package rego

import "github.com/open-policy-agent/opa/rego"

Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended. For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the github.com/open-policy-agent/opa/v1 package instead. See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.

Package rego exposes high level APIs for evaluating Rego policies.

Index

Functions

func BuiltinErrorList 

func BuiltinErrorList(list *[]topdown.Error) func(r *Rego)

BuiltinErrorList supplies an error slice to store built-in function errors.

func Capabilities 

func Capabilities(c *ast.Capabilities) func(r *Rego)

Capabilities configures the underlying compiler's capabilities. This option is ignored for module compilation if the caller supplies the compiler.

func Compiler 

func Compiler(c *ast.Compiler) func(r *Rego)

Compiler returns an argument that sets the Rego compiler.

func DisableInlining 

func DisableInlining(paths []string) func(r *Rego)

DisableInlining adds a set of paths to exclude from partial evaluation inlining.

func DistributedTracingOpts 

func DistributedTracingOpts(tr tracing.Options) func(r *Rego)

DistributedTracingOpts sets the options to be used by distributed tracing.

func Dump 

func Dump(w io.Writer) func(r *Rego)

Dump returns an argument that sets the writer to dump debugging information to.

func EnablePrintStatements 

func EnablePrintStatements(yes bool) func(r *Rego)

EnablePrintStatements enables print() calls. If this option is not provided, print() calls will be erased from the policy. This option only applies to queries and policies that passed as raw strings, i.e., this function will not have any affect if the caller supplies the ast.Compiler instance.

func Function1 

func Function1(decl *Function, f Builtin1) func(*Rego)

Function1 returns an option that adds a built-in function to the Rego object.

func Function2 

func Function2(decl *Function, f Builtin2) func(*Rego)

Function2 returns an option that adds a built-in function to the Rego object.

func Function3 

func Function3(decl *Function, f Builtin3) func(*Rego)

Function3 returns an option that adds a built-in function to the Rego object.

func Function4 

func Function4(decl *Function, f Builtin4) func(*Rego)

Function4 returns an option that adds a built-in function to the Rego object.

func FunctionDecl 

func FunctionDecl(decl *Function) func(*Rego)

FunctionDecl returns an option that adds a custom-built-in function __declaration__. NO implementation is provided. This is used for non-interpreter execution envs (e.g., Wasm).

func FunctionDyn 

func FunctionDyn(decl *Function, f BuiltinDyn) func(*Rego)

FunctionDyn returns an option that adds a built-in function to the Rego object.

func GenerateJSON 

func GenerateJSON(f func(*ast.Term, *EvalContext) (interface{}, error)) func(r *Rego)

GenerateJSON sets the AST to JSON converter for the results.

func Imports 

func Imports(p []string) func(r *Rego)

Imports returns an argument that adds a Rego import to the query's context.

func Input 

func Input(x interface{}) func(r *Rego)

Input returns an argument that sets the Rego input document. Input should be a native Go value representing the input document.

func Instrument 

func Instrument(yes bool) func(r *Rego)

Instrument returns an argument that enables instrumentation for diagnosing performance issues.

func InterQueryBuiltinCache 

func InterQueryBuiltinCache(c cache.InterQueryCache) func(r *Rego)

InterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize during evaluation.

func InterQueryBuiltinValueCache 

func InterQueryBuiltinValueCache(c cache.InterQueryValueCache) func(r *Rego)

InterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize during evaluation.

func IsPartialEvaluationNotEffectiveErr 

func IsPartialEvaluationNotEffectiveErr(err error) bool

IsPartialEvaluationNotEffectiveErr returns true if err is an error returned by this package to indicate that partial evaluation was ineffective.

func Load 

func Load(paths []string, filter loader.Filter) func(r *Rego)

Load returns an argument that adds a filesystem path to load data and Rego modules from. Any file with a *.rego, *.yaml, or *.json extension will be loaded. The path can be either a directory or file, directories are loaded recursively. The optional ignore string patterns can be used to filter which files are used. The Load option can only be used once. Note: Loading files will require a write transaction on the store.

func LoadBundle 

func LoadBundle(path string) func(r *Rego)

