Prepare for OPA 1.0

Go: - Use OPA v1 packages - Add function to parse Rego of unknown version - Allow providing the Rego version via config or .manifest files - Make `regal fix` formatter consider version to format for Rego: - Remove `import rego.v1` (via `opa fmt`) - Add `config.capabilities.is_opa_v1` - Use that to disable `use-if`, `use-contains`, `use-rego-v1` - Update tests for 1.0 compliance Docs: - TODO remove `import rego.v1` from all examples - `regal fix` doesn't work well - Many failing e2e tests, despite some effort - Test LSP functionality Signed-off-by: Anders Eknert <anders@styra.com>
StyraInc · Jan 7, 2025 · dd51d47 · dd51d47
1 parent 4459436
commit dd51d47
Show file tree

Hide file tree

Showing 327 changed files with 1,336 additions and 904 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,7 +14,7 @@ updates:
       interval: "monthly"
     ignore:
       # update OPA manually to bump version in README too
-      - dependency-name: "github.com/open-policy-agent/opa"
+      - dependency-name: "github.com/open-policy-agent/opa/v1"
     groups:
       dependencies:
         patterns:

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,29 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "regal lint bundle",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}",
+      "args": [
+        "lint",
+        "--enable-print",
+        "bundle"
+      ]
+    },
+    {
+      "name": "regal fix --dry-run bundle",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}",
+      "args": [
+        "fix",
+        "--dry-run",
+        "bundle"
+      ]
+    }
+  ]
+}
diff --git a/README.md b/README.md
@@ -387,6 +387,9 @@ project:
     # declares the 'main' and 'lib/jwt' directories as project roots
     - main
     - lib/jwt
+    # may also be provided as an object with additional options
+    - path: lib/legacy
+      rego-version: 0
 ```
 
 Regal will automatically search for a configuration file (`.regal/config.yaml`) in the current directory, and if not
@@ -540,6 +543,37 @@ for the `regal lint` command:
 
 **Note:** all CLI flags override configuration provided in file.
 
+## Configuring Rego Version
+
+From OPA 1.0 and onwards, it is no longer necessary to include `import rego.v1` in your policies in order to use
+keywords like `if` and `contains`. Since Regal works with with both 1.0+ policies and older versions of Rego, the linter
+will first try to parse a policy as 1.0 and if that fails, parse using "v0" rules. This process isn't 100% foolproof,
+as some policies are valid in both versions. Additionally, parsing the same file multiple times adds some overhead that
+can be skipped if the version is known beforehand. To help Regal determine (and enforce) the version of your policies,
+the `rego-version` attribute can be set in the `project` configuration:
+
+```yaml
+project:
+  # Rego version 1.0, set to 0 for pre-1.0 policies
+  rego-version: 1
+```
+
+It is also possible to set the Rego version for individual project roots (see below for more information):
+
+```yaml
+project:
+  roots:
+    - path: lib/legacy
+      rego-version: 0
+    - path: main
+      rego-version: 1
+```
+
+Additionally, Regal will scan the project for any `.manifest` files, and user any `rego_version` found in the manifest
+for all policies under that directory.
+
+Note: the `rego-version` attribute in the configuration file has precedence over `rego_version` found in manifest files.
+
 ## Project Roots
 
 While many projects consider the project's root directory (in editors often referred to as **workspace**) their