Package com.styra.opa
Class OPAClient
java.lang.Object
com.styra.opa.OPAClient
The OPA class contains all the functionality and configuration needed to
make "happy path" queries against an OPA server. Internally, it instantiates
an instance of Speakeasy generated SDK (com.styra.opa.sdk.Opa) with
appropriate settings based on the parameters provided in the constructor for
this class.
-
Constructor Summary
ConstructorsConstructorDescriptionInstantiate a new OPA wrapper with default settings.OPAClient
(OpaApiClient client) This constructor acts as an escape hatch, allowing you to provide your own instance of the Speakeasy generated client.Instantiates an OPA API wrapper with a custom OPA URL.OPAClient
(String opaURL, HTTPClient httpclient) This constructor can be used to instantiate an OPAClient which uses a custom HTTP client implementation for the underlying OpaApiClient.This constructor allows instantiating the OPA wrapper with additional HTTP headers to be injected into every request. -
Method Summary
Modifier and TypeMethodDescriptionboolean
check
(boolean input) boolean
check
(double input) boolean
boolean
boolean
boolean
boolean
boolean
boolean
Perform a query with an input document against a Rego rule head by its path, and coerce the result to a boolean.boolean
boolean
<T> T
evaluate
(boolean input) <T> T
evaluate
(boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) <T> T
evaluate
(boolean input, com.fasterxml.jackson.databind.JavaType toValueType) <T> T
<T> T
evaluate
(double input) <T> T
evaluate
(double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) <T> T
evaluate
(double input, com.fasterxml.jackson.databind.JavaType toValueType) <T> T
<T> T
<T> T
<T> T
<T> T
<T> T
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.<T> T
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.<T> T
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
evaluate
(String path, List<Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) <T> T
<T> T
<T> T
<T> T
evaluate
(String path, Map<String, Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) <T> T
evaluate
(String path, Map<String, Object> input, com.fasterxml.jackson.databind.JavaType toValueType) <T> T
Perform a query with an input document against a Rego rule head by its path.<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
<T> T
evaluateBatch
(String path, Map<String, Object> input) Shorthand for evaluateBatch(path, input, true).evaluateBatch
(String path, Map<String, Object> input, boolean rejectMixed) Evaluate a batch of multiple different inputs and paths at once using Enterprise OPA's batch API.evaluateDeferred
(String path, boolean input) evaluateDeferred
(String path, double input) evaluateDeferred
(String path, Object input) evaluateDeferred
(String path, String input) evaluateDeferred
(String path, List<Object> input) evaluateDeferred
(String path, Map<String, Object> input) This method performs a scalar policy evaluation similar to evaluate(), but does not immediately handle the result, instead packing it into an OPAResult similar to how the batch evaluation methods work.evaluateDeferred
(Map<String, Object> input) void
forceBatchFallback
(boolean newEnableBatchFallback) Bypass batch mode support detection and force the API client to enable or disable fallback mode.
-
Constructor Details
-
OPAClient
public OPAClient()Instantiate a new OPA wrapper with default settings. This will automatically try to connect to OPA on localhost:8181, which is a suitable value for most sidecar style deployments of OPA. -
OPAClient
Instantiates an OPA API wrapper with a custom OPA URL.- Parameters:
opaURL
- URL at which OPA should be connected to.
-
OPAClient
This constructor can be used to instantiate an OPAClient which uses a custom HTTP client implementation for the underlying OpaApiClient.- Parameters:
opaURL
- URL at which OPA should be connected to.httpclient
- custom HTTP client to use
-
OPAClient
This constructor allows instantiating the OPA wrapper with additional HTTP headers to be injected into every request. This is intended to be used with OPA bearer token authentication, which you can learn more about here: https://www.openpolicyagent.org/docs/latest/rest-api/#authentication- Parameters:
opaURL
- URL at which OPA should be connected to.headers
- additional HTTP headers to inject into each request.
