare docs for OPA 1.0 compatibility

.vscode/launch.json

@@ -24,6 +24,17 @@
         "--dry-run",
         "bundle"
       ]
+    },
+    {
+      "name": "regal test bundle",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}",
+      "args": [
+        "test",
+        "bundle"
+      ]
     }
   ]
 }

README.md

@@ -22,6 +22,14 @@ development, whether you're an experienced Rego developer or just starting out.
 
 \- [Merriam Webster](https://www.merriam-webster.com/dictionary/regal)
 
+## **New!** Regal and OPA 1.0
+
+OPA 1.0 was [just released](https://blog.openpolicyagent.org/announcing-opa-1-0-a-new-standard-for-policy-as-code-a6d8427ee828),
+and starting from version v0.30.0, Regal supports working with both OPA 1.0 policies and Rego from earlier versions
+of OPA. While everything should work without additional configuration, we recommend checking out our documentation on
+using Regal with [OPA 1.0](https://docs.styra.com/regal/opa-one-dot-zero) for the best possible experience managing
+projects of any given Rego version, or even a mix of them.
+
 ## Goals
 
 - Deliver an outstanding policy development experience by providing the best possible tools for that purpose
@@ -105,8 +113,6 @@ First, author some Rego!
 ```rego
 package authz
 
-import rego.v1
-
 default allow = false
 
 allow if {
@@ -292,7 +298,9 @@ The following rules are currently available:
 
 <!-- RULES_TABLE_END -->
 
-By default, all rules except for those in the `custom` category are currently **enabled**.
+Rules in all category except for those in `custom` are **enabled** by default. Some rules however — like `use-contains`
+and `use-if` — are conditionally enabled only when a version of OPA/Rego before 1.0 is targeted. See the configuration
+options below if you want to use Regal to lint "legacy" policies.
 
 **Aggregate Rules**
 
@@ -510,8 +518,6 @@ alternatively on the same line to the right of the expression:
 ```rego
 package policy
 
-import rego.v1
-
 # regal ignore:prefer-snake-case
 camelCase := "yes"
 
@@ -824,6 +830,7 @@ in the near future:
 
 ### Linter
 
+- [x] Full support for both OPA 1.0 policies and older versions of Rego
 - [ ] Allow remediation of more `style` category rules using the `regal fix` command
 - [ ] Add [unused-rule](https://github.com/StyraInc/regal/issues/358) linter
 - [x] Add [unused-output-variable](https://github.com/StyraInc/regal/issues/60) linter

build/simplecov/simplecov.rego

@@ -4,8 +4,6 @@
 #  simplecov JSON, to be used for Codecov reports, et. al.
 package build.simplecov
 
-import rego.v1
-
 # METADATA
 # entrypoint: true
 from_opa := {"coverage": _coverage}

build/workflows/update_example_index.rego

@@ -7,8 +7,6 @@
 #     ref: file:///./../../.github/workflows/update-example-index.yaml
 package build.workflows
 
-import rego.v1
-
 # METADATA
 # entrypoint: true
 symbols := {"keywords": _keywords, "builtins": _builtins}

bundle/regal/ast/ast_test.rego

@@ -8,8 +8,6 @@ test_find_vars if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	global := "foo"
 
 	allow if {
@@ -57,8 +55,6 @@ test_find_vars_comprehension_lhs if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	allow if {
 		a := [b | input[b]]
 		c := {d | input[d]}
@@ -82,8 +78,6 @@ test_find_vars_function_ret_return_args if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	allow if {
 		walk(input, [path, value])
 	}
@@ -102,8 +96,6 @@ test_find_vars_function_ret_return_args if {
 test_function_decls_multiple_same_name if {
 	policy := `package p
 
-	import rego.v1
-
 	f(x) := x if true
 	f(y) := y if false
 	`
@@ -151,8 +143,6 @@ test_find_vars_in_local_scope if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	global := "foo"
 
 	allow if {
@@ -189,8 +179,6 @@ test_find_vars_in_local_scope_complex_comprehension_term if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	allow if {
 		a := [{"b": b} | c := input[b]]
 	}`
@@ -211,8 +199,6 @@ test_find_names_in_scope if {
 	policy := `
 	package p
 
-	import rego.v1
-
 	bar := "baz"
 
 	global := "foo"
@@ -242,8 +228,6 @@ test_find_names_in_scope if {
 test_find_some_decl_names_in_scope if {
 	policy := `package p
 
-	import rego.v1
-
 	allow if {
 		foo := 1
 		some x
@@ -254,8 +238,8 @@ test_find_some_decl_names_in_scope if {
 
 	module := regal.parse_module("p.rego", policy)
 
-	{"x"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 8}) with input as module
-	{"x", "y", "z"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 10}) with input as module
+	{"x"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 6}) with input as module
+	{"x", "y", "z"} == ast.find_some_decl_names_in_scope(module.rules[0], {"col": 1, "row": 8}) with input as module
 }
 
 var_names(vars) := {var.value | some var in vars}
@@ -332,8 +316,6 @@ test_ref_static_to_string if {
 test_rule_head_locations if {
 	policy := `package policy
 
