v1 build-tag and import for side effects #7179
Conversation
For toggling which rego-version is default. This is groundwork that can be replaced/augmented with a `rego_v0` build tag in OPA v1.0. NOTE: This is a PoC proposal, not to be merged unless no other alternatives can be devised. Signed-off-by: Johan Fylling <[email protected]>
* Making `ast.DefaultRefoVersion` a func * conditioning `ast.defaultRegoVersion` on `opa_rego_v1` built tag Signed-off-by: Johan Fylling <[email protected]>
To be imported for side effects. Signed-off-by: Johan Fylling <[email protected]>
…rsion` Note: can't use ast.RegoVersion values directly because of circular dependencies. `DefaultRegoVersion` could alternatively be set to int-representation (manifest representation), but the required call to `ast.RegoVersionFromInt()` from `ast.DefaultRegoVersion()` is likely somewhat more costly. Signed-off-by: Johan Fylling <[email protected]>
Signed-off-by: Johan Fylling <[email protected]>
| @@ -45,6 +45,10 @@ const ( | |||
| RegoV1 | |||
| ) | |||
|
|
|||
| func DefaultRegoVersion() RegoVersion { | |||
There was a problem hiding this comment.
Breaking change.
Very unlikely anyone is using this, though.
There was a problem hiding this comment.
Since DefaultRegoVersion was added so recently I think we can make this change confidently.
| @@ -112,7 +112,7 @@ install: generate | |||
| $(GO) install $(GO_TAGS) -ldflags $(LDFLAGS) | |||
|
|
|||
| .PHONY: test | |||
| test: go-test wasm-test | |||
| test: go-test go-test-v0 go-test-v0-import wasm-test | |||
There was a problem hiding this comment.
go-tests are basically run twice, once for v0 and once for v1. This has impact on PR GHA execution time. Instead, we could narrow the scope of tests run for v0. The benefit of keeping it like this is we get great test-coverage, and will know if we break the v0 opt-in.
| package rego_default | ||
|
|
||
| // DefaultRegoVersion is the default Rego version (v1). | ||
| var DefaultRegoVersion = 3 // enum value for ast.RegoV1 |
There was a problem hiding this comment.
Because of circular import issues, we can't assign ast.RegoV1 directly.
Alternatively, we could set this to the manifest int representation (0 for v0, 1 for v1), but that would impose a slight conversion overhead on the read side.
to avoid underscores. Signed-off-by: Johan Fylling <[email protected]>
Signed-off-by: Johan Fylling <[email protected]>
| switch mod.regoVersion { | ||
| case RegoUndefined: | ||
| switch DefaultRegoVersion() { | ||
| case RegoV1, RegoV0CompatV1: | ||
| return true | ||
| default: | ||
| return false | ||
| } | ||
| } | ||
|
|
||
| return mod.regoV1Compatible() |
There was a problem hiding this comment.
[nit] the single-case switch could be an if:
| switch mod.regoVersion { | |
| case RegoUndefined: | |
| switch DefaultRegoVersion() { | |
| case RegoV1, RegoV0CompatV1: | |
| return true | |
| default: | |
| return false | |
| } | |
| } | |
| return mod.regoV1Compatible() | |
| if mod.regoVersion == RegoUndefined { | |
| switch DefaultRegoVersion() { | |
| case RegoV1, RegoV0CompatV1: | |
| return true | |
| } | |
| return false | |
| } | |
| return mod.regoV1Compatible() |
...but this is code golf and doesn't matter 🙃
| @@ -17,6 +17,7 @@ import ( | |||
| "strings" | |||
| "unicode/utf8" | |||
|
|
|||
| "github.com/open-policy-agent/opa/internal/rego/version" | |||
There was a problem hiding this comment.
[nit] let's cluster this one with the other opa imports below
| // | ||
| // Usage (import side effects only): | ||
| // | ||
| // import _ "github.com/open-policy-agent/opa/features/rego/v0 |
There was a problem hiding this comment.
| // import _ "github.com/open-policy-agent/opa/features/rego/v0 | |
| // import _ "github.com/open-policy-agent/opa/features/rego/v0 // default to rego v0 |
I think it's good practice to give a reason for underscore imports; let's give a good example.
| package version | ||
|
|
||
| // DefaultRegoVersion is the default Rego version (v0). | ||
| var DefaultRegoVersion = 1 // enum value for ast.RegoV0 |
There was a problem hiding this comment.
We cannot import ast because of circularity?
| // Use of this source code is governed by an Apache2 | ||
| // license that can be found in the LICENSE file. | ||
|
|
||
| //go:build !opa_rego_v0 |
There was a problem hiding this comment.
[nit] the other file has the old-style // +build comment, too. I think we only need //go:build these days, don't we? 🤔
This is an alternative to the API/SDK changes in #7161.
This PR makes the following changes:
opa_rego_v0build tag_ "github.com/open-policy-agent/opa/features/rego_default_v0"import for side effectsPros compared to alternative:
Cons compared to alternative: