v0.5.0

This release brings improvements and new features to improve the experience of authoring custom rules, as well as new, granular capabilities for ignoring files. Most of these improvements are directly based on feedback — and in some cases contributions — from Regal users, which is particularly exciting!

New functionality for ignoring files at a global level and rule level

In addition to setting the severity level of a rule in the Regal configuration file, it is now possible to have the linter ignore files based on their name (or a pattern). This configuration can be applied either globally for all rules, or per rule. An example of this could be wanting to allow the use of the print function in files with a _test.rego suffix, but not in any other files.

Example .regal/config.yaml

ignore:
  files:
    # ignore this file for all rules
    - sketch.rego
rules:
  testing:
    print-or-trace-call:
      level: error
      ignore:
        files:
          # ignore the print-or-trace-call rule in tests
          - "*_test.rego"

See the configuration section of the docs for more details. Thanks @kristiansvalland for this excellent contribution!

Custom rules authoring improvements

Based on feedback we got from users starting to write their own custom rules, we've made several updates to the docs on this topic, fixing the parts people found confusing, and added more examples show e.g. the directory structure of a policy repo using custom Regal rules. Apart from documentation, we've also made it possible have custom rules without a related_resources attribute in the metadata, as some might prefer to document their rules in code, or by other means.

Enhanced type checking of the input AST

This improves the authoring experience for both builtin and custom rules. The regal test command, which is commonly used when developing and testing new rules, now makes use of a schema for the input attribute, i.e. the AST. This allows the command to fail directly when unknown attributes on input are encountered in linter rules, due to typos or other mistakes.

To use this schema in custom rules, add a schemas attribute to the package annotation, using schema.regal.ast for the input:

# METADATA
# description: All packages must use "acme.corp" base name
# schemas:
# - input: schema.regal.ast
package custom.regal.rules.naming["acme-corp-package"]

import future.keywords.contains
import future.keywords.if

report contains violation if {
    # this will fail at compile time, as there is no 'functions' attribute
    # in the input AST
    some function in input.functions

    # ...
}

The schema is applied automatically for builtin rules.

Community

On the community side, we're excited to have @kristiansvalland join us as a maintainer!

Changelog

• 698c78e: Remove if rule comment, already in another file (#194) (@charlieegan3)
• 88757dc: ci/build: run on PRs (#198) (@srenatus)
• 59d0682: Add Regal bundle to test cmd runner (#197) (@kristiansvalland)
• 79b5434: Some README fixes (#195) (@anderseknert)
• 22943e7: Fix docs in custom-has-key-construct (#203) (@anderseknert)
• 42878a3: Fix unused-return-value config attribute (@anderseknert)
• 462ba0a: Enhanced type checking using Regal AST schema (#201) (@anderseknert)
• c35a1ab: Improve docs on custom rules authoring (#205) (@anderseknert)
• 7d46fc6: Update config.yaml example (#209) (@charlieegan3)
• 9bdbe30: Add functionality for ignoring files at a global level and rule level. (#200) (@kristiansvalland)
• 6fdb963: Custom rules may skip related_resources (#210) (@anderseknert)

v0.4.0

This release brings three new rules related to comments and metadata annotations:

• invalid-metadata-attribute (bugs category) flags custom attributes in metadata annotations not placed under the custom attribute.
• detached-metadata (style category) flags metadata annotations that are "detached" by whitespace from their package or rule.
• no-whitespace-comment (style category) simply flags comments where the first character following the # is not whitespace.

Additionally, new end-to-end tests exposed a few mistakes in a previous refactoring, which have been fixed. This mistake meant that v0.3.0 failed to correctly run the line-length and function-arg-return rules... so if you started from that release you're really getting five new rules with v0.4.0... good thing we're keeping a fast paced release cadence! Thanks to @kristiansvalland for reporting on this regression.

Changelog

• 17bc200: Add no-whitespace-comment style rule (@anderseknert)
• 2f68245: Add invalid-metadata-attribute rule (@anderseknert)
• a093ff6: Bump github.com/open-policy-agent/opa from 0.53.1 to 0.54.0 (#189) (@dependabot[bot])
• 00c2455: New style rule: detached-metadata (#190) (@anderseknert)
• 147a373: Add codeql.yml (#184) (@anderseknert)
• cb516a4: Add e2e test of all rules (#192) (@anderseknert)

v0.3.0

This release improves the use-assignment-operator rule to include many more cases than previously reported.

Additionally, this release fixes a number of issues uncovered when running Regal against some large real-world policy libraries. A few of these were false positives, i.e. where Regal would report issues where there were none, and a few were cases that Regal previously missed.

On the community side, a link to the blog about the ideas behind Regal was added to the README.

