docs/projects/regal/rules/bugs/top-level-iteration.md
Summary: Iteration in top-level assignment
Category: Bugs
Avoid
package policy
user := input.users[_]
While OPA allows this construct — it probably shouldn't. Performing iteration outside of a rule or function body doesn't make any sense, and traversing any collection containing more than one item in this context will result in an error:
eval_conflict_error: complete rules must not produce multiple outputs
If the collection only contains a single item, the assignment will succeed, and the result will be the single element assigned to the variable. As such, it is possible that a policy passing all tests still will fail when provided real data.
This linter rule provides the following configuration options:
rules:
bugs:
top-level-iteration:
# one of "error", "warning", "ignore"
level: error