use-rego-v1
Summary: Use import rego.v1
Category: Imports
Automatically fixable: Yes
Avoid
package policy
# before OPA v0.59.0, this was best practice
import future.keywords.contains
import future.keywords.if
report contains item if {
# ...
}
Prefer
package policy
# with OPA v0.59.0 and later, use this instead
import rego.v1
report contains item if {
# ...
}
Rationale
OPA v0.59.0 introduced a new rego.v1
import, which
allows policy authors to prepare for language changes coming in the future OPA 1.0 release. Some notable changes include:
- All "future" keywords that currently must be imported through
import future.keywords
will be part of Rego by default, without the need to first import them - The
if
keyword will be required before the body of a rule - The
contains
keyword will be required when declaring a multi-value rule (partial set rule) - Deprecated built-in functions will be removed
Using import rego.v1
ensures that these requirements are met in any package including the import, and tools like
opa check
and opa fmt
have been updated to help users in this transition.
See the OPA v0.59.0 release notes for more details.
Capabilities
If you aren't yet using OPA v0.59.0 or later, it is recommended that you use the capabilities setting in your Regal configuration file to tell Regal what version of OPA to target. This way you won't need to disable rules that require capabilities that aren't in the version of OPA you're targeting, and allows for a smoother transition to newer versions of OPA when you're ready for that. Another benefit of using capabilities is that Regal will include notices in the report when there are rules that have been disabled due to missing capabilities, kindly reminding you of them, but without having the command fail.
In the example below we're using the capabilities setting to target OPA v0.55.0 (where import rego.v1
is not
available):
.regal/config.yaml
capabilities:
from:
engine: opa
version: v0.55.0
Linting with the above configuration will exclude the use-rego-v1
rule, but add a notice to the report reminding you
that it was disabled due to missing capabilities:
$ regal lint bundle
131 files linted. No violations found. 1 rule skipped:
- use-rego-v1: Missing capability for `import rego.v1`
Configuration Options
This linter rule provides the following configuration options:
rules:
imports:
use-rego-v1:
# one of "error", "warning", "ignore"
level: error
# rather than disabling this rule, use the capabilities setting
# to tell Regal which version of OPA to target:
capabilities:
from:
engine: opa
version: v0.58.0
Related Resources
- GitHub: Source Code
Community
If you think you've found a problem with this rule or its documentation, would like to suggest improvements, new rules,
or just talk about Regal in general, please join us in the #regal
channel in the Styra Community
Slack!