Rego Keyword Examples: import
In Rego, the import keyword is used to include references in the current file
from other places, namely other Rego packages. However, the import keyword is
also used to change the Rego syntax available in the current file. Let's cover
this case first.
Importing packages
Most importantly, the import keyword is used to make the rules defined in one
package, available in another.
Imagine we have a package, package1, that defines a rule name like this:
package package1
import rego.v1
name := "World"
Now, if we'd like to use the name rule in another package, package2, we
could do something like this:
package package2
import rego.v1
output := sprintf("Hello, %v", [data.package1.name])
While this will work, it's better to use an import at the top of the file to save repetition and declare the dependency upfront for readers of the policy. We can achieve the same result like this:
package package2
import rego.v1
import data.package1
output := sprintf("Hello, %v", [package1.name])
Sometimes, using the package name for an import many times throughout a file can be too verbose. In such cases, it can be helpful to use an alias like this:
package package2
import rego.v1
import data.package1 as p1
output := sprintf("Hello, %v", [p1.name])
Importing Future Keywords
The in, every, if, contains, and not (semantic update) keywords
have been introduced to the Rego language over time, and in order to prevent
them from breaking policies that existed before their introduction, an opt-in mechanism
has been necessary. The future.keywords.* imports facilitate this
opt-in mechanism. With the release of OPA v1.x, the in, every, if, and contains
keywords have become a standard part of the Rego language, and no longer require an import.
The not keyword has always been a standard part of the Rego language, but has since its introduction
received a semantic update that requires author opt-in through importing future.keywords.not.
Importing future.keywords.not
import future.keywords.not enables the not body syntax
(not { ... }) and implicit body wrapping for single-expression negation.
This import is independent of the rego.v1 import.
The future.keywords.not import fixes a long-standing semantic issue with negation in Rego.
Read more about it in the Improved Negation Semantics section of the Policy Language overview.
Importing rego.v1
In OPA 1.0 a number of
previously optional keywords are required. These settings for the Rego
language is available in pre-1.0 versions using the import keyword. The two
files that follow are equivalent.
package example
import rego.v1
allow if count(deny) == 0
deny contains "not admin" if input.user.role != "admin"
package example
allow if count(deny) == 0
deny contains "not admin" if input.user.role != "admin"
Further Reading
- Read about imports in the documentation.
- Make sure you're using
importcorrectly with Regal's import rules.