Skip to content

v0.29.0
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Nov 15:16
· 14 commits to main since this release
v0.29.0
5cb67ea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This is a big release, spanning more than a month of development! Regal v0.29.0 brings new linter rules, performance improvements and new features to both the linter and the language server.

New rules

defer-assignment

Category: performance

The new defer-assignment rule helps detect when assignment can be moved to later in the rule body, possibly avoiding it at all if the conditions below don’t evaluate.

allow if {
    # this assignment can be deferred to after the roles check
    resp := http.send({"method": "get", "url": "http:localhost"})
    
    "rego hacker" in input.user.roles
    
    resp.status_code == 200
}

This can improve performance by having less to evaluate, and it makes policies easier to read. Double win!

For more information, see the docs on defer-assignment.

walk-no-path

Category: performance

When using the walk built-in function on large data structures, traversing only the values without building a path to each node can save a considerable amout of time. The new walk-no-path rule will detect when the assigned path is unused and can be replaced by a wildcard variable, which tells OPA to skip the construction of the path. This dramatically improves the performance of the function.

found if {
    # path assigned but never referenced in the rule
    walk(haystack, [path, value])

    value == "needle"
}

# should be replaced by

found if {
    walk(haystack, [_, value])

    value == "needle"
}

For more information, see the docs on walk-no-path.

rule-assigns-default

Category: bugs

Assigning a rule the same value as the default value set for the rule is always a bug, and while hopefully not too common, now reported by Regal.

default threshold := 1

threshold := 0 if {
    # some conditions
}

# this is already the default condition!
# and having this removed will have no impact on how
# the rule evaluates.. don't do this!
threshold := 1 if {
    # some conditions
}

For more information, see the docs on rule-assigns-default.

Language Server

Evaluation Code Lens for Neovim

We were exicted to learn the Code Lens for Evaluation (“click to evaluate”) feature we built now works not only in VS Code but also in Neovim. This thanks to work by regular contributor @rinx. Thank you! The language server docs have now been updated to reflect this.

Improved Enterprise OPA integration

Setting the capabilities engine to eopa will now have the language sever recognize Enterprise OPA-specific built-in functions, and provide both auto-completions for those as well as informative tooltips on hover. Clicking links in the tooltip now correctly brings you to the Styra docs for the Enterprise OPA built-in functions.

Notable Improvements

  • The leaked-internal-reference rule is now ignored in tests by default. See the docs for this rule if you wish to enable this.
  • The prefer-snake-case rule now also reports violations in package names.
  • The same prepared query is now used both for linting and to collect data for aggregate rules, saving about 150 milliseconds for any given regal lint run.
  • Regal’s own capabilities and provided configuration is now available when running the evaluation code lens, simplifying development of custom rules.
  • The pretty reporting format will now print the severity level of a violation when no color support is detected in the terminal (reported by @geirs73)
  • The --instrument flag from opa eval is now supported also by regal lint, providing detailed information about where most time is spent while linting.

Notable Fixes

  • Using input.json for the evaluation code lens now works reliably on Windows. As does ourcing a capabilities.json file from the filesystem. Thanks to @geirs73 for reporting these issues!
  • Global ignore directives from .regal/config.yaml would sometimes be parsed differently depending on read by regal lint or the language server. This has now been fixed.
  • Fix false positive in inconsistent-args rule when an arity mismatch should rather be handled by the compiler. Thanks @tsandall for reporting that!
  • Fix a false positive in use-contains rule when not importing rego.v1. This turned out to be an issue originating in OPA, so we fixed it there, and later included in Regal by upgrading the dependency to the latest OPA version v0.70.0. Thanks @drewcorlin1 for reporting the issue!

Changelog

Contributors

tsandall, anderseknert, and 8 other contributors
Assets 8
Loading