v0.21.3

No one wants to wait for bugs to get fixed! So we don't. This third patch release following v0.21.0 fixes an issue where deleted or renamed files would still have violations reported by the language server.

Changelog

• e170834: fix: Avoid panic in config finder (#686) (@anderseknert)
• 51c9a94: fix: make sure deleted items aren't added back to the cache (#685) (@anderseknert)

v0.21.2

This is patch release addressing two bugs reported by users.

The first bug fixed is in the new unresolved-import rule, where Regal would mistakenly report a reference to a map-generating rule as unresolved. Thanks @nevumx for making us aware of that issue!

The other bug fixed was a panic that could occur when Regal traverses directories looking for a config file. The cause of this is still not known, but at least we'll now fail gracefully and without a panic. Thanks @scoop96 for reporting the issue!

Changelog

• 0cb54f0: Fix false positive in unresolved-import and map rules (#680) (@anderseknert)
• e42be60: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#683) (@dependabot[bot])
• 0c3043d: Avoid panic when searching for .regal/config.yaml (#684) (@anderseknert)

v0.21.1

This patch releases fixes an issue in the language server, which would previously send back an error to the client (i.e. your editor) when a new and empty file was created in the workspace. This would have the server fail to read any document symbols as a result. This has now been fixed to only log the error on the server without sending it back to the client.

Thanks @johanfylling for reporting the issue!

Changelog

• 03c38aa: lsp: More graceful shutdown (#676) (@charlieegan3)
• 55a1294: fix: log but don't send back file read errors in documentSymbol handle (#678) (@anderseknert)

v0.21.0

This is a big release, bringing new regal fix command, several features to the Regal language server, a new linter rule, and many improvements and fixes.

New command: regal fix

The regal fix command allows you to automatically fix some of the (style) issues reported by the Regal linter. This command is available in the CLI and can be run on a single file or a directory. The following linter rules are supported by the regal fix command:

• opa-fmt
• use-rego-v1
• use-assignment-operator
• no-whitespace-comment

More rules will be added in future releases.

The regal fix command respects the .regal/config.yaml file, and will only fix issues that aren't ignored by configuration.

New rule: unresolved-import

Category: imports

OPA does not resolve imports until runtime, and when it does, unresolved imports are simply undefined. The unresolved-import rule helps catch these issues early by flagging imports that can't be statically resolved by Regal. Since imports could refer to data documents or rules imported at runtime, this linter rule allows providing a list of of references that should be ignored by the linter.

For more information, see the docs on unresolved-import.

Language Server: Code Actions

Similarly to the regal fix command, code actions allows fixing some issues reported by Regal but directly from the editor. This release adds code actions to remediate the following linter rules:

• opa-fmt
• use-rego-v1
• use-assignment-operator
• no-whitespace-comment
• Navigate to documentation of any reported linter issue

Language Server: Go to Definition

Ctrl/cmd + clicking a reference in the editor now navigates to the definition of the reference, as Regal now implements the "go to definition" feature of the language server protocol.

Language Server: Formatting

The Regal language server now supports formatting Rego files using the opa fmt command. This can be triggered either by running the "Format document" command in your editor, or from where a opa-fmt linter violation is reported in the package.

Language Server: Document Symbols

Symbols — like packages, rules and functions, are now provided by Regal upon requests from an editor. This allows for a quick overview of the structure of a Rego file, and provides "breadcrumbs" to navigate the symbols of an open Rego document.

Language Server: Workspace Symbols

Similarly to document symbols, Regal now reports symbols from the entire workspace, allowing users to search and navigate to any top-level symbol (i.e. package, rule or function) in the workspace.

Language Server: Folding Ranges

Regal now provides folding ranges for Rego files in the workspace, allowing users to fold (i.e. expand or collapse) blocks of code, comments and imports in the editor.

