Merge pull request #2281 from simonbaird/prep-test-rego-for-opa-1.0

Use consistent rego syntax in prep for opa 1.0

Author: simonbaird

acceptance/examples/allow_all.rego

@@ -1,4 +1,6 @@
 # Simplest never-failing policy
 package main
 
+import rego.v1
+
 allow := []

acceptance/examples/disallowed_functions.rego

@@ -6,8 +6,7 @@
 #   test that certain rego functions are not allowed.
 package policy.capabilities
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # title: use env var

acceptance/examples/fail_with_data.rego

@@ -1,5 +1,7 @@
 package main
 
-deny[result] {
+import rego.v1
+
+deny contains result if {
     result := sprintf("Failure due to %s", [data.rule_data.banana_fail_reason])
 }

acceptance/examples/fetch_blob.rego

@@ -1,8 +1,6 @@
 package blobby
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:
@@ -27,7 +25,7 @@ deny contains result if {
     }
 }
 
-uri := value {
+uri := value if {
     # Assume the blob is on the same repo as the image
     repo := split(input.image.ref, "@")[0]
     # The digest of the word "spam"

acceptance/examples/filtering.rego

@@ -6,9 +6,7 @@
 #   showcase the filtering logic with include/exclude/collection.
 package policy.filtering
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: always pass

acceptance/examples/future_deny.rego

@@ -1,6 +1,8 @@
 package main
 
-deny[{"msg": result, "effective_on": effective_on}] {
-    result := "Fails in 2099"
+import rego.v1
+
+deny contains {"msg": result, "effective_on": effective_on} if {
+  result := "Fails in 2099"
 	effective_on := "2099-01-01T00:00:00Z"
 }

acceptance/examples/gloomy_day.rego

@@ -1,13 +1,15 @@
 # Provide one always passing rule and one always failing rule
 package gloomy
 
+import rego.v1
+
 # METADATA
 # title: Allow gloomy rule
 # description: This rule will never fail
 # custom:
 #   short_name: happy
 #   failure_msg: Always succeeds
-deny[result] {
+deny contains result if {
     false
     result := "Never fails"
 }
@@ -18,7 +20,7 @@ deny[result] {
 # custom:
 #   short_name: sad
 #   failure_msg: Always fails
-deny[result] {
+deny contains result if {
 	result := {
 		"code": "gloomy.sad",
 		"effective_on": "2022-01-01T00:00:00Z",

acceptance/examples/happy_day.rego

@@ -1,6 +1,8 @@
 # Simplest never-failing policy
 package main
 
+import rego.v1
+
 # METADATA
 # title: Allow rule
 # description: This rule will never fail
@@ -10,7 +12,7 @@ package main
 #   solution: Easy
 #   collections:
 #   - A
-deny[result] {
+deny contains result if {
     false
     result := "Never denies"
 }

acceptance/examples/image_config.rego

@@ -1,17 +1,15 @@
 # Verify image config data from input.
 package image_config
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Image Title Label
 # description: Check if the image has the org.opencontainers.image.title label set.
 # custom:
 #   short_name: image_title_set
 #   failure_msg: Missing image title label
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     not input.image.config.Labels["org.opencontainers.image.title"]
 }
 
@@ -21,7 +19,7 @@ deny contains err(rego.metadata.rule()) {
 # custom:
 #   short_name: parent_image_title_set
 #   failure_msg: Missing parent image title label
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     not input.image.parent.config.Labels["org.opencontainers.image.title"]
 }
 
@@ -33,7 +31,7 @@ deny contains err(rego.metadata.rule()) {
 # custom:
 #   short_name: image_distinct_title_set
 #   failure_msg: Image does not have a distinct title
-deny contains err(rego.metadata.rule()) {
+deny contains err(rego.metadata.rule()) if {
     l1 := input.image.config.Labels["org.opencontainers.image.title"]
     l2 := input.image.parent.config.Labels["org.opencontainers.image.title"]
     l1 == l2

acceptance/examples/keyless.rego

@@ -1,8 +1,6 @@
 package keyless
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:

acceptance/examples/oci_image_files.rego

@@ -2,7 +2,6 @@ package files
 
 import rego.v1
 
-
 # METADATA
 # custom:
 #   short_name: match

acceptance/examples/olm_manifests.rego

@@ -1,8 +1,6 @@
 package olm_manifests
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Manifests are there

acceptance/examples/pipeline_basic.rego

@@ -1,13 +1,15 @@
 package pipeline.main
 
+import rego.v1
+
 expected_kind := "Pipeline"
 
