Releases: StyraInc/regal
v0.6.0
This release brings a new command for quickly generating new (custom or built-in) rules, a new linter rule, and some improvements around tooling.
New command to help develop new rules
The regal new rule
command may now be used to quickly get started developing your own rules, wether custom ones for your organization, or built-in rules for inclusion in Regal.
regal new rule --category naming --name foo-bar-baz
The above command will create two new files under .regal/rules/naming
(all directories created if not exists since before) where one is a policy for the new rule, and another is a test for the same rule. See the updated documentation for custom rules development for more details.
New rule: non-raw-regex-pattern
Using raw string literals for regex pattern has since long been a best practice, and is recommended both by the OPA docs as well as the Rego Style Guide.. The new non-raw-regex-pattern
rule (in the idiomatic
category) will now help enforce this convention.
Pre-Commit Hooks
Regal now provides pre-commit hooks for easily running Regal as part of your development workflow. Very useful if you want to ensure regal lint
is run before you commit any changes to policy files. See the docs on pre-commit hooks for more information. Thanks @adam-moss and @c-wygoda for your contributions to this feature.
Other notable changes
- The
use-in-operator
rule has been moved from thestyle
category toidiomatic
. Thanks @Parsifal-M! - The documentation for all rules now includes a footer linking to the Regal channel in the Styra Community Slack.
- OPA version bumped from v0.54.0 to v0.55.0
Changelog
- 3b80295: Move use-in-operator to idiomatic category (@Parsifal-M)
- 60cffc3: Bump github.com/open-policy-agent/opa from 0.54.0 to 0.55.0 (#217) (@dependabot[bot])
- 52e8d5d: Some minor fixes (#218) (@anderseknert)
- f2ddc4e: feat: add pre-commit hook (#221) (@adam-moss)
- 9499689: Add self-downloading pre-commit hook (#226) (@c-wygoda)
- 520d67d: Move pre-commit docs to separate page (#227) (@anderseknert)
- 5020e41: Add community footer to docs pages (#228) (@anderseknert)
- c210d80: Rule: non-raw-regex-pattern (#225) (@anderseknert)
- 44cd7de: Scaffolding (#219) (@anderseknert)
v0.5.0
This release brings improvements and new features to improve the experience of authoring custom rules, as well as new, granular capabilities for ignoring files. Most of these improvements are directly based on feedback — and in some cases contributions — from Regal users, which is particularly exciting!
New functionality for ignoring files at a global level and rule level
In addition to setting the severity level of a rule in the Regal configuration file, it is now possible to have the linter ignore files based on their name (or a pattern). This configuration can be applied either globally for all rules, or per rule. An example of this could be wanting to allow the use of the print
function in files with a _test.rego
suffix, but not in any other files.
Example .regal/config.yaml
ignore:
files:
# ignore this file for all rules
- sketch.rego
rules:
testing:
print-or-trace-call:
level: error
ignore:
files:
# ignore the print-or-trace-call rule in tests
- "*_test.rego"
See the configuration section of the docs for more details. Thanks @kristiansvalland for this excellent contribution!
Custom rules authoring improvements
Based on feedback we got from users starting to write their own custom rules, we've made several updates to the docs on this topic, fixing the parts people found confusing, and added more examples show e.g. the directory structure of a policy repo using custom Regal rules. Apart from documentation, we've also made it possible have custom rules without a related_resources
attribute in the metadata, as some might prefer to document their rules in code, or by other means.
Enhanced type checking of the input AST
This improves the authoring experience for both builtin and custom rules. The regal test
command, which is commonly used when developing and testing new rules, now makes use of a schema for the input attribute, i.e. the AST. This allows the command to fail directly when unknown attributes on input
are encountered in linter rules, due to typos or other mistakes.