-
OPAClient
This constructor acts as an escape hatch, allowing you to provide your own instance of the Speakeasy generated client. This may be useful if you need to bring your own HTTP client implementation, or otherwise need to configure the client in a more advanced way than this high level wrapper permits.- Parameters:
client
-
-
-
Method Details
-
forceBatchFallback
public void forceBatchFallback(boolean newEnableBatchFallback) Bypass batch mode support detection and force the API client to enable or disable fallback mode. If newEnableBatchFallback is 'true', then fallback mode is always used. If it is 'false', then batch support detection will be reset, though subsequent batch evaluation calls may detect if the batch API is not supported and re-enable the fallback later. You should not need to use this method during normal usage. -
check
Perform a query with an input document against a Rego rule head by its path, and coerce the result to a boolean. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document.- Parameters:
input
- Input document for OPA query.path
- Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".- Returns:
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
check
- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, Map<String, Object> input, Class<T> toValueType) throws OPAExceptionPerform a query with an input document against a Rego rule head by its path. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document. If the input value is omitted, then an empty object is implicitly used as the input. Due to limitations in Java's generics, the type parameter T alone is not always sufficient to determine the correct type to coerce the output to (specifically with constructing the TypeReference to use with fasterxml's ObjectMapper). In particular, the compiler needs a little extra help when assigning the return of this method to an object. In such situations, you will need to also provide a toValueType. Some ways this might be accomplished are shown below:// likely to fail at compile time with: // java.lang.ClassCastException ... cannot be cast to class MyObject MyObject obj = evaluate("/foo", "bar"); // using a TypeReference (recommended method) MyObject obj = evaluate("/foo", "bar", TypeReference<MyObject>() {}); // using ObjectMapper MyObject obj = evaluate("/foo", "bar", new ObjectMapper().constructType(instanceOfMyObject.getClass())); // using .class (can cause checking issue with classes that have type parameters) MyObject obj = evaluate("/foo", "bar", MyObject.class);
If the path parameter is omitted, then the default path `/` is used, which will cause OPA to use the default decision at /data/system/main. To avoid ambiguity with the function overload, if only a string argument is provided, it is taken to be the path rather than an input to be used with the default path. This is to simplify accessing the default path without an input.- Parameters:
input
- Input document for OPA query.path
- Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".toValueType
- May optionally be used to provide an alternative type for output conversion. This is especially useful when reading the result of an OPA request into an object.- Returns:
- The return value is automatically coerced to have a type matching the type parameter T using com.fasterxml.jackson.databind.ObjectMapper.
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.- Parameters:
path
-toValueType
-- Returns:
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, Map<String, Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, String input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, boolean input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, double input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, List<Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, Object input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(Map<String, Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.- Parameters:
path
-toValueType
-- Returns:
- Throws:
OPAException
-
evaluate
public <T> T evaluate(boolean input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(double input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(List<Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(Object input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, Map<String, Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, String input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, List<Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(Map<String, Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException- Throws:
OPAException
-
evaluate
public <T> T evaluate(String path, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.- Parameters:
path
-toValueType
-- Returns:
- Throws:
OPAException
-
evaluate
public <T> T evaluate(boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(List<Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
public <T> T evaluate(Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException - Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.- Parameters:
path
-- Returns:
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluate
- Throws:
OPAException
-
evaluateDeferred
This method performs a scalar policy evaluation similar to evaluate(), but does not immediately handle the result, instead packing it into an OPAResult similar to how the batch evaluation methods work. This means that final output type conversion as well as throwing of any exceptions that occurred during policy evaluation is deferred until OPAResult.get() is used.- Parameters:
path
-input
-- Returns:
-
evaluateDeferred
-
evaluateDeferred
-
evaluateDeferred
-
evaluateDeferred
-
evaluateDeferred
-
evaluateDeferred
-
evaluateBatch
public Map<String,OPAResult> evaluateBatch(String path, Map<String, Object> input) throws OPAExceptionShorthand for evaluateBatch(path, input, true).- Parameters:
path
-input
-- Returns:
- Throws:
OPAException
-
evaluateBatch
public Map<String,OPAResult> evaluateBatch(String path, Map<String, Object> input, boolean rejectMixed) throws OPAExceptionEvaluate a batch of multiple different inputs and paths at once using Enterprise OPA's batch API. If this method is used while connected to a standard OPA, it will transparently fall back to sequential scalar evaluation calls.- Parameters:
path
-input
-rejectMixed
- if true, any request in the batch failing causes an exception to be thrown immediately- Returns:
- Throws:
OPAException
-