Skip to content
Example usage of OPA in PHP
PHP Makefile Dockerfile Open Policy Agent
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
plain
slim4-api
.travis.yml
LICENSE.txt
readme.md

readme.md

segrax/opa-php-examples

Software License Build Status

Examples of using Open Policy Agent (OPA) with the segrax/open-policy-agent library on PHP 7.3.

These examples are pre-configured to work out of the box and contain insecure JWTs / secret-key and must never be reused for any purpose.

The API is setup for xdebug including working @code configuration.

All Examples make use of docker-compose, and executing the steps below will launch multiple contains.

For a walkthrough using these examples please see this tutorial

Includes

  • Plain PHP usage of client
  • Slim 4 Skeleton API with policy authorization

Usage

Plain PHP

This example can be used for making queries to an instance of OPA.

    cd plain
    make composer-install
    make test

Slim 4 API Authorization

This example demonstrates how to invoke a policy for making a decision on access to a route.

    cd slim4-api
    make start

The containers will now build and be started, by default the API will be listening on port 80. This example serves up policies in a bundle to the running OPA using the Distributor PSR-15 middleware that is included in segrax/open-policy-agent.

A Postman collection is included inside slim4-api, import it and test both endpoints.

This is the policy for the included example endpoint.

package slim.api

default allow = false

# OPA Bundle
allow {
    input.path = ["opa", "bundles", "{name}"]
    input.token.sub == "opa"
}

# Allow a user to access their own private end point
allow {
    input.method == "GET"
    input.path = ["welcome", userid ]
    userid == input.token.sub
}

# Allow anyone (including unauthed) access to the public endpoint
allow {
    input.path = ["public"]
    input.method == "GET"
}
You can’t perform that action at this time.