LoadBundle returns an argument that adds a filesystem path to load a bundle from. The path can be a compressed bundle file or a directory to be loaded as a bundle. Note: Loading bundles will require a write transaction on the store.

func Metrics 

func Metrics(m metrics.Metrics) func(r *Rego)

Metrics returns an argument that sets the metrics collection.

func Module 

func Module(filename, input string) func(r *Rego)

Module returns an argument that adds a Rego module.

func NDBuiltinCache 

func NDBuiltinCache(c builtins.NDBCache) func(r *Rego)

NDBuiltinCache sets the non-deterministic builtins cache.

func NewHaltError 

func NewHaltError(err error) error

NewHaltError wraps an error such that the evaluation process will stop when it occurs.

func Package 

func Package(p string) func(r *Rego)

Package returns an argument that sets the Rego package on the query's context.

func ParsedBundle 

func ParsedBundle(name string, b *bundle.Bundle) func(r *Rego)

ParsedBundle returns an argument that adds a bundle to be loaded.

func ParsedImports 

func ParsedImports(imp []*ast.Import) func(r *Rego)

ParsedImports returns an argument that adds Rego imports to the query's context.

func ParsedInput 

func ParsedInput(x ast.Value) func(r *Rego)

ParsedInput returns an argument that sets the Rego input document.

func ParsedModule 

func ParsedModule(module *ast.Module) func(*Rego)

ParsedModule returns an argument that adds a parsed Rego module. If a string module with the same filename name is added, it will override the parsed module.

func ParsedPackage 

func ParsedPackage(pkg *ast.Package) func(r *Rego)

ParsedPackage returns an argument that sets the Rego package on the query's context.

func ParsedQuery 

func ParsedQuery(q ast.Body) func(r *Rego)

ParsedQuery returns an argument that sets the Rego query.

func ParsedUnknowns 

func ParsedUnknowns(unknowns []*ast.Term) func(r *Rego)

ParsedUnknowns returns an argument that sets the values to treat as unknown during partial evaluation.

func PartialNamespace 

func PartialNamespace(ns string) func(r *Rego)

PartialNamespace returns an argument that sets the namespace to use for partial evaluation results. The namespace must be a valid package path component.

func PrintHook 

func PrintHook(h print.Hook) func(r *Rego)

PrintHook sets the object to use for handling print statement outputs.

func PrintTrace 

func PrintTrace(w io.Writer, r *Rego)

PrintTrace is a helper function to write a human-readable version of the trace to the writer w.

func PrintTraceWithLocation 

func PrintTraceWithLocation(w io.Writer, r *Rego)

PrintTraceWithLocation is a helper function to write a human-readable version of the trace to the writer w.

func Query 

func Query(q string) func(r *Rego)

Query returns an argument that sets the Rego query.

func QueryTracer 

func QueryTracer(t topdown.QueryTracer) func(r *Rego)

QueryTracer returns an argument that adds a query tracer to r.

func RegisterBuiltin1 

func RegisterBuiltin1(decl *Function, impl Builtin1)

RegisterBuiltin1 adds a built-in function globally inside the OPA runtime.

func RegisterBuiltin2 

func RegisterBuiltin2(decl *Function, impl Builtin2)

RegisterBuiltin2 adds a built-in function globally inside the OPA runtime.

func RegisterBuiltin3 

func RegisterBuiltin3(decl *Function, impl Builtin3)

RegisterBuiltin3 adds a built-in function globally inside the OPA runtime.

func RegisterBuiltin4 

func RegisterBuiltin4(decl *Function, impl Builtin4)

RegisterBuiltin4 adds a built-in function globally inside the OPA runtime.

func RegisterBuiltinDyn 

func RegisterBuiltinDyn(decl *Function, impl BuiltinDyn)

RegisterBuiltinDyn adds a built-in function globally inside the OPA runtime.

func RegisterPlugin 

func RegisterPlugin(name string, p TargetPlugin)

func Resolver 

func Resolver(ref ast.Ref, r resolver.Resolver) func(r *Rego)

Resolver sets a Resolver for a specified ref path.

func Runtime 

func Runtime(term *ast.Term) func(r *Rego)

