search

StyraInc / regal

Regal is a linter and language server for Rego, bringing your policy development experience to the next level!
https://docs.styra.com/regal
Apache License 2.0
251 stars 34 forks source link

Rule: `if-object-literal` #822

Closed anderseknert closed 3 months ago

anderseknert commented 3 months ago

Came across this old issue in the OPA backlog: https://github.com/open-policy-agent/opa/issues/5294 And since that's unlikely to be fixed in OPA, we should at least make sure Regal flags it.

package policy

import rego.v1

allow if {input.message: "world"}

Note that we currently have the if-empty-object rule to cover the case OPA previously would fail for being an empty rule body.. but doesn't do anymore. While we could retrofit that rule to cover any object following an if, we'd have to do so much work around the docs, redirects and whatnot, that it's probably a better option to add a new rule that checks for if followed by a non-empty object.

Question is if there is ever a valid if { ..object.. } case? I can't think of one now, but happy to be proven wrong.

anderseknert commented 3 months ago

Here's how we can do it: add the new if-object-literal rule, and when we do, keep the if-empty-object rule around but make it disabled by default + update its docs to say that it's been replaced by if-object-literal. But if people have enabled it manually in configuration, it'll keep working as before.