Table of Contents

Class OpaClient

Namespace
Styra.Opa
Assembly
Styra.Opa.dll

OpaClient provides high-level convenience APIs for interacting with an OPA server. It is generally recommended to use this class for most common OPA integrations.

public class OpaClient
Inheritance
OpaClient
Inherited Members

Constructors

OpaClient(string?, ILogger<OpaClient>?, JsonSerializerSettings?)

Constructs an OpaClient, connecting to a specified server address if provided.

public OpaClient(string? serverUrl = null, ILogger<OpaClient>? logger = null, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

serverUrl string

The URL for connecting to the OPA server instance. (default: "http://localhost:8181")

logger ILogger<OpaClient>

The ILogger instance to use for this OpaClient. (default: NullLogger)

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings to use as the default for serializing inputs for OPA. (default: none)

Methods

Check(string, object?, JsonSerializerSettings?)

Simple allow/deny-style check against a rule, using the provided object, This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.

public Task<bool> Check(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

path string

The rule to evaluate. (Example: "app/rbac")

input object

The input C# object OPA will use for evaluating the rule.

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)

Returns

Task<bool>

Result, as a boolean

EvaluateBatch(string, Dictionary<string, Dictionary<string, object>>)

Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.

public Task<(OpaBatchResults, OpaBatchErrors)> EvaluateBatch(string path, Dictionary<string, Dictionary<string, object>> inputs)

Parameters

path string

The rule to evaluate. (Example: "app/rbac")

inputs Dictionary<string, Dictionary<string, object>>

The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.

Returns

Task<(OpaBatchResults, OpaBatchErrors)>

A pair of mappings, between string keys, and SuccessfulPolicyResponses, or ServerErrors.

EvaluateBatch<T>(string, Dictionary<string, Dictionary<string, object>>)

Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.

public Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)> EvaluateBatch<T>(string path, Dictionary<string, Dictionary<string, object>> inputs)

Parameters

path string

The rule to evaluate. (Example: "app/rbac")

inputs Dictionary<string, Dictionary<string, object>>

The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.

Returns

Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)>

A pair of mappings, between string keys, and generic type T, or ServerErrors.

Type Parameters

T

EvaluateDefault<T>(object?, JsonSerializerSettings?)

Evaluate the server's default policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.

public Task<T> EvaluateDefault<T>(object? input, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

input object

The input C# object OPA will use for evaluating the rule.

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)

Returns

Task<T>

Result, as an instance of T

Type Parameters

T

Evaluate<T>(string, object?, JsonSerializerSettings?)

Evaluate a policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.

public Task<T> Evaluate<T>(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

path string

The rule to evaluate. (Example: "app/rbac")

input object

The input C# object OPA will use for evaluating the rule.

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)

Returns

Task<T>

Result, as an instance of T

Type Parameters

T

GetFilters(string, object?, List<string>?, TargetSQLTableMappings?, TargetDialects, JsonSerializerSettings?)

Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a tuple with the members:

  • Data Filters (UCAST or SQL)
  • Column Masking Rules
public Task<(IFilter, ColumnMasks?)> GetFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, TargetDialects targetDialect = TargetDialects.UcastLinq, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

path string

The rule to use for generating data filters. (Example: "app/rbac")

input object

The input C# object OPA will use for evaluating the data filter policy.

unknowns List<string>

The unknowns to use in partial evaluation of the data filter policy.

tableMappings TargetSQLTableMappings

The mappings between tables and columns that should be used for generating the data filters.

targetDialect TargetDialects

The specific dialect of data filters to generate. (default: UCAST-LINQ dialect)

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)

Returns

Task<(IFilter, ColumnMasks)>

A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).

Remarks

Exceptions

OpaException

GetMultipleFilters(string, object?, List<string>?, TargetSQLTableMappings?, List<TargetDialects>?, JsonSerializerSettings?)

Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a Dictionary pairing filter types to the generated data filters. Each data filtering result has the form:

  • Data Filters (UCAST or SQL)
  • Column Masking Rules
This is intentionally similar to the results of calling GetFilters(string, object?, List<string>?, TargetSQLTableMappings?, TargetDialects, JsonSerializerSettings?) multiple times in a row, and allows efficient retrieval of multiple data filter types if needed.
public Task<(Dictionary<string, IFilter>, ColumnMasks?)> GetMultipleFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, List<TargetDialects>? targetDialects = null, JsonSerializerSettings? jsonSerializerSettings = null)

Parameters

path string

The rule to use for generating data filters. (Example: "app/rbac")

input object

The input C# object OPA will use for evaluating the data filter policy.

unknowns List<string>

The unknowns to use in partial evaluation of the data filter policy.

tableMappings TargetSQLTableMappings

The mappings between tables and columns that should be used for generating the data filters.

targetDialects List<TargetDialects>

The dialects of data filters to generate. (default: UCAST-LINQ dialect)

jsonSerializerSettings JsonSerializerSettings

The Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)

Returns

Task<(Dictionary<string, IFilter>, ColumnMasks)>

A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).

Remarks

Exceptions

OpaException