Providing wrong arity to built-ins should explain actual problem

[anderseknert]

Short description

When providing too few arguments to a built-in function, a message about expression or variable being "unsafe" is returned. This doesn't really convey the real problem, which is of course that too few arguments were provided.

Steps To Reproduce

x := startswith("string")
1 error occurred: policy.rego:3: rego_unsafe_var_error: expression is unsafe

username = u {
    name := input.requestContext.principal.name
    startswith(name, "CN=")
    u = substring(3, count(name))
} else = input.requestContext.principal.name
1 error occurred: policy.rego:6: rego_unsafe_var_error: var u is unsafe

Expected behavior

Output to be something like "built-in X: expected <string, string, number>, got <string>"

[srenatus]

Hmm this is interesting:

$ opa eval -fpretty 'startswith(1)'
1 error occurred: 1:1: rego_type_error: startswith: too few arguments
        have: (number)
        want: (string, string, boolean)
$ opa eval -fpretty 'x := startswith(1)'
1 error occurred: 1:1: rego_unsafe_var_error: var x is unsafe

seems like it's mostly a matter of returning the proper error. I'll look into this, seems like a good UX improvement to me.

[srenatus]

We've got multiple stages in the compiler, and the type checker runs after the safety check. Since the safety check fails, that's the error we get.

However, there's also an "undefined function" check, and I think it's OK to amend that one: after all, wrong arity means wrong function.

[anderseknert]

Thanks for looking into this @srenatus! Yeah, while it might seem pedantic, having clear error messages might be one of the most important investments in the debugging experience IMHO.. so I think it's time well spent :)