Runtime returns an argument that sets the runtime data to provide to the evaluation engine.

func Schemas 

func Schemas(x *ast.SchemaSet) func(r *Rego)

Schemas sets the schemaSet

func Seed 

func Seed(r io.Reader) func(*Rego)

Seed sets a reader that will seed randomization required by built-in functions. If a seed is not provided crypto/rand.Reader is used.

func SetRegoVersion 

func SetRegoVersion(version ast.RegoVersion) func(r *Rego)

func ShallowInlining 

func ShallowInlining(yes bool) func(r *Rego)

ShallowInlining prevents rules that depend on unknown values from being inlined. Rules that only depend on known values are inlined.

func SkipBundleVerification 

func SkipBundleVerification(yes bool) func(r *Rego)

SkipBundleVerification skips verification of a signed bundle.

func SkipPartialNamespace 

func SkipPartialNamespace(yes bool) func(r *Rego)

SkipPartialNamespace disables namespacing of partial evalution results for support rules generated from policy. Synthetic support rules are still namespaced.

func Store 

func Store(s storage.Store) func(r *Rego)

Store returns an argument that sets the policy engine's data storage layer.

If using the Load, LoadBundle, or ParsedBundle options then a transaction must also be provided via the Transaction() option. After loading files or bundles the transaction should be aborted or committed.

func StoreReadAST 

func StoreReadAST(enabled bool) func(r *Rego)

StoreReadAST returns an argument that sets whether the store should eagerly convert data to AST values.

Only applicable when no store has been set on the Rego object through the Store option.

func Strict 

func Strict(yes bool) func(r *Rego)

Strict enables or disables strict-mode in the compiler

func StrictBuiltinErrors 

func StrictBuiltinErrors(yes bool) func(r *Rego)

StrictBuiltinErrors tells the evaluator to treat all built-in function errors as fatal errors.

func Target 

func Target(t string) func(r *Rego)

Target sets the runtime to exercise.

func Time 

func Time(x time.Time) func(r *Rego)

Time sets the wall clock time to use during policy evaluation. Prepared queries do not inherit this parameter. Use EvalTime to set the wall clock time when executing a prepared query.

func Trace 

func Trace(yes bool) func(r *Rego)

Trace returns an argument that enables tracing on r.

func Tracer 

func Tracer(t topdown.Tracer) func(r *Rego)

Tracer returns an argument that adds a query tracer to r. Deprecated: Use QueryTracer instead.

func Transaction 

func Transaction(txn storage.Transaction) func(r *Rego)

Transaction returns an argument that sets the transaction to use for storage layer operations.

Requires the store associated with the transaction to be provided via the Store() option. If using Load(), LoadBundle(), or ParsedBundle() options the transaction will likely require write params.

func Unknowns 

func Unknowns(unknowns []string) func(r *Rego)

Unknowns returns an argument that sets the values to treat as unknown during partial evaluation.

func UnsafeBuiltins 

func UnsafeBuiltins(unsafeBuiltins map[string]struct{}) func(r *Rego)

UnsafeBuiltins sets the built-in functions to treat as unsafe and not allow. This option is ignored for module compilation if the caller supplies the compiler. This option is always honored for query compilation. Provide an empty (non-nil) map to disable checks on queries.

Types

type Builtin1 

type Builtin1 = v1.Builtin1

Builtin1 defines a built-in function that accepts 1 argument.

type Builtin2 

type Builtin2 = v1.Builtin2

Builtin2 defines a built-in function that accepts 2 arguments.

type Builtin3 

type Builtin3 = v1.Builtin3

Builtin3 defines a built-in function that accepts 3 argument.

type Builtin4 

type Builtin4 = v1.Builtin4

Builtin4 defines a built-in function that accepts 4 argument.

type BuiltinContext 

type BuiltinContext = v1.BuiltinContext

BuiltinContext contains additional attributes from the evaluator that built-in functions can use, e.g., the request context.Context, caches, etc.

type BuiltinDyn 

type BuiltinDyn = v1.BuiltinDyn

BuiltinDyn defines a built-in function that accepts a list of arguments.

