Package com.styra.opa

Class OPAClient

  • public class OPAClient
extends java.lang.Object
    The OPA class contains all the functionality and configuration needed to make "happy path" queries against an OPA server. Internally, it instantiates an instance of Speakeasy generated SDK (com.styra.opa.sdk.Opa) with appropriate settings based on the parameters provided in the constructor for this class.

    • Constructor Summary

      Constructors 
      Constructor Description
      OPAClient()
      Instantiate a new OPA wrapper with default settings.
      OPAClient​(OpaApiClient client)
      This constructor acts as an escape hatch, allowing you to provide your own instance of the Speakeasy generated client.
      OPAClient​(java.lang.String opaURL)
      Instantiates an OPA API wrapper with a custom OPA URL.
      OPAClient​(java.lang.String opaURL, HTTPClient httpclient)
      This constructor can be used to instantiate an OPAClient which uses a custom HTTP client implementation for the underlying OpaApiClient.
      OPAClient​(java.lang.String opaURL, java.util.Map<java.lang.String,​java.lang.String> headers)
      This constructor allows instantiating the OPA wrapper with additional HTTP headers to be injected into every request.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean check​(boolean input)  
      boolean check​(double input)  
      boolean check​(java.lang.Object input)  
      boolean check​(java.lang.String path, boolean input)  
      boolean check​(java.lang.String path, double input)  
      boolean check​(java.lang.String path, java.lang.Object input)  
      boolean check​(java.lang.String path, java.lang.String input)  
      boolean check​(java.lang.String path, java.util.List<java.lang.Object> input)  
      boolean check​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input)
      Perform a query with an input document against a Rego rule head by its path, and coerce the result to a boolean.
      boolean check​(java.util.List<java.lang.Object> input)  
      boolean check​(java.util.Map<java.lang.String,​java.lang.Object> input)  
      <T> T evaluate​(boolean input)  
      <T> T evaluate​(boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(boolean input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(boolean input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(double input)  
      <T> T evaluate​(double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(double input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(double input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.Object input)  
      <T> T evaluate​(java.lang.Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.Object input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.Object input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path)
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      <T> T evaluate​(java.lang.String path, boolean input)  
      <T> T evaluate​(java.lang.String path, boolean input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, boolean input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, boolean input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path, double input)  
      <T> T evaluate​(java.lang.String path, double input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, double input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, double input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      <T> T evaluate​(java.lang.String path, com.fasterxml.jackson.databind.JavaType toValueType)
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      <T> T evaluate​(java.lang.String path, java.lang.Class<T> toValueType)
      Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
      <T> T evaluate​(java.lang.String path, java.lang.Object input)  
      <T> T evaluate​(java.lang.String path, java.lang.Object input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.lang.Object input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, java.lang.Object input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.lang.String input)  
      <T> T evaluate​(java.lang.String path, java.lang.String input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.lang.String input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, java.lang.String input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.List<java.lang.Object> input)  
      <T> T evaluate​(java.lang.String path, java.util.List<java.lang.Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.List<java.lang.Object> input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.List<java.lang.Object> input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input)  
      <T> T evaluate​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input, java.lang.Class<T> toValueType)
      Perform a query with an input document against a Rego rule head by its path.
      <T> T evaluate​(java.util.List<java.lang.Object> input)  
      <T> T evaluate​(java.util.List<java.lang.Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.util.List<java.lang.Object> input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.util.List<java.lang.Object> input, java.lang.Class<T> toValueType)  
      <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input)  
      <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input, com.fasterxml.jackson.core.type.TypeReference<T> toValueType)  
      <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input, com.fasterxml.jackson.databind.JavaType toValueType)  
      <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input, java.lang.Class<T> toValueType)  
      java.util.Map<java.lang.String,​OPAResult> evaluateBatch​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input)
      Shorthand for evaluateBatch(path, input, true).
      java.util.Map<java.lang.String,​OPAResult> evaluateBatch​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input, boolean rejectMixed)
      Evaluate a batch of multiple different inputs and paths at once using Enterprise OPA's batch API.
      OPAResult evaluateDeferred​(java.lang.String path, boolean input)  
      OPAResult evaluateDeferred​(java.lang.String path, double input)  
      OPAResult evaluateDeferred​(java.lang.String path, java.lang.Object input)  
      OPAResult evaluateDeferred​(java.lang.String path, java.lang.String input)  
      OPAResult evaluateDeferred​(java.lang.String path, java.util.List<java.lang.Object> input)  
      OPAResult evaluateDeferred​(java.lang.String path, java.util.Map<java.lang.String,​java.lang.Object> input)
      This method performs a scalar policy evaluation similar to evaluate(), but does not immediately handle the result, instead packing it into an OPAResult similar to how the batch evaluation methods work.
      OPAResult evaluateDeferred​(java.util.Map<java.lang.String,​java.lang.Object> input)  
      void forceBatchFallback​(boolean newEnableBatchFallback)
      Bypass batch mode support detection and force the API client to enable or disable fallback mode.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • OPAClient

