This is an SDK for using WebAssembly(wasm) compiled Open Policy Agent policies with Java powered by Chicory, a pure Java Wasm interpreter.
Initial implementation was based on Open Policy Agent WebAssemby NPM Module and Open Policy Agent WebAssembly dotnet core SDK
We want fast, in-process and secure OPA policies evaluation, and avoid network bottlenecks when using opa-java.
With Maven add the core module dependency:
<dependency>
<groupId>com.styra.opa</groupId>
<artifactId>opa-java-wasm</artifactId>
<version>latest_release</version>
</dependency>
There are only a couple of steps required to start evaluating the policy.
import com.styra.opa.wasm.OpaPolicy;
var policy = OpaPolicy.builder().withPolicy(policyWasm).build();
The policyWasm
ca be a variety of things, including raw byte array, InputStream
, Path
, File
.
The content should be the compiled policy Wasm file, a valid WebAssembly module.
For example:
var policy = OpaPolicy.builder().withPolicy(new File("policy.wasm")).build();
The OpaPolicy
object returned from loadPolicy()
has a couple of important
APIs for policy evaluation:
data(data)
-- Provide an external data
document for policy evaluation.
data
MUST be aString
, which assumed to be a well-formed stringified JSON
evaluate(input)
-- Evaluates the policy using any loaded data and the supplied
input
document.
input
parameter MUST be aString
serializedobject
,array
or primitive literal which assumed to be a well-formed stringified JSON
Example:
var input = "{\"path\": \"/\", \"role\": \"admin\"}";
var policy = OpaPolicy.builder().withPolicy(policyWasm).build();
var result = policy.evaluate(input);
System.out.println("Result is: " + result);
For any
opa build
created WASM binaries the result set, when defined, will contain aresult
key with the value of the compiled entrypoint. See https://www.openpolicyagent.org/docs/latest/wasm/ for more details.
At the moment the following builtins are supported(and, by default, automatically injected when needed):
-
String
sprintf
NOTE: this implementation is SDK-dependent and might generate different results depending on the runtime, please, limit the usage to trivial use-cases.
-
Json
json.is_valid
-
Yaml
yaml.is_valid
yaml.marshal
yaml.unmarshal
See https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/
Either use the
Compile REST API
or opa build
CLI tool.
For example:
opa build -t wasm -e example/allow example.rego
Which is compiling the example.rego
policy file with the result set to
data.example.allow
. The result will be an OPA bundle with the policy.wasm
binary included. See ./examples for a more comprehensive example.
See opa build --help
for more details.
This SDK is community supported and maintained and is not under the umbrella of SDKs eligible for Enterprise support from Styra. For bug reports and feature requests, please use Github issues. For real-time support, please join the Open Policy Agent or Styra Community slack organizations.
To develop this library you need to have installed the following tools:
- Java 11+
- Maven
- the
opa
cli tar
the typical command to build and run the tests is:
mvn spotless:apply clean install
to disable the tests based on the Opa testsuite:
OPA_TESTSUITE=disabled mvn spotless:apply install