-import rego.v1
-
 default allow := false
 
 allow if true
@@ -351,10 +333,10 @@ ref_rule[foo] := true if {
 	result := ast.rule_head_locations with input as regal.parse_module("p.rego", policy)
 
 	result == {
-		"data.policy.allow": {{"col": 9, "row": 5}, {"col": 1, "row": 7}},
-		"data.policy.reasons": {{"col": 1, "row": 9}, {"col": 1, "row": 10}},
-		"data.policy.my_func": {{"col": 9, "row": 12}, {"col": 1, "row": 13}},
-		"data.policy.ref_rule": {{"col": 1, "row": 15}},
+		"data.policy.allow": {{"col": 9, "row": 3}, {"col": 1, "row": 5}},
+		"data.policy.reasons": {{"col": 1, "row": 7}, {"col": 1, "row": 8}},
+		"data.policy.my_func": {{"col": 9, "row": 10}, {"col": 1, "row": 11}},
+		"data.policy.ref_rule": {{"col": 1, "row": 13}},
 	}
 }
 

bundle/regal/ast/keywords_test.rego

@@ -22,7 +22,7 @@ test_keywords_package if {
 test_keywords_import if {
 	policy := `package policy
 
-import rego.v1`
+import data.foo`
 
 	kwds := ast.keywords with input as regal.parse_module("p.rego", policy)
 
@@ -41,8 +41,6 @@ import rego.v1`
 test_keywords_if if {
 	policy := `package policy
 
-import rego.v1
-
 allow if {
 	# if things
 	true
@@ -54,23 +52,21 @@ allow if {
 		{"regal": {"file": {"lines": split(policy, "\n")}}},
 	)
 
-	count(kwds) == 3 # lines with keywords
+	count(kwds) == 2 # lines with keywords
 
 	_keyword_on_row(
 		kwds,
-		5,
+		3,
 		{
 			"name": "if",
-			"location": {"row": 5, "col": 7},
+			"location": {"row": 3, "col": 7},
 		},
 	)
 }
 
 test_keywords_if_on_another_line if {
 	policy := `package policy
 
-import rego.v1
-
 allow contains {
 	"foo": true,
 } if {
@@ -84,14 +80,14 @@ allow contains {
 		{"regal": {"file": {"lines": split(policy, "\n")}}},
 	)
 
-	count(kwds) == 4 # lines with keywords
+	count(kwds) == 3 # lines with keywords
 
 	_keyword_on_row(
 		kwds,
-		7,
+		5,
 		{
 			"name": "if",
-			"location": {"row": 7, "col": 3},
+			"location": {"row": 5, "col": 3},
 		},
 	)
 }

bundle/regal/lsp/completion/providers/booleans/booleans_test.rego

@@ -6,8 +6,6 @@ import data.regal.lsp.completion.providers.test_utils as utils
 test_suggested_in_head if {
 	workspace := {"file:///p.rego": `package policy
 
-import rego.v1
-
 allow := f`}
 
 	regal_module := {"regal": {
@@ -16,7 +14,7 @@ allow := f`}
 			"lines": split(workspace["file:///p.rego"], "\n"),
 		},
 		"context": {"location": {
-			"row": 5,
+			"row": 3,
 			"col": 10,
 		}},
 	}}
@@ -33,8 +31,6 @@ allow := f`}
 test_suggested_in_body if {
 	workspace := {"file:///p.rego": `package policy
 
-import rego.v1
-
 allow if {
   foo := t
 }`}
@@ -45,7 +41,7 @@ allow if {
 			"lines": split(workspace["file:///p.rego"], "\n"),
 		},
 		"context": {"location": {
-			"row": 6,
+			"row": 4,
 			"col": 10,
 		}},
 	}}
@@ -62,8 +58,6 @@ allow if {
 test_suggested_after_equals if {
 	workspace := {"file:///p.rego": `package policy
 
-import rego.v1
-
 allow if {
   foo == t
 }`}
@@ -74,7 +68,7 @@ allow if {
 			"lines": split(workspace["file:///p.rego"], "\n"),
 		},
 		"context": {"location": {
-			"row": 6,
+			"row": 4,
 			"col": 10,
 		}},
 	}}
@@ -91,8 +85,6 @@ allow if {
 test_not_suggested_at_start if {
 	workspace := {"file:///p.rego": `package policy
 
-import rego.v1
-
 allow if {
   t
 }`}
@@ -103,7 +95,7 @@ allow if {
 			"lines": split(workspace["file:///p.rego"], "\n"),
 		},
 		"context": {"location": {
-			"row": 6,
+			"row": 4,
 			"col": 3,
 		}},
 	}}

bundle/regal/rules/bugs/deprecated-builtin/deprecated_builtin.rego

@@ -3,10 +3,23 @@
 package regal.rules.bugs["deprecated-builtin"]
 
 import data.regal.ast
+import data.regal.capabilities
 import data.regal.config
 import data.regal.result
 import data.regal.util
 
+# METADATA
+# description: |
+#   Since OPA 1.0, deprecated-builtin enabled only when provided a v0 policy,
+#   BUT please note that this may change in the future if new built-in functions
+#   are deprecated.
+# custom:
+#   severity: none
+notices contains result.notice(rego.metadata.chain()) if {
+	capabilities.is_opa_v1
+	input.regal.file.rego_version != "v0"
+}
+
 report contains violation if {
 	deprecated_builtins := {
 		"any", "all", "re_match", "net.cidr_overlap", "set_diff", "cast_array",

bundle/regal/rules/custom/one-liner-rule/one_liner_rule.rego

@@ -2,7 +2,6 @@
 # description: Rule body could be made a one-liner
 package regal.rules.custom["one-liner-rule"]
 
-import data.regal.ast
 import data.regal.capabilities
 import data.regal.config
 import data.regal.result
@@ -15,9 +14,6 @@ import data.regal.util
 notices contains result.notice(rego.metadata.chain()) if not capabilities.has_if
 
 report contains violation if {
-	# No need to traverse rules here if we're not importing `if`
-	ast.imports_keyword(input.imports, "if")
-
 	# Note: this covers both rules and functions, which is what we want here
 	some rule in input.rules