Package com.styra.opa

Class OPAClient

java.lang.Object
com.styra.opa.OPAClient

public class OPAClient extends Object
The OPA class contains all the functionality and configuration needed to make "happy path" queries against an OPA server. Internally, it instantiates an instance of Speakeasy generated SDK (com.styra.opa.sdk.Opa) with appropriate settings based on the parameters provided in the constructor for this class.
  • Constructor Details

    • OPAClient

      public OPAClient()
      Instantiate a new OPA wrapper with default settings. This will automatically try to connect to OPA on localhost:8181, which is a suitable value for most sidecar style deployments of OPA.
    • OPAClient

      public OPAClient(String opaURL)
      Instantiates an OPA API wrapper with a custom OPA URL.
      Parameters:
      opaURL - URL at which OPA should be connected to.
    • OPAClient

      public OPAClient(String opaURL, HTTPClient httpclient)
      This constructor can be used to instantiate an OPAClient which uses a custom HTTP client implementation for the underlying OpaApiClient.
      Parameters:
      opaURL - URL at which OPA should be connected to.
      httpclient - custom HTTP client to use
    • OPAClient

      public OPAClient(String opaURL, Map<String,String> headers)
      This constructor allows instantiating the OPA wrapper with additional HTTP headers to be injected into every request. This is intended to be used with OPA bearer token authentication, which you can learn more about here: https://www.openpolicyagent.org/docs/latest/rest-api/#authentication
      Parameters:
      opaURL - URL at which OPA should be connected to.
      headers - additional HTTP headers to inject into each request.
    • OPAClient

      public OPAClient(OpaApiClient client)
      This constructor acts as an escape hatch, allowing you to provide your own instance of the Speakeasy generated client. This may be useful if you need to bring your own HTTP client implementation, or otherwise need to configure the client in a more advanced way than this high level wrapper permits.
      Parameters:
      client -
  • Method Details

    • forceBatchFallback

      public void forceBatchFallback(boolean newEnableBatchFallback)
      Bypass batch mode support detection and force the API client to enable or disable fallback mode. If newEnableBatchFallback is 'true', then fallback mode is always used. If it is 'false', then batch support detection will be reset, though subsequent batch evaluation calls may detect if the batch API is not supported and re-enable the fallback later. You should not need to use this method during normal usage.
    • check

      public boolean check(String path, Map<String,Object> input) throws OPAException
      Perform a query with an input document against a Rego rule head by its path, and coerce the result to a boolean. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document.
      Parameters:
      input - Input document for OPA query.
      path - Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".
      Returns:
      Throws:
      OPAException
    • check

      public boolean check(String path, String input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(String path, boolean input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(String path, double input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(String path, List<Object> input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(String path, Object input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(Map<String,Object> input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(boolean input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(double input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(List<Object> input) throws OPAException
      Throws:
      OPAException
    • check

      public boolean check(Object input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Map<String,Object> input, Class<T> toValueType) throws OPAException
      Perform a query with an input document against a Rego rule head by its path. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document. If the input value is omitted, then an empty object is implicitly used as the input. Due to limitations in Java's generics, the type parameter T alone is not always sufficient to determine the correct type to coerce the output to (specifically with constructing the TypeReference to use with fasterxml's ObjectMapper). In particular, the compiler needs a little extra help when assigning the return of this method to an object. In such situations, you will need to also provide a toValueType. Some ways this might be accomplished are shown below:
       // likely to fail at compile time with:
       //     java.lang.ClassCastException ... cannot be cast to class MyObject
       MyObject obj = evaluate("/foo", "bar");
      
       // using a TypeReference (recommended method)
       MyObject obj = evaluate("/foo", "bar", TypeReference<MyObject>() {});
      
       // using ObjectMapper
       MyObject obj = evaluate("/foo", "bar", new ObjectMapper().constructType(instanceOfMyObject.getClass()));
      
       // using .class (can cause checking issue with classes that have type parameters)
       MyObject obj = evaluate("/foo", "bar", MyObject.class);
       
      If the path parameter is omitted, then the default path `/` is used, which will cause OPA to use the default decision at /data/system/main. To avoid ambiguity with the function overload, if only a string argument is provided, it is taken to be the path rather than an input to be used with the default path. This is to simplify accessing the default path without an input.
      Parameters:
      input - Input document for OPA query.
      path - Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".
      toValueType - May optionally be used to provide an alternative type for output conversion. This is especially useful when reading the result of an OPA request into an object.
      Returns:
      The return value is automatically coerced to have a type matching the type parameter T using com.fasterxml.jackson.databind.ObjectMapper.
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, String input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, boolean input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, double input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, List<Object> input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Object input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Map<String,Object> input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Class<T> toValueType) throws OPAException
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      Parameters:
      path -
      toValueType -
      Returns:
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(boolean input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(double input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(List<Object> input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Object input, Class<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Map<String,Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, String input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, boolean input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, double input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, List<Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Object input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Map<String,Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      Parameters:
      path -
      toValueType -
      Returns:
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(boolean input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(double input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(List<Object> input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Object input, com.fasterxml.jackson.databind.JavaType toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Map<String,Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, String input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, List<Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Map<String,Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      Parameters:
      path -
      toValueType -
      Returns:
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(List<Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Map<String,Object> input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, String input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, boolean input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, double input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, List<Object> input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path, Object input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Map<String,Object> input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(String path) throws OPAException
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      Parameters:
      path -
      Returns:
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(boolean input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(double input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(List<Object> input) throws OPAException
      Throws:
      OPAException
    • evaluate

      public <T> T evaluate(Object input) throws OPAException
      Throws:
      OPAException
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, Map<String,Object> input)
      This method performs a scalar policy evaluation similar to evaluate(), but does not immediately handle the result, instead packing it into an OPAResult similar to how the batch evaluation methods work. This means that final output type conversion as well as throwing of any exceptions that occurred during policy evaluation is deferred until OPAResult.get() is used.
      Parameters:
      path -
      input -
      Returns:
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, String input)
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, boolean input)
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, double input)
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, List<Object> input)
    • evaluateDeferred

      public OPAResult evaluateDeferred(String path, Object input)
    • evaluateDeferred

      public OPAResult evaluateDeferred(Map<String,Object> input)
    • evaluateBatch

      public Map<String,OPAResult> evaluateBatch(String path, Map<String,Object> input) throws OPAException
      Shorthand for evaluateBatch(path, input, true).
      Parameters:
      path -
      input -
      Returns:
      Throws:
      OPAException
    • evaluateBatch

      public Map<String,OPAResult> evaluateBatch(String path, Map<String,Object> input, boolean rejectMixed) throws OPAException
      Evaluate a batch of multiple different inputs and paths at once using Enterprise OPA's batch API. If this method is used while connected to a standard OPA, it will transparently fall back to sequential scalar evaluation calls.
      Parameters:
      path -
      input -
      rejectMixed - if true, any request in the batch failing causes an exception to be thrown immediately
      Returns:
      Throws:
      OPAException