Other improvements

• The language server now searches for the .regal/config.yaml file in directories above the workspace if not found before. This allows using a shared configuration file for multiple projects. Thanks @bdjgs for requesting this feature!
• Report not just the line but the exact position of use-assignment-operator violations
• The result of a hovering over a built-in function is now cached for faster rendering

Bugs fixed

• Fix bug where whitespace in directory names caused the language server to stop working. Thanks @frittsy for reporting this issue!

Documentation

• Fix wrong category of double-negative rule

Changelog

• de1ff4b: Code action for OPA fmt (#630) (@charlieegan3)
• 0f5b374: lsp: URI decode workspace URIs (#631) (@charlieegan3)
• 1255e7d: Refactor LSP logging (#632) (@charlieegan3)
• 128b5b4: Add quote from Jimmy Ray (#634) (@anderseknert)
• b5b6d56: Open docs code action (#635) (@charlieegan3)
• 5fbf293: Cache result of createHoverContent (#639) (@anderseknert)
• 37d87bf: rules: OPA fmt rule location fix (#633) (@charlieegan3)
• 6904ed9: Add code action for use-rego-v1 (#640) (@anderseknert)
• 8de5461: Implement textDocument/formatting (#641) (@anderseknert)
• 40ed03f: lsp: Accept but ignore cancelled requests (#642) (@charlieegan3)
• fe1dc3a: lsp: Enable formatting functionality (#643) (@charlieegan3)
• c31886e: lsp: Load config from parent dirs (#650) (@charlieegan3)
• ae359bf: Fix wrong category for double-negative rule (#652) (@anderseknert)
• 8e253b4: Calculate correct column of = in use-assignment-operator (#655) (@anderseknert)
• 63148df: Calculate column index from 1 in use-assignment-operator (#656) (@anderseknert)
• 8c9b76b: lsp: Increase test buffered channel size (#657) (@charlieegan3)
• dfd9ee2: fixer: Regal fix command (#653) (@charlieegan3)
• 3e0fcd2: Rule: unresolved-import (#658) (@anderseknert)
• c717dd6: lsp: fix flaky test (#660) (@charlieegan3)
• 5a8c5c1: lsp: refactor types (#662) (@charlieegan3)
• 8ae24da: lsp: Implement code actions for new fixes (#661) (@charlieegan3)
• c803b41: lsp: Support folding ranges (#663) (@anderseknert)
• 2a59305: lsp: handle textDocument/documentSymbol (#668) (@anderseknert)
• f108c69: lsp: Error handling fixes (#669) (@charlieegan3)
• f546004: lsp: handle textDocument/definition requests (#664) (@anderseknert)
• af1bdb8: Add LSP section to README (#674) (@anderseknert)
• 24c0b85: lsp: implement workspace/symbol (#673) (@anderseknert)

v0.20.1

This release fixes a panic encountered in the language server when Regal traverses a directory it cannot read while walking the workspace.

Thanks @frittsy for reporting the issue!

Changelog

• e16ffba: fix: avoid panic in walkdir traversal (#628) (@anderseknert)

v0.20.0

This release adds various improvements to the functionality of the language server as well as also including a number of housekeeping updates and fixes.

Language Server: Hover support for built-in function definitions

The language server protocol supports requesting information about the tokens under the cursor. This release implements support for such requests when users are hovering over Rego's built-in functions. Clicking the link in the tooltip heading will take you to the OPA docs for that built-in.

Language Server: Inlay Hints

Inlay Hint requests are also supported from this release. Inlay hints are allow named function arguments to be shown as users edit function calls.

Improvements

• Running the language server with --verbose will now show the full request response logs.
• File ignore config is now also supported by the language server.
• Unresolved imports are not flagged as part of prefer-package-imports

Updates

• This release updates OPA to v0.63.0, see the OPA changelog for more detail.
• Go SARIF has also been updated to 2.3.1

Changelog

• 3568183: docs: Add note about nvim-lspconfig (#604) (@charlieegan3)
• 9a670bf: build(deps): bump github.com/owenrumney/go-sarif/v2 from 2.3.0 to 2.3.1 (#606) (@dependabot[bot])
• 45705ca: Don't flag unresolved imports in prefer-package-imports (#607) (@anderseknert)
• 1f2b72f: docs: use 4 spaces for indentation in circular-imports docs (#612) (@anderseknert)
• 9200ad1: Publish binaries from build workflow (#610) (@anderseknert)
• 3f0c1bc: OPA v0.63.0 (#614) (@anderseknert)
• b5de824: lsp: textDocument/hover implementation (#617) (@anderseknert)
• 155d8f5: lsp: Missing built-in data is not a hard error (#619) (@charlieegan3)
• 9081abf: lsp: Support file ignore config (#620) (@charlieegan3)
• 4d7cbe1: lsp: add inlay hint support (#621) (@anderseknert)
• 6df97b3: lsp: Make verbose logging configurable (#623) (@charlieegan3)

v0.19.0

This release adds several new options for setting configuration options for rules in groups, allowing users to keep a static configuration across updates, or to ignore certainly classes of rules. v0.19.0 also includes a number of fixes to both linter rules and the language server integration, making for an even better experience when using Regal from VS Code or other LSP clients.

New default rule configuration option

The rules section in the Regal configuration file may now include a default attribute either at the top level, or in any specific category. This allows enabling/disabling entire categories of rules, or to avoid Regal to "break" CI/CD builds on updates if new rules are introduced. While it's arguably good to have new problems surfaced, we recognize that some organizations value stability first, and may opt for more controlled upgrades.

Example, using a default configuration to ignore all rules except for those explicitly listed:

rules:
  default:
    level: ignore
  bugs:
    constant-condition:
      level: error
    deprecated-builtin:
      level: error
    duplicate-rule:
      level: error

Example, using a default configuration to enable all rules except for those in the style category:

rules:
  default:
    level: error
  style:
    level: ignore

To learn more about the new default option, and the precedence rules for the various ways to ignore rules, see the Regal docs.

Fixes

• Fix false positive in prefer-some-in-iteration in function args
• Fix false positive in several rules not counting imports in scope
• Many fixes and improvements related to the LSP integration — see the changelog below for details

Changelog

• 441ff78: Correct md link (#584) (@charlieegan3)
• 3889772: Bump github.com/open-policy-agent/opa from 0.62.0 to 0.62.1 (#586) (@dependabot[bot])
• e378276: Fix: prefer-some-in-iteration false positive iteration in fn args (#579) (@anderseknert)
• 9da1796: docs: make old rule draft (#588) (@charlieegan3)
• 9e9a30e: config: Support the defaulting of rules in config (#587) (@charlieegan3)
• fff72d9: Fix false positive in rules not counting imports in scope (#592) (@anderseknert)
• bef10f7: Add note about vscode support (#593) (@charlieegan3)
• eef7509: Update with-outside-test-context.md (#595) (@gusega)
• 10605cf: Bump leigholiver/commit-with-deploy-key from 1.0.3 to 1.0.4 (#596) (@dependabot[bot])
• 4fc779a: lsp: Make server messages compliant (#594) (@charlieegan3)
• ed1098e: Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#598) (@dependabot[bot])
• b229e5f: Add Linting Rego with... Rego! blog (#599) (@anderseknert)
• 2179066: Add support for editing Regal in VS Code (#600) (@anderseknert)
• 4f559f2: lsp: Handle case where a rego file is empty (#602) (@charlieegan3)

v0.18.0

Only a week after v0.17.0, this release comes a little earlier than planned as we found a few issues in the VS Code OPA extension integration that we wanted to address as soon as possible. Nothing serious, but having that extension provide a great Regal experience feels important enough for us to warrant an earlier v0.18.0 release. That's not all there is to this release though, as we have both a new linter rule as well as a bunch of fixes included here. Enjoy!

New rule: ignored-import

Category: imports

Use of explicit references (like data.user.roles) that could instead point to an existing import will now be flagged in order to ensure that the imports a user has declared aren't ignored later in the policy.

For more information, see the docs on ignored-import.

