Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/me-viper/OpaDotNet.Extensions

Open Policy Agent dotnet core extensions
https://github.com/me-viper/OpaDotNet.Extensions

aspnetcore opa openpolicyagent yarp

Last synced: 3 months ago
JSON representation

Open Policy Agent dotnet core extensions

Host: GitHub
URL: https://github.com/me-viper/OpaDotNet.Extensions
Owner: me-viper
License: mit
Created: 2023-07-14T06:07:55.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-02-22T08:24:44.000Z (9 months ago)
Last Synced: 2024-06-29T22:06:59.218Z (4 months ago)
Topics: aspnetcore, opa, openpolicyagent, yarp
Language: C#
Homepage: https://me-viper.github.io/OpaDotNet/
Size: 142 KB
Stars: 3
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

awesome-opa - OpaDotNet.Extensions.AspNetCore - ASP.NET Core authorization infrastructure (Language and Platform Integrations / .NET)

README

        [![CI](https://github.com/me-viper/OpaDotNet.Extensions/actions/workflows/ci.yml/badge.svg)](https://github.com/me-viper/OpaDotNet.Extensions/actions/workflows/ci.yml)

[![Coverage Status](https://coveralls.io/repos/github/me-viper/OpaDotNet.Extensions/badge.svg)](https://coveralls.io/github/me-viper/OpaDotNet.Extensions)

# Open Policy Agent (OPA) Extensions

This repository contains AspNetCore specific extensions for [OpaDotNet](https://github.com/me-viper/OpaDotNet) project.

## NuGet Packages

|                                 | Official                                                                                                                                        | Preview                                                                                                                                            |

|---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|

| OpaDotNet.Extensions.AspNetCore | [![NuGet](https://img.shields.io/nuget/v/OpaDotNet.Extensions.AspNetCore.svg)](https://www.nuget.org/packages/OpaDotNet.Extensions.AspNetCore/) | [![Nuget](https://img.shields.io/nuget/vpre/OpaDotNet.Extensions.AspNetCore.svg)](https://www.nuget.org/packages/OpaDotNet.Extensions.AspNetCore/) |

## Getting Started

### Install nuget package

```sh

dotnet add package OpaDotNet.Extensions.AspNetCore

```

### Usage

Add policy file `./Policy/policy.rego`

```rego

package example

import future.keywords.if

# METADATA

# entrypoint: true

allow if {

    true

}

# METADATA

# entrypoint: true

deny if {

    false

}

```

The code:

```csharp

using System.Security.Claims;

using System.Text.Encodings.Web;

using System.Text.Json;

using Microsoft.AspNetCore.Authentication;

using Microsoft.Extensions.Options;

using OpaDotNet.Extensions.AspNetCore;

var builder = WebApplication.CreateBuilder(args);

// Register core services.

builder.Services.AddOpaAuthorization(

    cfg =>

    {

        // Get policies from the file system.

        cfg.AddFileSystemPolicySource();

        // Configure.

        cfg.AddConfiguration(

            p =>

            {

                // Allow to pass all headers as policy query input.

                p.AllowedHeaders.Add(".*");

                // Path where look for rego policies.

                p.PolicyBundlePath = "./Policy";

                p.EngineOptions = new()

                {

                    SerializationOptions = new()

                    {

                        PropertyNamingPolicy = JsonNamingPolicy.CamelCase,

                    },

                };

            }

            );

    }

    );

// In real scenarios here will be more sophisticated authentication.

builder.Services.AddAuthentication()

    .AddScheme(

        NopAuthenticationSchemeHandler.AuthenticationSchemeName,

        null

        );

builder.Services.AddAuthorization();

var app = builder.Build();

app.UseAuthentication();

app.UseAuthorization();

// Will evaluate example/allow rule and return 200.

app.MapGet("/allow", [OpaPolicyAuthorize("example", "allow")] () => "Hi!");

// Authorize attribute works too. Policy needs to be named 'Opa/{module}/{entrypoint}'.

app.MapGet("/allow2", [Authorize("Opa/example/allow")]() => "Hi!");

// Will evaluate example/deny rule and return 403.

app.MapGet("/deny", [OpaPolicyAuthorize("example", "deny")] () => "Should not be here!");

app.Run();

internal class NopAuthenticationSchemeHandler : AuthenticationHandler

{

    public const string AuthenticationSchemeName = "Nop";

    public NopAuthenticationSchemeHandler(

        IOptionsMonitor options,

        ILoggerFactory logger,

        UrlEncoder encoder,

        ISystemClock clock) : base(options, logger, encoder, clock)

    {

    }

    protected override Task HandleAuthenticateAsync()

    {

        var principal = new ClaimsPrincipal();

        var ticket = new AuthenticationTicket(principal, AuthenticationSchemeName);

        var result = AuthenticateResult.Success(ticket);

        return Task.FromResult(result);

    }

}

```

## Samples

* [AspNetCore](./samples/WebApp/)

* [Yarp](./samples/YarpApp/)

## 3rd Party Libraries and Contributions

* [xUnit.net](https://xunit.net/) - Free, open source, community-focused unit testing tool for the .NET Framework.