Changelog

• 422bd80: Add link to blog (#173) (@anderseknert)
• cafd6b7: Refactor rule metadata logic (#174) (@anderseknert)
• 54b7669: Fix unconditional-assignment with else clause (#179) (@anderseknert)
• ebc5059: test-outside-test-package: functions prefixed test_ aren't tests (#177) (@anderseknert)
• 16f1894: Improve use-assignment-operator rule (#175) (@anderseknert)
• 64c99c6: external-reference: don't count wildcard as external ref (#181) (@anderseknert)
• 6dcc15e: Don't assume a single wildcard in custom-has-key-construct (#183) (@anderseknert)

v0.2.0

This release adds a new idiomatic category, meant for rules that indicate that there is a more idiomatic way to do something. Two new rules have been added to that category:

• custom-has-key-construct
• custom-in-construct

These rules will flag custom implementations of "has_key" function and "contains" respectively, as more idiomatic ways to achieve the same are now available (see links for details).

Additionally, this release fixes a bug where Regal would fail on inputs where a function was declared more than one time in a policy (i.e. with the same name).

On the community side, we've added a logo and a a code of conduct doc.

The rules have also been refactored so that now each rule resides in its own file rather than all of them being grouped in a big file per category. This makes it easier to quickly find rules to work with, and hopefully also to contribute new ones.

Changelog

• b1ad172: Add CoC (#166) (@anderseknert)
• 8852a3a: Add logo (#167) (@charlieegan3)
• aab76ff: Don't crash on identically named functions (#169) (@anderseknert)
• b57ac0e: refactor: one rule, one file (#170) (@anderseknert)
• 67b0ed8: Add idiomatic category (#171) (@anderseknert)
• a9c350b: Remove unused imports (#172) (@anderseknert)

v0.1.1

Changelog

• a415b35: Use lowercase chars in registry name (#165) (@charlieegan3)

v0.1.0-beta2

Changelog

• df3a806: Bump github.com/open-policy-agent/opa from 0.53.0 to 0.53.1 (@dependabot[bot])
• cb62e97: Merge pull request #149 from StyraInc/dependabot/go_modules/github.com/open-policy-agent/opa-0.53.1 (@charlieegan3)
• 3715726: Address issue in version format (#150) (@charlieegan3)
• bfb9d45: Refine regal definition (#151) (@charlieegan3)
• e98b60a: Bump OPA and built-in metadata (#155) (@anderseknert)
• 131bd2c: Update example to be more sensible (#156) (@anderseknert)
• 562d430: Wait for linting tasks to start before waiting (#158) (@charlieegan3)

v0.1.0-beta1

Changelog

• ec7874b: Rule: rule-named-if (#141) (@anderseknert)
• e711ca3: Rule: function-arg-return (#143) (@anderseknert)
• 04fc6dc: Allow loading of config from arg paths (@charlieegan3)
• c9cfeea: Handle empty config files with clearer message (@charlieegan3)
• 91e88e8: Merge pull request #145 from StyraInc/config-loading (@charlieegan3)
• 0d83026: linter_test: fix typo (#148) (@srenatus)
• 92a941f: e2e: add very basic e2e tests (#147) (@srenatus)
• c045881: Add LICENSE (@anderseknert)

v0.0.0-alpha4

Changelog

• ed142a7: Only run build on branch push (#123) (@charlieegan3)
• 9165eb1: Fix missing text in unconditional-assignment rule (#124) (@anderseknert)
• d5e1405: Implement simple concurrent Rego evaluation (@charlieegan3)
• beaf789: Appease the linter (@charlieegan3)
• 4946807: Merge pull request #125 from StyraInc/parallel (@charlieegan3)
• 269484a: functions/print-or-trace-call (#126) (@anderseknert)
• 535433f: Bump dependencies (#133) (@anderseknert)
• 7518be5: bugs/not-equals-in-loop (#130) (@anderseknert)
• 1099a2c: Use custom regal.last built-in for last array element lookup (#128) (@anderseknert)
• 322a6b1: Add CLI flags to enable/disable rules (#134) (@anderseknert)
• efa5c10: Reorganize categories (#135) (@anderseknert)
• a35a034: Various improvements for release (#136) (@anderseknert)
• 81b53fc: Minor README fixes (#139) (@anderseknert)

v0.0.0-alpha3

Changelog

• 924d3a0: Rule: imports/redundant-alias (#116) (@anderseknert)
• d842766: Ensure merge overwrite in user config for Go rules (#120) (@anderseknert)
• b24752f: Rule: bugs/unused-return-value (#112) (@anderseknert)
• e952896: Use inviter for Slack link (@anderseknert)
• 0c78e67: Add brew config back (@charlieegan3)
• 8091b9a: Merge pull request #121 from StyraInc/inviter-link (@charlieegan3)
• b417470: Merge pull request #122 from StyraInc/brew (@charlieegan3)

v0.0.0-alpha2

Changelog

• 5c5650f: Drop brews config for now (@charlieegan3)
• e364bef: Merge pull request #111 from StyraInc/drop-brews (@charlieegan3)