detached-metadata

Summary: Detached metadata annotation

Category: Style

Avoid

rego

package authz

 # METADATA
 # description: allow any requests by admin users

allow if {
    "admin" in input.user.roles
}

Prefer

rego

package authz

# METADATA
# description: allow any requests by admin users
allow if {
    "admin" in input.user.roles
}

Rationale

Metadata annotations should be placed directly above the package, rule or function they are annotating. While OPA accepts any number of newlines between an annotation and the package/rule it applies to, this makes it difficult to connect the two when reading the policy. Always optimize for readability!

Configuration Options

This linter rule provides the following configuration options:

yaml

rules:
  style:
    detached-metadata:
      # one of "error", "warning", "ignore"
      level: error

OPA Docs: Annotations
OPA Docs: Accessing Annotations
GitHub: Source Code

detached-metadata

detached-metadata

Rationale

Configuration Options

Related Resources