To use this schema in custom rules, add a schemas
attribute to the package annotation, using schema.regal.ast
for the input:
# METADATA
# description: All packages must use "acme.corp" base name
# schemas:
# - input: schema.regal.ast
package custom.regal.rules.naming["acme-corp-package"]
import future.keywords.contains
import future.keywords.if
report contains violation if {
# this will fail at compile time, as there is no 'functions' attribute
# in the input AST
some function in input.functions
# ...
}
The schema is applied automatically for builtin rules.
Community
On the community side, we're excited to have @kristiansvalland join us as a maintainer!
Changelog
- 698c78e: Remove if rule comment, already in another file (#194) (@charlieegan3)
- 88757dc: ci/build: run on PRs (#198) (@srenatus)
- 59d0682: Add Regal bundle to test cmd runner (#197) (@kristiansvalland)
- 79b5434: Some README fixes (#195) (@anderseknert)
- 22943e7: Fix docs in custom-has-key-construct (#203) (@anderseknert)
- 42878a3: Fix unused-return-value config attribute (@anderseknert)
- 462ba0a: Enhanced type checking using Regal AST schema (#201) (@anderseknert)
- c35a1ab: Improve docs on custom rules authoring (#205) (@anderseknert)
- 7d46fc6: Update config.yaml example (#209) (@charlieegan3)
- 9bdbe30: Add functionality for ignoring files at a global level and rule level. (#200) (@kristiansvalland)
- 6fdb963: Custom rules may skip related_resources (#210) (@anderseknert)
v0.4.0
This release brings three new rules related to comments and metadata annotations:
- invalid-metadata-attribute (bugs category) flags custom attributes in metadata annotations not placed under the
custom
attribute. - detached-metadata (style category) flags metadata annotations that are "detached" by whitespace from their package or rule.
- no-whitespace-comment (style category) simply flags comments where the first character following the
#
is not whitespace.
Additionally, new end-to-end tests exposed a few mistakes in a previous refactoring, which have been fixed. This mistake meant that v0.3.0 failed to correctly run the line-length
and function-arg-return
rules... so if you started from that release you're really getting five new rules with v0.4.0... good thing we're keeping a fast paced release cadence! Thanks to @kristiansvalland for reporting on this regression.
Changelog
- 17bc200: Add no-whitespace-comment style rule (@anderseknert)
- 2f68245: Add invalid-metadata-attribute rule (@anderseknert)
- a093ff6: Bump github.com/open-policy-agent/opa from 0.53.1 to 0.54.0 (#189) (@dependabot[bot])
- 00c2455: New style rule: detached-metadata (#190) (@anderseknert)
- 147a373: Add codeql.yml (#184) (@anderseknert)
- cb516a4: Add e2e test of all rules (#192) (@anderseknert)
v0.3.0
This release improves the use-assignment-operator
rule to include many more cases than previously reported.
Additionally, this release fixes a number of issues uncovered when running Regal against some large real-world policy libraries. A few of these were false positives, i.e. where Regal would report issues where there were none, and a few were cases that Regal previously missed.
On the community side, a link to the blog about the ideas behind Regal was added to the README.
Changelog
- 422bd80: Add link to blog (#173) (@anderseknert)
- cafd6b7: Refactor rule metadata logic (#174) (@anderseknert)
- 54b7669: Fix unconditional-assignment with else clause (#179) (@anderseknert)
- ebc5059: test-outside-test-package: functions prefixed test_ aren't tests (#177) (@anderseknert)
- 16f1894: Improve use-assignment-operator rule (#175) (@anderseknert)
- 64c99c6: external-reference: don't count wildcard as external ref (#181) (@anderseknert)
- 6dcc15e: Don't assume a single wildcard in custom-has-key-construct (#183) (@anderseknert)
v0.2.0
This release adds a new idiomatic
category, meant for rules that indicate that there is a more idiomatic way to do something. Two new rules have been added to that category:
These rules will flag custom implementations of "has_key" function and "contains" respectively, as more idiomatic ways to achieve the same are now available (see links for details).
