-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not clear why metadata attribute entrypoint
requires scope: rule
#6798
Comments
Agreed that After having used annotations a fair amount recently I would say that having to specify the I wonder if we could default the scope differently than we already do today... the current defaults are based on the place in the file, e.g., preceeding a package makes it |
Changing the default scope of annotations is a semantic change. Would this be a v1 feature? Or, to not risk pushing that release back even further with additional changes, even v2 (assuming we tighten the major version cadence)? |
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue. |
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
And automatically change implied `scope` from `rule` to `document` when no `scope` is provided (on rule metadata). Whether this can be included in a "normal" release, or will have to wait until OPA 1.0, I'll let others decide. But I think it's worth pointing out that this is a breaking change to address a **bug**, and that a scope of `rule` makes no sense for an entrypoint. One alternative could perhaps be to only change this behavior when `import rego.v1` is included in a file, as that's meant to be a glimpse of the future anyway. But at this time, no such considerations have been taken. Fixes open-policy-agent#6798 Signed-off-by: Anders Eknert <anders@styra.com>
Having worked on some Regal rules around metadata annotations recently, and the ambiguous-scope rule specifically, I was surprised to see that the
entrypoint
attribute worked for annotations scoped torule
. AFAIK, an entrypoint will always point to the "whole" rule — in other words thedocument
. I thought it was just an oversight, and a (by all means, harmless) bug that something silly like defining an incremental rule where one isentrypoint: true
and the other isentrypoint: false
was allowed, as clearly both will be evaluated when one of them is marked as an entrypoint?But now that I tried to change the scope to
document
, that's apparently a parser error 🤔Which had me check the documentation on
entrypoint
, and the docs confirm this too:So while this isn't a bug in the sense that something isn't working as intended or documented — this doesn't seem right to me? Isn't an entrypoint on a rule always scoped to the whole rule (i.e. the document) rather than a specific rule definition?
The text was updated successfully, but these errors were encountered: