Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Open Policy Agent Library

This library provides a client for the Open Policy Agent (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.

Latest Version Packagist Software License Build Status codecov

For working examples, please see segrax/opa-php-examples and a walkthrough is available to guide you through the examples.

Install

Install the latest using composer.

composer require segrax/open-policy-agent

Usage Examples

Client Usage

use Segrax\OpenPolicyAgent\Client;

$apiPolicy = "package my.api
              default allow=false
              allow {
                  input.path = [\"abc\"]
                  input.user == \"a random user\"
              }";

$client = new Client([ Client::OPT_AGENT_URL => 'http://127.0.0.1:8181/',
                       Client::OPT_AUTH_TOKEN => 'MyToken']);

// Push a policy to the agent
$client->policyUpdate('my/api', $apiPolicy, false);

// Execute the policy
$inputs = [ 'path' => ['abc'],
            'user' => 'a random user'];

$res = $client->policy('my/api', $inputs, false, false, false, false );
if ($res->getByName('allow') === true ) {
    // Do stuff
}

Authorization Middleware

Create the client, and add the Authorization object onto the middleware stack

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Authorization;

$app = AppFactory::create();

$client = new Client([Client::OPT_AGENT_URL => 'http://127.0.0.1:8181/']);
$app->add(new Authorization(
                [Authorization::OPT_POLICY => 'auth/api'],
                $client,
                $app->getResponseFactory()));

Distributor Middleware

Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Distributor;

$app = AppFactory::create();

$app->add(new Distributor(
                        [Distributor::OPT_POLICY_PATH => __DIR__ . '/opa',
                         Distributor::OPT_AGENT_USER => 'opa'],
                        $app->getResponseFactory(),
                        new StreamFactory(),
                        $app->getLogger()));

// Add a GET route for the opa bundle route
$app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) {
    return $response->withStatus(404);
});

Code Testing

make tests

Security

If you discover any security related issues, please email segrax19@gmail.com.

License

The MIT License (MIT). Please see License File for more information.

About

PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages