opa
opa copied to clipboard
Allow multiple imports on a single line
It would be nice enhancement if there was support for importing multiple rules, or future keywords on a single line. As it currently stands, explicitly importing all the future keywords — which we recommend over the "catch all" import — plus any rules or functions required from other packages, is a bit verbose, and tends to distract from what's important when demonstrating policy authoring. I.e. rather than having to do something like:
package policy
import future.keywords.every
import future.keywords.contains
import future.keywords.if
import data.other.policy.foo
import data.other.policy.bar as b
deny contains "not on my watch!" if {
every x in foo {
x == b
}
}
One would be able to do something like:
package policy
import future.keywords [every, contains, if]
import data.other.policy [foo, bar as b]
deny contains "not on my watch!" if {
every x in foo {
x == b
}
}
Open to suggestions on the syntax — whatever looks best on a single line is fine with me :)
The obvious alternative... but I don't know python so this might or might not be similar enough.
from future.keywords import [every, contains, if]
Yeah, that'd be nice... although it would require the use of a new from
keyword... and it's not clear how that could be imported
from future.keywords import [from]
😆
There's also Haskell's import syntax. They allow qualified, unqualified, and renamed imports, as well as the ability to import all names except a selection from the other module, which is interesting.
Yeah.. another request that's come up a few times is to forbid imports that don't "resolve" to something, like... I guess something close to how PHP differentiates between "import" and "require". Or to be able to exclude something from the stdlib or a keyword, in order to use that for your own custom functions or rules. Both could be useful, but let's keep the scope to multiple imports for this issue 😄
This is not much of a problem in "production" policies, but it would help a lot with providing concise, copy-pasteable snippets, like in the Rego Style Guide, or as shown in presentations and demos.
This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.
This is quite an interesting one, I might play around with this if its okay and see if I can make something cool :smile:
I'd love to see it @Parsifal-M 😃
Is there consensus on how to do it? I presume we'll go with
import future.keywords [every, contains, if]
import data.other.policy [foo, bar as b]
❓
Is there consensus on how to do it? I presume we'll go with
import future.keywords [every, contains, if] import data.other.policy [foo, bar as b]
question
This is what I had in mind to try out :+1: , LMK if you think otherwise.
It's fine. I just wanted everyone to be on the same page.
I think an interesting question here is capabilities: How can we introduce this change so that the user can take the capabilities file of some OPA version before this feature was introduced, and have it fail in a sensible way?
(Usually, you'll have a myriad of OPA versions running in your installation, and you'd take the oldest running version's capabilities file when bundling policies for your fleet.)