        public OPAClient()
        Instantiate a new OPA wrapper with default settings. This will automatically try to connect to OPA on localhost:8181, which is a suitable value for most sidecar style deployments of OPA.

      • OPAClient

        public OPAClient​(java.lang.String opaURL)
        Instantiates an OPA API wrapper with a custom OPA URL.
        Parameters:
        opaURL - URL at which OPA should be connected to.

      • OPAClient

        public OPAClient​(java.lang.String opaURL,
                 HTTPClient httpclient)
        This constructor can be used to instantiate an OPAClient which uses a custom HTTP client implementation for the underlying OpaApiClient.
        Parameters:
        opaURL - URL at which OPA should be connected to.
        httpclient - custom HTTP client to use

      • OPAClient

        public OPAClient​(java.lang.String opaURL,
                 java.util.Map<java.lang.String,​java.lang.String> headers)
        This constructor allows instantiating the OPA wrapper with additional HTTP headers to be injected into every request. This is intended to be used with OPA bearer token authentication, which you can learn more about here: https://www.openpolicyagent.org/docs/latest/rest-api/#authentication
        Parameters:
        opaURL - URL at which OPA should be connected to.
        headers - additional HTTP headers to inject into each request.

      • OPAClient

        public OPAClient​(OpaApiClient client)
        This constructor acts as an escape hatch, allowing you to provide your own instance of the Speakeasy generated client. This may be useful if you need to bring your own HTTP client implementation, or otherwise need to configure the client in a more advanced way than this high level wrapper permits.
        Parameters:
        client -

    • Method Detail

      • forceBatchFallback

        public void forceBatchFallback​(boolean newEnableBatchFallback)
        Bypass batch mode support detection and force the API client to enable or disable fallback mode. If newEnableBatchFallback is 'true', then fallback mode is always used. If it is 'false', then batch support detection will be reset, though subsequent batch evaluation calls may detect if the batch API is not supported and re-enable the fallback later. You should not need to use this method during normal usage.

      • check

        public boolean check​(java.lang.String path,
                     java.util.Map<java.lang.String,​java.lang.Object> input)
              throws OPAException
        Perform a query with an input document against a Rego rule head by its path, and coerce the result to a boolean. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document.
        Parameters:
        input - Input document for OPA query.
        path - Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".
        Returns:
        Throws:
        OPAException

      • check

        public boolean check​(java.lang.String path,
                     java.lang.String input)
              throws OPAException
        Throws:
        OPAException

      • check

        public boolean check​(java.lang.String path,
                     java.util.List<java.lang.Object> input)
              throws OPAException
        Throws:
        OPAException

      • check

        public boolean check​(java.lang.String path,
                     java.lang.Object input)
              throws OPAException
        Throws:
        OPAException

      • check

        public boolean check​(java.util.Map<java.lang.String,​java.lang.Object> input)
              throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.Map<java.lang.String,​java.lang.Object> input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Perform a query with an input document against a Rego rule head by its path. The other overloaded variations of this method behave similar, but allow any valid JSON value to be used as the input document. If the input value is omitted, then an empty object is implicitly used as the input. Due to limitations in Java's generics, the type parameter T alone is not always sufficient to determine the correct type to coerce the output to (specifically with constructing the TypeReference to use with fasterxml's ObjectMapper). In particular, the compiler needs a little extra help when assigning the return of this method to an object. In such situations, you will need to also provide a toValueType. Some ways this might be accomplished are shown below: 
         // likely to fail at compile time with:
 //     java.lang.ClassCastException ... cannot be cast to class MyObject
 MyObject obj = evaluate("/foo", "bar");

 // using a TypeReference (recommended method)
 MyObject obj = evaluate("/foo", "bar", TypeReference<MyObject>() {});

 // using ObjectMapper
 MyObject obj = evaluate("/foo", "bar", new ObjectMapper().constructType(instanceOfMyObject.getClass()));

 // using .class (can cause checking issue with classes that have type parameters)
 MyObject obj = evaluate("/foo", "bar", MyObject.class);
        If the path parameter is omitted, then the default path `/` is used, which will cause OPA to use the default decision at /data/system/main. To avoid ambiguity with the function overload, if only a string argument is provided, it is taken to be the path rather than an input to be used with the default path. This is to simplify accessing the default path without an input.
        Parameters:
        input - Input document for OPA query.
        path - Path to rule head to query, for example to access a rule head "allow" in a Rego file that starts with "package main", you would provide the value "main/allow".
        toValueType - May optionally be used to provide an alternative type for output conversion. This is especially useful when reading the result of an OPA request into an object.
        Returns:
        The return value is automatically coerced to have a type matching the type parameter T using com.fasterxml.jackson.databind.ObjectMapper.
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.String input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      boolean input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      double input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.List<java.lang.Object> input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.Object input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
        Parameters:
        path -
        toValueType -
        Returns:
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(boolean input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(double input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.List<java.lang.Object> input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.Object input,
                      java.lang.Class<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.Map<java.lang.String,​java.lang.Object> input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.String input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      boolean input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      double input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.List<java.lang.Object> input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.Object input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
        Parameters:
        path -
        toValueType -
        Returns:
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(boolean input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(double input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.List<java.lang.Object> input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.Object input,
                      com.fasterxml.jackson.databind.JavaType toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.Map<java.lang.String,​java.lang.Object> input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.String input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      boolean input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      double input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.List<java.lang.Object> input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.Object input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
        Parameters:
        path -
        toValueType -
        Returns:
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(boolean input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(double input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.List<java.lang.Object> input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.Object input,
                      com.fasterxml.jackson.core.type.TypeReference<T> toValueType)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.Map<java.lang.String,​java.lang.Object> input)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.String input)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.util.List<java.lang.Object> input)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path,
                      java.lang.Object input)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.Map<java.lang.String,​java.lang.Object> input)
               throws OPAException
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.lang.String path)
               throws OPAException
        Special case where a single string argument is used as the path rather than the input, unlike other single argument overloads.
        Parameters:
        path -
        Returns:
        Throws:
        OPAException

      • evaluate

        public <T> T evaluate​(java.util.List<java.lang.Object> input)
               throws OPAException
        Throws:
        OPAException

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  java.util.Map<java.lang.String,​java.lang.Object> input)
        This method performs a scalar policy evaluation similar to evaluate(), but does not immediately handle the result, instead packing it into an OPAResult similar to how the batch evaluation methods work. This means that final output type conversion as well as throwing of any exceptions that occurred during policy evaluation is deferred until OPAResult.get() is used.
        Parameters:
        path -
        input -
        Returns:

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  java.lang.String input)

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  boolean input)

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  double input)

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  java.util.List<java.lang.Object> input)

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.lang.String path,
                                  java.lang.Object input)

      • evaluateDeferred

        public OPAResult evaluateDeferred​(java.util.Map<java.lang.String,​java.lang.Object> input)

      • evaluateBatch

        public java.util.Map<java.lang.String,​OPAResult> evaluateBatch​(java.lang.String path,
                                                                     java.util.Map<java.lang.String,​java.lang.Object> input)
                                                              throws OPAException
        Shorthand for evaluateBatch(path, input, true).
        Parameters:
        path -
        input -
        Returns:
        Throws:
        OPAException

      • evaluateBatch

        public java.util.Map<java.lang.String,​OPAResult> evaluateBatch​(java.lang.String path,
                                                                     java.util.Map<java.lang.String,​java.lang.Object> input,
                                                                     boolean rejectMixed)
                                                              throws OPAException
        Evaluate a batch of multiple different inputs and paths at once using Enterprise OPA's batch API. If this method is used while connected to a standard OPA, it will transparently fall back to sequential scalar evaluation calls.
        Parameters:
        path -
        input -
        rejectMixed - if true, any request in the batch failing causes an exception to be thrown immediately
        Returns:
        Throws:
        OPAException