 # METADATA
 # title: Pipeline kind is expected
 # description: Check that the pipeline is a kind of "Pipeline"
 # custom:
 #   short_name: expected_kind
-deny[result] {
+deny contains result if {
 	expected_kind != input.kind
 	result := "invalid kind"
 }

acceptance/examples/purl.rego

@@ -1,8 +1,6 @@
 package purl
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # custom:

acceptance/examples/reject.rego

@@ -1,9 +1,7 @@
 # Simplest always-failing policy
 package main
 
-import future.keywords.contains
-import future.keywords.if
-import future.keywords.in
+import rego.v1
 
 # METADATA
 # title: Reject rule

acceptance/examples/rules_with_dependencies.rego

@@ -1,7 +1,6 @@
 package pkg
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # custom:

acceptance/examples/trace_debug.rego

@@ -1,7 +1,6 @@
 package main
 
-import future.keywords.contains
-import future.keywords.if
+import rego.v1
 
 # METADATA
 # title: Debug

acceptance/examples/unsupported.rego

@@ -1,5 +1,7 @@
 package unsupported
 
-deny {
+import rego.v1
+
+deny if {
     true
 }

acceptance/examples/warn.rego

@@ -1,6 +1,8 @@
 # Simplest always-warning policy
 package main
 
-warn[result] {
+import rego.v1
+
+warn contains result if {
     result := "Has a warning"
 }

acceptance/examples/with_annotations.rego

@@ -1,11 +1,13 @@
 package policy.release.kitty
 
+import rego.v1
+
 # METADATA
 # title: Kittens
 # description: Fluffy
 # custom:
 #   short_name: purr
 #
-deny[result] {
+deny contains result if {
     result := "Meow"
 }

docs/policy/release/attestation.rego

@@ -8,6 +8,8 @@
 #
 package policy.release.builtin.attestation
 
+import rego.v1
+
 # METADATA
 # title: Attestation signature
 # description: >-
@@ -23,7 +25,7 @@ package policy.release.builtin.attestation
 #   collections:
 #   - builtin
 #
-deny {
+deny if {
 	false # Here just to provide documentation
 }
 
@@ -40,6 +42,6 @@ deny {
 #   collections:
 #   - builtin
 #
-deny {
+deny if {
 	false # Here just to provide documentation
 }

docs/policy/release/image.rego

@@ -8,6 +8,8 @@
 #
 package policy.release.builtin.image
 
+import rego.v1
+
 # METADATA
 # title: Image signature
 # description: >-
@@ -23,6 +25,6 @@ package policy.release.builtin.image
 #   collections:
 #   - builtin
 #
-deny {
+deny if {
 	false # Here just to provide documentation
 }

features/__snapshots__/inspect_policy.snap

@@ -22,7 +22,7 @@ Error: Merge error. The 'rule_data' key was found more than once!
       },
       "location": {
         "file": "main.rego",
-        "row": 9,
+        "row": 11,
         "col": 1
       },
       "path": [
@@ -94,7 +94,7 @@ kitty.purr
 ---
 
 [sources from ECP:stdout - 1]
-# Source: git::${GITHOST}/git/policy1.git?ref=8288b21ca5e7d8863efffb47c2bc3eac1274d1ff
+# Source: git::${GITHOST}/git/policy1.git?ref=5c216ecae44c9bd76cca3e6cce95892289a07db0
 
 policy.release.kitty.purr (deny)
 https://enterprisecontract.dev/docs/ec-policies/release_policy.html#kitty__purr