Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/segrax/openpolicyagent

PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client
https://github.com/segrax/openpolicyagent

authorization authorization-middleware middlewares opa openpolicyagent php psr-15 psr-7

Last synced: 24 days ago
JSON representation

PSR-7 and PSR-15 OPA Authorization Middleware and Open Policy Agent Client

Awesome Lists containing this project

README

        

# Open Policy Agent Library

This library provides a client for the [Open Policy Agent](https://www.openpolicyagent.org/) (OPA), a PSR-15 authorization middleware and a PSR-15 bundle distributor middleware.

[![Latest Version](https://img.shields.io/packagist/v/segrax/open-policy-agent)](https://packagist.org/packages/segrax/open-policy-agent)
[![Packagist](https://img.shields.io/packagist/dm/segrax/open-policy-agent)](https://packagist.org/packages/segrax/open-policy-agent)
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg)](LICENSE.txt)
[![Build Status](https://api.travis-ci.com/segrax/openpolicyagent.svg)](https://app.travis-ci.com/github/segrax/openpolicyagent)
[![codecov](https://codecov.io/gh/segrax/openpolicyagent/branch/master/graph/badge.svg)](https://codecov.io/gh/segrax/openpolicyagent)

For working examples, please see [segrax/opa-php-examples](https://github.com/segrax/opa-php-examples) and a [walkthrough](https://coil.com/p/segra/OPA-for-API-Authorization-with-Slim-PHP/H-7YsQL2m) is available to guide you through the examples.

## Install
Install the latest using [composer](https://getcomposer.org/).
```bash
composer require segrax/open-policy-agent
```

### Usage Examples

### Client Usage
```php
use Segrax\OpenPolicyAgent\Client;
use GuzzleHttp\Client as GuzzleHttpClient;

$apiPolicy = "package my.api
default allow=false
allow {
input.path = [\"abc\"]
input.user == \"a random user\"
}";

$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');

// Push a policy to the agent
$client->policyUpdate('my/api', $apiPolicy, false);

// Execute the policy
$inputs = [ 'path' => ['abc'],
'user' => 'a random user'];

$res = $client->policy('my/api', $inputs, false, false, false, false );
if ($res->getByName('allow') === true ) {
// Do stuff
}
```

### Authorization Middleware
Create the client, and add the Authorization object onto the middleware stack
```php
use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Authorization;

$app = AppFactory::create();

$client = new Client(null, new GuzzleHttpClient(), new RequestFactory(), 'http://127.0.0.1:8181', 'MyToken');
$app->add(new Authorization(
[Authorization::OPT_POLICY => 'auth/api'],
$client,
$app->getResponseFactory()));

```

### Distributor Middleware
Insert the middleware, it will respond to bundle requests at /opa/bundles/{service_name} for users with a valid JWT with the subfield 'opa'

```php
use Segrax\OpenPolicyAgent\Client;
use Segrax\OpenPolicyAgent\Middleware\Distributor;

$app = AppFactory::create();

$app->add(new Distributor(
'/opa/bundles/', // Route
__DIR__ . '/opa', // Policy Path
[Distributor::OPT_AGENT_USER => 'opa'], // Token Sub Field
$app->getResponseFactory(),
new StreamFactory(),
$app->getLogger()));

// Add a GET route for the opa bundle route
$app->get('/opa/bundles/{name}', function (Request $request, Response $response, array $args) {
return $response->withStatus(404);
});

```

## Code Testing
``` bash
make tests
```

## Security

If you discover any security related issues, please email [[email protected]](mailto:[email protected]).

## License

The MIT License (MIT). Please see [License File](LICENSE.txt) for more information.