Skip to content
PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client
PHP Other
  1. PHP 99.0%
  2. Other 1.0%
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
tests
.travis.yml
LICENSE.txt
Makefile
composer.json
phpunit.xml
psalm.xml
readme.md

readme.md

Open Policy Agent Library

This library provides a client for the Open Policy Agent (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.

Latest Version Packagist Software License Build Status codecov

For working examples, please see segrax/opa-php-examples and a walkthrough is available to guide you through the examples.

Install

Install the latest using composer.

composer require segrax/open-policy-agent

Usage Examples

Client Usage

use Segrax\OpenPolicyAgent\Client;

$apiPolicy = "package my.api
              default allow=false
              allow {
                  input.path = [\"abc\"]
                  input.user == \"a random user\"
              }";

$client = new Client([ Client::OPT_AGENT_URL => 'http://127.0.0.1:8181/',
                       Client::OPT_AUTH_TOKEN => 'MyToken']);

// Push a policy to the agent
$client->policyUpdate('my/api', $apiPolicy, false);

// Execute the policy
$inputs = [ 'path' => ['abc'],
            'user' => 'a random user'];

$res = $client->policy('my/api', $inputs, false, false, false, false );
if ($res->getByName('allow') === true ) {
    // Do stuff
}

Authorization Middleware

Create the client, and add the Authorization object onto the middleware stack

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Authorization;

$app = AppFactory::create();

$client = new Client([Client::OPT_AGENT_URL => 'http://127.0.0.1:8181/']);
$app->add(new Authorization(
                [Authorization::OPT_POLICY => 'auth/api'],
                $client,
                $app->getResponseFactory()));

Distributor Middleware

Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'

use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Distributor;

$app = AppFactory::create();

$app->add(new Distributor(
                        [Distributor::OPT_POLICY_PATH => __DIR__ . '/opa',
                         Distributor::OPT_AGENT_USER => 'opa'],
                        $app->getResponseFactory(),
                        new StreamFactory(),
                        $app->getLogger()));

// Add a GET route for the opa bundle route
$app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) {
    return $response->withStatus(404);
});

Code Testing

make tests

Security

If you discover any security related issues, please email segrax19@gmail.com.

License

The MIT License (MIT). Please see License File for more information.

You can’t perform that action at this time.