Improvements

• The external-reference rule is now much better at detecting external references in function bodies.
• The rule-shadows-builtin now flags shadowed namespaces (like http) and not just shadowing of the full name (like http.send)
• The use-in-operator rule now also takes = into account (previous only == would be checked for)
• The unused-return-value rule was renamed unassigned-return-value to better reflect what the issue is

Bugs Fixed

• The only-scalars config option in prefer-value-in-head rule wasn't working — now it does!
• Fix false positive in prefer-some-in-iteration

Changelog

• a2e8c46: Address external-reference missing cases (#570) (@anderseknert)
• 4455680: docs: update path where version is saved to (#571) (@charlieegan3)
• e012e10: Fix broken only-scalars config in prefer-value-in-head rule (#573) (@anderseknert)
• ded8df1: Fix: rule-shadows-builtin to flag shadowed namespaces (#576) (@anderseknert)
• 3f73ca5: Fix prefer-some-in-iteration false positive on contains check (#574) (@anderseknert)
• 55b8fa7: Fix: use-in-operator should include eq (=) in check (#575) (@anderseknert)
• 3205762: Rule: ignored-import (#577) (@anderseknert)
• 21a0dc4: Language server initialisation adjustments (#580) (@charlieegan3)
• c3d3fe0: Rename unused-return-value -> unassigned-return-value (#581) (@anderseknert)
• b1a6fbe: OPA v0.62.0 (#583) (@anderseknert)

v0.17.0

This is a fairly big release, adding 4 new linter rules and a whole bunch of improvements and fixes.

New rule: with-outside-test-context

Category: performance

This is the first rule in the new performance category, with more to follow in future releases. The with keyword is known to most as a way to mock values and functions in unit tests. While it's occasionally useful in other contexts, it comes with some major performance implications when used outside of tests. This new rule warns when with is encoutered outside the context of tests.

For more information, see the docs on with-outside-test-context.

New rule: circular-import

Category: imports

A circular import is when a package imports itself, either by directly importing itself, or indirectly by importing a which in turn imports a series of packages that eventually import the original package. As long as recursive rules definitions are avoided, circular imports are permitted in Rego. However, such import graphs are not advisable and a signal of poorly structured policy code.

For more information, see the docs on circular-import.

New rule: rule-name-repeats-package

Category: style

When rules are referenced outside the package in which they are defined, they will be referenced using the package path. For example, the allow rule in the example package, is available at data.example.allow. When rule names include all or part of their package paths, this creates repetition in such references. For example, authz_allow in a package authz is referenced with: data.authz.authz_allow. This repetition is undesirable as the reference is longer than needed, and harder to read.

For more information, see the docs on rule-name-repeats-package.

New rule: double negative

Category: style

While rules using double negatives — like not no_funds — occasionally make sense, it is often worth considering whether the rule could be rewritten without the negative. For example, not no_funds could be rewritten as funds or has_funds, or funds_available.

For more information, see the docs on double-negative.

Improvements

• The Regal language server now supports client shutdown messages
• The docs on how to ignore rules and files have been greatly improved. Thanks @bdumpp and @orenzohar for the suggestion!

Bugs Fixed

• Fix false positive in prefer-some-in-iteration rule when old-style iteration was used inside of arrays, sets and objects
• Fix false positive in prefer-some-in-iteration rule when old-style iteration was used inside of rule head key (i.e. contains)
• Fix false positive in external-reference rule when using = for assignment (although you shouldn't!)
• The Regal language server now correctly handles URIs and paths on Windows

Ecosystem

The setup-regal GitHub Action has been promoted to v1. This fixes the warning in pipelines about depending on an old Node version. Make sure to update your workflows!