type CompileContext 

type CompileContext = v1.CompileContext

CompileContext contains options for Compile calls.

type CompileOption 

type CompileOption = v1.CompileOption

CompileOption defines a function to set options on Compile calls.

func CompilePartial 

func CompilePartial(yes bool) CompileOption

CompilePartial defines an option to control whether partial evaluation is run before the query is planned and compiled.

type CompileResult 

type CompileResult = v1.CompileResult

CompileResult represents the result of compiling a Rego query, zero or more Rego modules, and arbitrary contextual data into an executable.

type ErrorDetails 

type ErrorDetails = v1.ErrorDetails

ErrorDetails interface is satisfied by an error that provides further details.

type Errors 

type Errors = v1.Errors

Errors represents a collection of errors returned when evaluating Rego.

type EvalContext 

type EvalContext = v1.EvalContext

EvalContext defines the set of options allowed to be set at evaluation time. Any other options will need to be set on a new Rego object.

type EvalOption 

type EvalOption = v1.EvalOption

EvalOption defines a function to set an option on an EvalConfig

func EvalCopyMaps 

func EvalCopyMaps(yes bool) EvalOption

EvalCopyMaps causes the evaluator to copy `map[string]interface{}`s before returning them.

func EvalDisableInlining 

func EvalDisableInlining(paths []ast.Ref) EvalOption

EvalDisableInlining returns an argument that adds a set of paths to exclude from partial evaluation inlining.

func EvalEarlyExit 

func EvalEarlyExit(enabled bool) EvalOption

EvalEarlyExit will disable 'early exit' optimizations for the evaluation. This should only be used when tracing in debug mode.

func EvalInput 

func EvalInput(input interface{}) EvalOption

EvalInput configures the input for a Prepared Query's evaluation

func EvalInstrument 

func EvalInstrument(instrument bool) EvalOption

EvalInstrument enables or disables instrumenting for a Prepared Query's evaluation

func EvalInterQueryBuiltinCache 

func EvalInterQueryBuiltinCache(c cache.InterQueryCache) EvalOption

EvalInterQueryBuiltinCache sets the inter-query cache that built-in functions can utilize during evaluation.

func EvalInterQueryBuiltinValueCache 

func EvalInterQueryBuiltinValueCache(c cache.InterQueryValueCache) EvalOption

EvalInterQueryBuiltinValueCache sets the inter-query value cache that built-in functions can utilize during evaluation.

func EvalMetrics 

func EvalMetrics(metric metrics.Metrics) EvalOption

EvalMetrics configures the metrics for a Prepared Query's evaluation

func EvalNDBuiltinCache 

func EvalNDBuiltinCache(c builtins.NDBCache) EvalOption

EvalNDBuiltinCache sets the non-deterministic builtin cache that built-in functions can use during evaluation.

func EvalParsedInput 

func EvalParsedInput(input ast.Value) EvalOption

EvalParsedInput configures the input for a Prepared Query's evaluation

func EvalParsedUnknowns 

func EvalParsedUnknowns(unknowns []*ast.Term) EvalOption

EvalParsedUnknowns returns an argument that sets the values to treat as unknown during partial evaluation.

func EvalPartialNamespace 

func EvalPartialNamespace(ns string) EvalOption

EvalPartialNamespace returns an argument that sets the namespace to use for partial evaluation results. The namespace must be a valid package path component.

func EvalPrintHook 

func EvalPrintHook(ph print.Hook) EvalOption

EvalPrintHook sets the object to use for handling print statement outputs.

func EvalQueryTracer 

func EvalQueryTracer(tracer topdown.QueryTracer) EvalOption

EvalQueryTracer configures a tracer for a Prepared Query's evaluation

func EvalResolver 

func EvalResolver(ref ast.Ref, r resolver.Resolver) EvalOption

EvalResolver sets a Resolver for a specified ref path for this evaluation.

func EvalRuleIndexing 

func EvalRuleIndexing(enabled bool) EvalOption

EvalRuleIndexing will disable indexing optimizations for the evaluation. This should only be used when tracing in debug mode.

