OPA 1.0 Preparatory Work

[charlieegan3]

The open-policy-agent/opa project is the process of doing the final preparations for OPA 1.0 and wanted to give you a heads up on the recommended upgrade path for projects using Rego. The plan is for the next release of OPA to be 1.0, this will introduce breaking changes to Rego.

We have some tools and resources to make the upgrade process as smooth as possible.

• The main reference for OPA 1.0 changes on the project website.
• opa check --strict is a good place to start, this will flag issues with imports, use of deprecated builtins, and use of now reserved keywords. I think that @anderseknert has done some of the work here in for the gatekeeper library Ensure OPA strict mode compliance gatekeeper-library#429.
• opa fmt --write --rego-v1 $DIR should be the next step, this will migrate files to the new v1 syntax where possible.
• regal lint $DIR finally, it’s also recommend use the Regal linter on the policy files. In particular the Bug violations are important to check.
• These steps are documented in this blog post in more detail.

Any feedback on the process and OPA 1.0's changes generally is appreciated as you go through the process.

Below is a WIP TODO list of things I'm aware of, please feel free to add new items too.

• Implement recommended updates to the Rego driver code as referenced in rego.v1 syntax #3577
• Update gatekeeper-library policies to use the rego.v1 syntax.
• ...

[charlieegan3]

I have shared some examples for v0/v1 duality in https://github.com/charlieegan3/v0-v1-rego-example. Posting here for future reference.

[ritazh]

xpost: #3577