Class OpaClient
OpaClient provides high-level convenience APIs for interacting with an OPA server. It is generally recommended to use this class for most common OPA integrations.
public class OpaClient
- Inheritance
-
OpaClient
- Inherited Members
Constructors
OpaClient(string?, ILogger<OpaClient>?, JsonSerializerSettings?)
Constructs an OpaClient, connecting to a specified server address if provided.
public OpaClient(string? serverUrl = null, ILogger<OpaClient>? logger = null, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
serverUrl
stringThe URL for connecting to the OPA server instance. (default: "http://localhost:8181")
logger
ILogger<OpaClient>The ILogger instance to use for this OpaClient. (default: NullLogger)
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings to use as the default for serializing inputs for OPA. (default: none)
Methods
Check(string, object?, JsonSerializerSettings?)
Simple allow/deny-style check against a rule, using the provided object, This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<bool> Check(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
path
stringThe rule to evaluate. (Example: "app/rbac")
input
objectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
EvaluateBatch(string, Dictionary<string, Dictionary<string, object>>)
Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.
public Task<(OpaBatchResults, OpaBatchErrors)> EvaluateBatch(string path, Dictionary<string, Dictionary<string, object>> inputs)
Parameters
path
stringThe rule to evaluate. (Example: "app/rbac")
inputs
Dictionary<string, Dictionary<string, object>>The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.
Returns
- Task<(OpaBatchResults, OpaBatchErrors)>
A pair of mappings, between string keys, and SuccessfulPolicyResponses, or ServerErrors.
EvaluateBatch<T>(string, Dictionary<string, Dictionary<string, object>>)
Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.
public Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)> EvaluateBatch<T>(string path, Dictionary<string, Dictionary<string, object>> inputs)
Parameters
path
stringThe rule to evaluate. (Example: "app/rbac")
inputs
Dictionary<string, Dictionary<string, object>>The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.
Returns
- Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)>
A pair of mappings, between string keys, and generic type T, or ServerErrors.
Type Parameters
T
EvaluateDefault<T>(object?, JsonSerializerSettings?)
Evaluate the server's default policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<T> EvaluateDefault<T>(object? input, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
input
objectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<T>
Result, as an instance of T
Type Parameters
T
Evaluate<T>(string, object?, JsonSerializerSettings?)
Evaluate a policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<T> Evaluate<T>(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
path
stringThe rule to evaluate. (Example: "app/rbac")
input
objectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<T>
Result, as an instance of T
Type Parameters
T
GetFilters(string, object?, List<string>?, TargetSQLTableMappings?, TargetDialects, JsonSerializerSettings?)
Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a tuple with the members:
- Data Filters (UCAST or SQL)
- Column Masking Rules
public Task<(IFilter, ColumnMasks?)> GetFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, TargetDialects targetDialect = TargetDialects.UcastLinq, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
path
stringThe rule to use for generating data filters. (Example: "app/rbac")
input
objectThe input C# object OPA will use for evaluating the data filter policy.
unknowns
List<string>The unknowns to use in partial evaluation of the data filter policy.
tableMappings
TargetSQLTableMappingsThe mappings between tables and columns that should be used for generating the data filters.
targetDialect
TargetDialectsThe specific dialect of data filters to generate. (default: UCAST-LINQ dialect)
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<(IFilter, ColumnMasks)>
A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).
Remarks
Exceptions
GetMultipleFilters(string, object?, List<string>?, TargetSQLTableMappings?, List<TargetDialects>?, JsonSerializerSettings?)
Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a Dictionary pairing filter types to the generated data filters. Each data filtering result has the form:
- Data Filters (UCAST or SQL)
- Column Masking Rules
public Task<(Dictionary<string, IFilter>, ColumnMasks?)> GetMultipleFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, List<TargetDialects>? targetDialects = null, JsonSerializerSettings? jsonSerializerSettings = null)
Parameters
path
stringThe rule to use for generating data filters. (Example: "app/rbac")
input
objectThe input C# object OPA will use for evaluating the data filter policy.
unknowns
List<string>The unknowns to use in partial evaluation of the data filter policy.
tableMappings
TargetSQLTableMappingsThe mappings between tables and columns that should be used for generating the data filters.
targetDialects
List<TargetDialects>The dialects of data filters to generate. (default: UCAST-LINQ dialect)
jsonSerializerSettings
JsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<(Dictionary<string, IFilter>, ColumnMasks)>
A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).