build(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0

Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.60.0 to 0.61.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.60.0...v0.61.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 04:20:59 -05:00 · 2024-01-30 06:09:53 +00:00
parent 7980be48a1
commit 690d44cfb0
23 changed files with 5206 additions and 151 deletions
@@ -122,19 +122,13 @@ type ParserOptions struct {
 	SkipRules         bool
 	JSONOptions       *astJSON.Options
 	// RegoVersion is the version of Rego to parse for.
-	// RegoV1Compatible additionally affects the Rego version. Use EffectiveRegoVersion to get the effective Rego version.
-	RegoVersion RegoVersion
-	// RegoV1Compatible is equivalent to setting RegoVersion to RegoV0CompatV1.
-	// RegoV1Compatible takes precedence, and if set to true, RegoVersion is ignored.
-	// Deprecated: use RegoVersion instead. Will be removed in a future version of OPA.
-	RegoV1Compatible   bool
+	RegoVersion        RegoVersion
 	unreleasedKeywords bool // TODO(sr): cleanup
 }

+// EffectiveRegoVersion returns the effective RegoVersion to use for parsing.
+// Deprecated: Use RegoVersion instead.
 func (po *ParserOptions) EffectiveRegoVersion() RegoVersion {
-	if po.RegoV1Compatible {
-		return RegoV0CompatV1
-	}
 	return po.RegoVersion
 }

@@ -291,7 +285,7 @@ func (p *Parser) Parse() ([]Statement, []*Comment, Errors) {

 	allowedFutureKeywords := map[string]tokens.Token{}

-	if p.po.EffectiveRegoVersion() == RegoV1 {
+	if p.po.RegoVersion == RegoV1 {
 		// RegoV1 includes all future keywords in the default language definition
 		for k, v := range futureKeywords {
 			allowedFutureKeywords[k] = v
@@ -325,7 +319,7 @@ func (p *Parser) Parse() ([]Statement, []*Comment, Errors) {
 	}

 	selected := map[string]tokens.Token{}
-	if p.po.AllFutureKeywords || p.po.EffectiveRegoVersion() == RegoV1 {
+	if p.po.AllFutureKeywords || p.po.RegoVersion == RegoV1 {
 		for kw, tok := range allowedFutureKeywords {
 			selected[kw] = tok
 		}
@@ -346,7 +340,7 @@ func (p *Parser) Parse() ([]Statement, []*Comment, Errors) {
 	}
 	p.s.s = p.s.s.WithKeywords(selected)

-	if p.po.EffectiveRegoVersion() == RegoV1 {
+	if p.po.RegoVersion == RegoV1 {
 		for kw, tok := range allowedFutureKeywords {
 			p.s.s.AddKeyword(kw, tok)
 		}
@@ -2614,7 +2608,7 @@ func (p *Parser) regoV1Import(imp *Import) {
 		return
 	}

-	if p.po.EffectiveRegoVersion() == RegoV1 {
+	if p.po.RegoVersion == RegoV1 {
 		// We're parsing for Rego v1, where the 'rego.v1' import is a no-op.
 		return
 	}
@@ -477,7 +477,7 @@ func ParseModuleWithOpts(filename, input string, popts ParserOptions) (*Module,
 	if err != nil {
 		return nil, err
 	}
-	return parseModule(filename, stmts, comments, popts.EffectiveRegoVersion())
+	return parseModule(filename, stmts, comments, popts.RegoVersion)
 }

 // ParseBody returns exactly one body.
@@ -626,7 +626,7 @@ func ParseStatementsWithOpts(filename, input string, popts ParserOptions) ([]Sta
 		WithCapabilities(popts.Capabilities).
 		WithSkipRules(popts.SkipRules).
 		WithJSONOptions(popts.JSONOptions).
-		WithRegoVersion(popts.EffectiveRegoVersion()).
+		WithRegoVersion(popts.RegoVersion).
 		withUnreleasedKeywords(popts.unreleasedKeywords)

 	stmts, comments, errs := parser.Parse()
@@ -698,22 +698,7 @@ func parseModule(filename string, stmts []Statement, comments []*Comment, regoCo
 	if mod.regoVersion == RegoV0CompatV1 || mod.regoVersion == RegoV1 {
 		for _, rule := range mod.Rules {
 			for r := rule; r != nil; r = r.Else {
-				var t string
-				if r.isFunction() {
-					t = "function"
-				} else {
-					t = "rule"
-				}
-
-				if r.generatedBody && r.Head.generatedValue {
-					errs = append(errs, NewError(ParseErr, r.Location, "%s must have value assignment and/or body declaration", t))
-				}
-				if r.Body != nil && !r.generatedBody && !ruleDeclarationHasKeyword(r, tokens.If) && !r.Default {
-					errs = append(errs, NewError(ParseErr, r.Location, "`if` keyword is required before %s body", t))
-				}
-				if r.Head.RuleKind() == MultiValue && !ruleDeclarationHasKeyword(r, tokens.Contains) {
-					errs = append(errs, NewError(ParseErr, r.Location, "`contains` keyword is required for partial set rules"))
-				}
+				errs = append(errs, CheckRegoV1(r)...)
 			}
 		}
 	}
@@ -1,5 +1,11 @@
 package ast

+import (
+	"fmt"
+
+	"github.com/open-policy-agent/opa/ast/internal/tokens"
+)
+
 func checkDuplicateImports(modules []*Module) (errors Errors) {
 	for _, module := range modules {
 		processedImports := map[Var]*Import{}
@@ -116,11 +122,43 @@ func checkDeprecatedBuiltinsForCurrentVersion(node interface{}) Errors {
 	return checkDeprecatedBuiltins(deprecatedBuiltins, node)
 }

-// CheckRegoV1 checks the given module for errors that are specific to Rego v1
-func CheckRegoV1(module *Module) Errors {
+// CheckRegoV1 checks the given module or rule for errors that are specific to Rego v1.
+// Passing something other than an *ast.Rule or *ast.Module is considered a programming error, and will cause a panic.
+func CheckRegoV1(x interface{}) Errors {
+	switch x := x.(type) {
+	case *Module:
+		return checkRegoV1Module(x)
+	case *Rule:
+		return checkRegoV1Rule(x)
+	}
+	panic(fmt.Sprintf("cannot check rego-v1 compatibility on type %T", x))
+}
+
+func checkRegoV1Module(module *Module) Errors {
 	var errors Errors
 	errors = append(errors, checkDuplicateImports([]*Module{module})...)
 	errors = append(errors, checkRootDocumentOverrides(module)...)
 	errors = append(errors, checkDeprecatedBuiltinsForCurrentVersion(module)...)
 	return errors
 }
+
+func checkRegoV1Rule(rule *Rule) Errors {
+	t := "rule"
+	if rule.isFunction() {
+		t = "function"
+	}
+
+	var errs Errors
+
+	if rule.generatedBody && rule.Head.generatedValue {
+		errs = append(errs, NewError(ParseErr, rule.Location, "%s must have value assignment and/or body declaration", t))
+	}
+	if rule.Body != nil && !rule.generatedBody && !ruleDeclarationHasKeyword(rule, tokens.If) && !rule.Default {
+		errs = append(errs, NewError(ParseErr, rule.Location, "`if` keyword is required before %s body", t))
+	}
+	if rule.Head.RuleKind() == MultiValue && !ruleDeclarationHasKeyword(rule, tokens.Contains) {
+		errs = append(errs, NewError(ParseErr, rule.Location, "`contains` keyword is required for partial set rules"))
+	}
+
+	return errs
+}