Changelog

• f2d07d9: lsp: Support lsp client shutdown message (#539) (@charlieegan3)
• 5418cea: docs: add workflow to auto update docs (#541) (@charlieegan3)
• e98d1fc: Update permissions to allow running actions (#542) (@charlieegan3)
• f2d996a: Update docs with deploy key (#543) (@charlieegan3)
• daf2a16: docs: make path when updating version (#544) (@charlieegan3)
• 4007105: docs: correctly set version when updating (#545) (@charlieegan3)
• 46a84e7: docs: allow updating with workflow dispatch (#546) (@charlieegan3)
• cd2cd9f: docs: use pinned addon (#547) (@charlieegan3)
• 6bdebb6: docs: update action no longer needs local write (#549) (@charlieegan3)
• 7896c73: Use v1 of setup-regal (#551) (@anderseknert)
• 1c6d1ba: Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#552) (@dependabot[bot])
• 5dbc6d8: Fix golangci-lint violations (#554) (@anderseknert)
• ee878c0: Use filepath.WalkDir (#556) (@anderseknert)
• 7f9ddad: Rule: circular-import and rule-name-repeats-package (#558) (@charlieegan3)
• ee2cd46: rules: Add double negative rule (#557) (@charlieegan3)
• 22f6a10: Rule: with-outside-test-context (#555) (@anderseknert)
• 2bb5dd6: Docs: Make it obvious how to ignore rules and files (#562) (@anderseknert)
• 6ecc6af: Fix false positive in external-reference (#563) (@anderseknert)
• 4625e7a: Fix false positive in prefer-some-in-iteration (#564) (@anderseknert)
• f11eef4: prefer-some-iteration: fix false positive in rule head key (#565) (@anderseknert)
• ece9977: lsp: Correctly handle URIs and paths on Windows (#569) (@charlieegan3)

v0.16.0

This release adds 2 new linter rules and a language server protocol (LSP) implementation to Regal.

New rule: duplicate-rule

Category: bugs

The new duplicate-rule linter rule flags any rules with duplicated code found in a policy. Duplicate rules are almost certainly a mistake, perhaps from copy-pasting code, and should simply be fixed (or likely, removed).

For more information, see the docs on duplicate-rule.

New rule: use-rego-v1

Category: imports

OPA v0.59.0 introduced a new import named rego.v1. When import rego.v1 is used in a policy, OPA will ensure the policy is compliant with the upcoming OPA 1.0 release. This include enforcing the use of the if and contains keywords, that no deprecated built-ins are used, and more. To learn more about OPA 1.0 and the rego.v1 import, see the OPA docs.

As rego.v1 replaces the future.keywords imports, the Regal rules around those imports are automatically disabled when use-rego-v1 is in use. If you wish to target a version of OPA before rego.v1, use the capabilities feature of the Regal configuration file.

Avoid

package policy

# before OPA v0.59.0, this was best practice
import future.keywords.contains
import future.keywords.if

report contains item if {
    # ...
}

Prefer

package policy

# with OPA v0.59.0 and later, use this instead
import rego.v1

report contains item if {
    # ...
}

For more information, see the docs on use-rego-v1.

New feature: Regal language server

The Language Server Protocol (LSP) provides a way for editors to integrate support for various programming languages using a common protocol. Using an LSP server implementation rather than one built specifically for a single editor allows the same code to be used across all editors with LSP support. v0.16.0 brings a language server mode to Regal, allowing diagnostics (i.e. linting) of Rego to be performed continuously in a workspace rather than as a one-off CLI operation. This is the first step towards bringing Regal into editors like VS Code, and having linting of Rego natively supported as you work with your policies. Expect to see more in this space soon!

Huge thanks to @charlieegan3 for this outstanding contribution!

Changelog

• 071463b: Rule: duplicate-rule (#530) (@anderseknert)
• 7a7a3db: docs: fix typo in code examples (#531) (@charlieegan3)
• 5699af8: ci: enable unused-parameters and unused-receivers in revive linter (#534) (@srenatus)
• ba28678: Regal Language Server (#532) (@charlieegan3)
• ea79b04: OPA v0.61.0 (#536) (@anderseknert)
• c911cb8: docs: fix broken link to ast.rego (#537) (@sspaink)
• bc27c76: Rule: use-rego-v1 (#538) (@anderseknert)