Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

logo OPA API Authorization in Dart Example

This repository shows how to integrate a service written in Dart with OPA to perform API authorization. It is a direct port of the OPA-Python example, with a few enhancements.

Trying the example

This example utilizes an independent OPA server which must already be running, and which must allow new policies to be uploaded. An existing OPA server URI can be defined in the OPA_URL environment variable, which otherwise defaults to a local instance at http://localhost:8181.

To run the OPA instance locally:

$ opa run -s

note that the example policy (in the ./policies directory) will be uploaded to the OPA server by the application directly. Any additional policies with the .rego extension found in this directory will similarly be uploaded to the OPA server on start.

Run the server:

$ dart bin/server.dart

Without authorization, view a list of cars:

$ curl -X GET localhost:8080/cars

As someone with the manager role, create a car (this should be allowed):

$ curl -H 'Authorization: alice' -H 'Content-Type: application/json' \
    -X PUT localhost:8080/cars/test-car \
    -d '{"model": "Toyota", "vehicle_id": "357192", "owner_id": "4821", "id": "test-car"}'

As someone with the car admin role, try to delete a car (this should be denied):

$ curl -H 'Authorization: kelly' \
    -X DELETE localhost:8080/cars/test-car

Running from Docker

To run from Docker, simply specify the host and port of the OPA server through the passed in OPA_URL environment variable:

$ docker run -e OPA_URL='opa:8181' -p 8080:8080 adaptant/opa-api-authz-dart

Note that by default the Docker image enables the Dart Observatory, which binds port 8181 within the container by default. If using --net=host, the default Observatory port needs to be shifted out of the way. This can be done by tweaking the DART_VM_OPTIONS, as so:

$ docker run -e DART_VM_OPTIONS='--enable-vm-service=8282' --net=host adaptant/opa-api-authz-dart:latest

Starting Dart with additional options --enable-vm-service=8282
Observatory listening on http://127.0.0.1:8282/4y7welzb8Fc=/
Applying policy: ./policies/example.rego
Example Service listening on 0.0.0.0:8080
...

Features and bugs

Please file feature requests and bugs at the issue tracker.

License

Licensed under the terms of the Apache 2.0 license (the license under which the OPA-Python example was released), the full version of which can be found in the LICENSE file included in this distribution.

Acknowledgements

About

Open Policy Agent-based API Authorization in Dart

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published