Awesome
Open Policy Agent (OPA) WebAssembly dotnet core SDK
This is SDK for using WebAssembly (wasm) compiled Open Policy Agent policies with dotnet core.
Initial implementation was based on Open Policy Agent WebAssemby NPM Module
For more information check out the guide.
Key Features
- Fast in-process OPA policies evaluation.
- Full ABI support.
- Additional OPA built-ins.
- Compilation.
- AspDotNet Core integration.
NuGet Packages
Official | Preview | |
---|---|---|
OpaDotNet.Wasm | ||
OpaDotNet.Extensions.AspNetCore | ||
OpaDotNet.Compilation.Cli | - | |
OpaDotNet.Compilation.Interop | - |
Getting Started
Install nuget package
dotnet add package OpaDotNet.Wasm
Usage
To evaluate OPA policy you need to:
Load compiled policy
using using OpaDotNet.Wasm;
const string data = "{ \"world\": \"world\" }";
using var engine = OpaEvaluatorFactory.CreateFromWasm(
File.OpenRead("policy.wasm")
);
engine.SetDataFromRawJson(data);
Evaluate policy
IOpaEvaluator
has several APIs for policy evaluation:
EvaluatePredicate
- Evaluates named policy with specified input. Response interpreted as simpletrue
/false
result.Evaluate
- Evaluates named policy with specified input.EvaluateRaw
- Evaluates named policy with specified raw JSON input.
var policyResult = engine.EvaluatePredicate(inp);
Check result
if (policyResult.Result)
{
// We've been authorized.
}
else
{
// Can't do that.
}
Writing policy
See writing policy
Compiling policy
You have several options to compile rego policy into wasm module:
package example
default hello = false
hello {
x := input.message
x == data.world
}
Manually
Either use the Compile REST API or opa build CLI tool.
For example, with OPA v0.20.5+:
opa build -t wasm -e example/hello example.rego
Which is compiling the example.rego
policy file.
The result will be an OPA bundle with the policy.wasm
binary included. See ./samples for a more
comprehensive example.
See opa build --help
for more details.
With OpaDotNet.Compilation
You can use SDK to do compilation for you. For more information see OpaDotNet.Compilation.
OpaDotNet.Compilation.Cli
[!IMPORTANT] You will need
opa
cli tool to be in your PATH or provide full path inRegoCliCompilerOptions
.
dotnet add package OpaDotNet.Compilation.Cli
using OpaDotNet.Wasm;
using OpaDotNet.Compilation.Cli;
var compiler = new RegoCliCompiler();
var policyStream = await compiler.CompileFile("example.rego", new[] { "example/hello" });
// Use compiled policy.
using var engine = OpaEvaluatorFactory.CreateFromBundle(policyStream);
OpaDotNet.Compilation.Interop
dotnet add package OpaDotNet.Compilation.Interop
using OpaDotNet.Wasm;
using OpaDotNet.Compilation.Interop;
var compiler = new RegoInteropCompiler();
var policyStream = await compiler.CompileFile("example.rego", new[] { "example/hello" });
// Use compiled policy.
using var engine = OpaEvaluatorFactory.CreateFromBundle(policyStream);
3rd Party Libraries and Contributions
- OPA - An open source, general-purpose policy engine that unifies policy enforcement across the stack.
- Moq - The most popular and friendly mocking library for .NET.
- xUnit.net - Free, open source, community-focused unit testing tool for the .NET Framework.
- wasmtime-dotnet - .NET embedding of Wasmtime.
- IPNetwork2 - Utility classes take care of complex network, IPv4, IPv6, CIDR calculation for .NET developers.
- BenchmarkDotNet - Powerful .NET library for benchmarking.
- Semver - Implementation in .Net based on the v2.0.0 of the spec.
- json-everything - Set of libraries that ensure that common JSON functionality has good support in the System.Text.Json space.
- YamlDotNet - YamlDotNet is a YAML library for netstandard and other .NET runtimes.