Additionally, this release fixes a bug where Regal would fail on inputs where a function was declared more than one time in a policy (i.e. with the same name).
On the community side, we've added a logo and a a code of conduct doc.
The rules have also been refactored so that now each rule resides in its own file rather than all of them being grouped in a big file per category. This makes it easier to quickly find rules to work with, and hopefully also to contribute new ones.
Changelog
- b1ad172: Add CoC (#166) (@anderseknert)
- 8852a3a: Add logo (#167) (@charlieegan3)
- aab76ff: Don't crash on identically named functions (#169) (@anderseknert)
- b57ac0e: refactor: one rule, one file (#170) (@anderseknert)
- 67b0ed8: Add idiomatic category (#171) (@anderseknert)
- a9c350b: Remove unused imports (#172) (@anderseknert)
v0.1.1
Changelog
- a415b35: Use lowercase chars in registry name (#165) (@charlieegan3)
v0.1.0-beta2
Changelog
- df3a806: Bump github.com/open-policy-agent/opa from 0.53.0 to 0.53.1 (@dependabot[bot])
- cb62e97: Merge pull request #149 from StyraInc/dependabot/go_modules/github.com/open-policy-agent/opa-0.53.1 (@charlieegan3)
- 3715726: Address issue in version format (#150) (@charlieegan3)
- bfb9d45: Refine regal definition (#151) (@charlieegan3)
- e98b60a: Bump OPA and built-in metadata (#155) (@anderseknert)
- 131bd2c: Update example to be more sensible (#156) (@anderseknert)
- 562d430: Wait for linting tasks to start before waiting (#158) (@charlieegan3)
v0.1.0-beta1
Changelog
- ec7874b: Rule: rule-named-if (#141) (@anderseknert)
- e711ca3: Rule: function-arg-return (#143) (@anderseknert)
- 04fc6dc: Allow loading of config from arg paths (@charlieegan3)
- c9cfeea: Handle empty config files with clearer message (@charlieegan3)
- 91e88e8: Merge pull request #145 from StyraInc/config-loading (@charlieegan3)
- 0d83026: linter_test: fix typo (#148) (@srenatus)
- 92a941f: e2e: add very basic e2e tests (#147) (@srenatus)
- c045881: Add LICENSE (@anderseknert)
v0.0.0-alpha4
Changelog
- ed142a7: Only run build on branch push (#123) (@charlieegan3)
- 9165eb1: Fix missing text in unconditional-assignment rule (#124) (@anderseknert)
- d5e1405: Implement simple concurrent Rego evaluation (@charlieegan3)
- beaf789: Appease the linter (@charlieegan3)
- 4946807: Merge pull request #125 from StyraInc/parallel (@charlieegan3)
- 269484a: functions/print-or-trace-call (#126) (@anderseknert)
- 535433f: Bump dependencies (#133) (@anderseknert)
- 7518be5: bugs/not-equals-in-loop (#130) (@anderseknert)
- 1099a2c: Use custom regal.last built-in for last array element lookup (#128) (@anderseknert)
- 322a6b1: Add CLI flags to enable/disable rules (#134) (@anderseknert)
- efa5c10: Reorganize categories (#135) (@anderseknert)
- a35a034: Various improvements for release (#136) (@anderseknert)
- 81b53fc: Minor README fixes (#139) (@anderseknert)
v0.0.0-alpha3
Changelog
- 924d3a0: Rule: imports/redundant-alias (#116) (@anderseknert)
- d842766: Ensure merge overwrite in user config for Go rules (#120) (@anderseknert)
- b24752f: Rule: bugs/unused-return-value (#112) (@anderseknert)
- e952896: Use inviter for Slack link (@anderseknert)
- 0c78e67: Add brew config back (@charlieegan3)
- 8091b9a: Merge pull request #121 from StyraInc/inviter-link (@charlieegan3)
- b417470: Merge pull request #122 from StyraInc/brew (@charlieegan3)