Class OpaClient
OpaClient provides high-level convenience APIs for interacting with an OPA server. It is generally recommended to use this class for most common OPA integrations.
public class OpaClient- Inheritance
-
OpaClient
- Inherited Members
Constructors
OpaClient(string?, ILogger<OpaClient>?, JsonSerializerSettings?)
Constructs an OpaClient, connecting to a specified server address if provided.
public OpaClient(string? serverUrl = null, ILogger<OpaClient>? logger = null, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
serverUrlstringThe URL for connecting to the OPA server instance. (default: "http://localhost:8181")
loggerILogger<OpaClient>The ILogger instance to use for this OpaClient. (default: NullLogger)
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings to use as the default for serializing inputs for OPA. (default: none)
Methods
Check(string, object?, JsonSerializerSettings?)
Simple allow/deny-style check against a rule, using the provided object, This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<bool> Check(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
pathstringThe rule to evaluate. (Example: "app/rbac")
inputobjectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
EvaluateBatch(string, Dictionary<string, Dictionary<string, object>>)
Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.
public Task<(OpaBatchResults, OpaBatchErrors)> EvaluateBatch(string path, Dictionary<string, Dictionary<string, object>> inputs)Parameters
pathstringThe rule to evaluate. (Example: "app/rbac")
inputsDictionary<string, Dictionary<string, object>>The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.
Returns
- Task<(OpaBatchResults, OpaBatchErrors)>
A pair of mappings, between string keys, and SuccessfulPolicyResponses, or ServerErrors.
EvaluateBatch<T>(string, Dictionary<string, Dictionary<string, object>>)
Evaluate a policy, using the provided map of query inputs. Results will be returned in an identically-structured pair of maps, one for successful evals, and one for errors. In the event that the OPA server does not support the /v1/batch/data endpoint, this method will fall back to performing sequential queries against the OPA server.
public Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)> EvaluateBatch<T>(string path, Dictionary<string, Dictionary<string, object>> inputs)Parameters
pathstringThe rule to evaluate. (Example: "app/rbac")
inputsDictionary<string, Dictionary<string, object>>The input Dictionary OPA will use for evaluating the rule. The keys are arbitrary ID strings, the values are the input values intended for each query.
Returns
- Task<(OpaBatchResultGeneric<T>, OpaBatchErrors)>
A pair of mappings, between string keys, and generic type T, or ServerErrors.
Type Parameters
T
EvaluateDefault<T>(object?, JsonSerializerSettings?)
Evaluate the server's default policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<T> EvaluateDefault<T>(object? input, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
inputobjectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<T>
Result, as an instance of T
Type Parameters
T
Evaluate<T>(string, object?, JsonSerializerSettings?)
Evaluate a policy, using the provided object, then coerce the result to type T. This will round-trip an object through Newtonsoft.JsonConvert, in order to generate the input object for the eventual OPA API call.
public Task<T> Evaluate<T>(string path, object? input, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
pathstringThe rule to evaluate. (Example: "app/rbac")
inputobjectThe input C# object OPA will use for evaluating the rule.
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<T>
Result, as an instance of T
Type Parameters
T
GetFilters(string, object?, List<string>?, TargetSQLTableMappings?, TargetDialects, JsonSerializerSettings?)
Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a tuple with the members:
- Data Filters (UCAST or SQL)
- Column Masking Rules
public Task<(IFilter, ColumnMasks?)> GetFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, TargetDialects targetDialect = TargetDialects.UcastLinq, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
pathstringThe rule to use for generating data filters. (Example: "app/rbac")
inputobjectThe input C# object OPA will use for evaluating the data filter policy.
unknownsList<string>The unknowns to use in partial evaluation of the data filter policy.
tableMappingsTargetSQLTableMappingsThe mappings between tables and columns that should be used for generating the data filters.
targetDialectTargetDialectsThe specific dialect of data filters to generate. (default: UCAST-LINQ dialect)
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<(IFilter, ColumnMasks)>
A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).
Remarks
Exceptions
GetMultipleFilters(string, object?, List<string>?, TargetSQLTableMappings?, List<TargetDialects>?, JsonSerializerSettings?)
Uses Enterprise OPA's Compile API to partially evaluate a data filter policy. Results are returned as a Dictionary pairing filter types to the generated data filters. Each data filtering result has the form:
- Data Filters (UCAST or SQL)
- Column Masking Rules
public Task<(Dictionary<string, IFilter>, ColumnMasks?)> GetMultipleFilters(string path, object? input, List<string>? unknowns = null, TargetSQLTableMappings? tableMappings = null, List<TargetDialects>? targetDialects = null, JsonSerializerSettings? jsonSerializerSettings = null)Parameters
pathstringThe rule to use for generating data filters. (Example: "app/rbac")
inputobjectThe input C# object OPA will use for evaluating the data filter policy.
unknownsList<string>The unknowns to use in partial evaluation of the data filter policy.
tableMappingsTargetSQLTableMappingsThe mappings between tables and columns that should be used for generating the data filters.
targetDialectsList<TargetDialects>The dialects of data filters to generate. (default: UCAST-LINQ dialect)
jsonSerializerSettingsJsonSerializerSettingsThe Newtonsoft.Json.JsonSerializerSettings object to use for round-tripping the input through JSON serdes. (default: global serializer settings, if any)
Returns
- Task<(Dictionary<string, IFilter>, ColumnMasks)>
A ValueTuple of data filters (UCAST nodes or SQL) and column masking rules (if present).