func EvalSeed 

func EvalSeed(r io.Reader) EvalOption

EvalSeed sets a reader that will seed randomization required by built-in functions. If a seed is not provided crypto/rand.Reader is used.

func EvalSortSets 

func EvalSortSets(yes bool) EvalOption

EvalSortSets causes the evaluator to sort sets before returning them as JSON arrays.

func EvalTime 

func EvalTime(x time.Time) EvalOption

EvalTime sets the wall clock time to use during policy evaluation. time.now_ns() calls will return this value.

func EvalTracer 

func EvalTracer(tracer topdown.Tracer) EvalOption

EvalTracer configures a tracer for a Prepared Query's evaluation Deprecated: Use EvalQueryTracer instead.

func EvalTransaction 

func EvalTransaction(txn storage.Transaction) EvalOption

EvalTransaction configures the Transaction for a Prepared Query's evaluation

func EvalUnknowns 

func EvalUnknowns(unknowns []string) EvalOption

EvalUnknowns returns an argument that sets the values to treat as unknown during partial evaluation.

func EvalVirtualCache 

func EvalVirtualCache(vc topdown.VirtualCache) EvalOption

EvalVirtualCache sets the topdown.VirtualCache to use for evaluation. This is optional, and if not set, the default cache is used.

type ExpressionValue 

type ExpressionValue = v1.ExpressionValue

ExpressionValue defines the value of an expression in a Rego query.

type Function 

type Function = v1.Function

Function represents a built-in function that is callable in Rego.

type HaltError 

type HaltError = v1.HaltError

HaltError is an error type to return from a custom function implementation that will abort the evaluation process (analogous to topdown.Halt).

type Location 

type Location = v1.Location

Location defines a position in a Rego query or module.

type PartialQueries 

type PartialQueries = v1.PartialQueries

PartialQueries contains the queries and support modules produced by partial evaluation.

type PartialResult 

type PartialResult = v1.PartialResult

PartialResult represents the result of partial evaluation. The result can be used to generate a new query that can be run when inputs are known.

type PrepareConfig 

type PrepareConfig = v1.PrepareConfig

PrepareConfig holds settings to control the behavior of the Prepare call.

type PrepareOption 

type PrepareOption = v1.PrepareOption

PrepareOption defines a function to set an option to control the behavior of the Prepare call.

func WithBuiltinFuncs 

func WithBuiltinFuncs(bis map[string]*topdown.Builtin) PrepareOption

WithBuiltinFuncs carries the rego.Function{1,2,3} per-query function definitions to the target plugins.

func WithNoInline 

func WithNoInline(paths []string) PrepareOption

WithNoInline adds a set of paths to exclude from partial evaluation inlining.

func WithPartialEval 

func WithPartialEval() PrepareOption

WithPartialEval configures an option for PrepareForEval which will have it perform partial evaluation while preparing the query (similar to rego.Rego#PartialResult)

type PreparedEvalQuery 

type PreparedEvalQuery = v1.PreparedEvalQuery

PreparedEvalQuery holds the prepared Rego state that has been pre-processed for subsequent evaluations.

type PreparedPartialQuery 

type PreparedPartialQuery = v1.PreparedPartialQuery

PreparedPartialQuery holds the prepared Rego state that has been pre-processed for partial evaluations.

type Rego 

type Rego = v1.Rego

Rego constructs a query and can be evaluated to obtain results.

func New 

func New(options ...func(r *Rego)) *Rego

New returns a new Rego object.

type Result 

type Result = v1.Result

Result defines the output of Rego evaluation.

type ResultSet 

type ResultSet = v1.ResultSet

ResultSet represents a collection of output from Rego evaluation. An empty result set represents an undefined query.

type TargetPlugin 

type TargetPlugin = v1.TargetPlugin

type TargetPluginEval 

type TargetPluginEval = v1.TargetPluginEval

type Vars 

type Vars = v1.Vars

Vars represents a collection of variable bindings. The keys are the variable names and the values are the binding values.

Source Files

doc.go errors.go plugins.go rego.go resultset.go

Version
v1.3.0 (latest)
Published
Mar 27, 2025
Platform
linux/amd64
Imports
14 packages
Last checked
2 weeks ago

Tools for package owners.