Add `--rego-v1` flag to `check` command

Question

Add `--rego-v1` flag to `check` command

Closed this issue 6 months ago · 0 comments

When applied, the --rego-v1 flag should make the check command reject modules that aren't compliant with OPA 1.0 Rego.

Since both the rego.v1 and future.keywords imports are no-ops in OPA 1.0, any valid combination of these imports are allowed, as long as the rest of the module is compliant with 1.0 Rego. E.g.:

Valid (rego.v1 imported):

package example

import rego.v1

p contains x if { 
  x := input.x;  
  x in [1, 2, 3]
}

Valid (future.keywords imported):

package example

import future.keywords.contains
import future.keywords.if
import future.keywords.in

p contains x if { 
  x := input.x;  
  x in [1, 2, 3]
}

Invalid (no imports):

package example

p contains x if { 
  x := input.x;  
  x in [1, 2, 3]
}

The last module is fully OPA 1.0 compliant Rego, but since this isn't also compatible with <1.0 Rego it must be rejected. To aid in migrating existing policies to 1.0 compliant Rego, it is important that the check command doesn't force users into updating existing code to no longer be compatible with their current runtime.