Awesome
Open Policy Agent WebAssembly SDK for Python
This is the source for the opa-wasm Python module which is an SDK for using WebAssembly (wasm) compiled Open Policy Agent Rego policies using wasmer-python.
Getting Started
Install the module
You may choose to use either the cranelift
or llvm
compiler package as follows:
pip install opa-wasm[cranelift]
or
pip install opa-wasm[llvm]
If you are using zsh, consider adding double-quote around the package name such as "opa-wasm[cranelift]"
or "opa-wasm[llvm]"
.
For builds that target AWS Lambda as an execution environment, it is recommended to use cranelift. This avoids the need to bundle additional binary dependencies as part of the lambda package.
See the wasmer-python docs for more information
Usage
There are only a couple of steps required to start evaluating the policy.
# Import the module
from opa_wasm import OPAPolicy
# Load a policy by specifying its file path
policy = OPAPolicy('./policy.wasm')
# Optional: Set policy data
policy.set_data({"company_name": "ACME"})
# Evaluate the policy
input = {"user": "alice"}
result = policy.evaluate(input)
Writing the policy
See https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/
Compiling the policy
Either use the Compile REST API or opa build
CLI tool.
For example, with OPA v0.20.5+:
opa build -t wasm -e 'example/allow' example.rego
Which compiles the example.rego
policy file with the result set to
data.example.allow
. The result will be an OPA bundle with the policy.wasm
binary included.
See opa build --help
for more details.
Credits
This project was inspired by the equivalent NPM Module @open-policy-agent/opa-wasm