Work in Progress -- Contributions welcome!!
This is the source for the @open-policy-agent/opa-wasm NPM module which is a small SDK for using WebAssembly (wasm) compiled Open Policy Agent Rego policies.
npm install @open-policy-agent/opa-wasm
There are only a couple of steps required to start evaluating the policy.
const Rego = require("@open-policy-agent/opa-wasm")
rego = new Rego()rego.load_policy(policy_wasm)The load_policy request returns a Promise with the loaded policy.
Typically this means loading it in an async function like:
const policy = await rego.load_policy(policy_wasm)Or something like:
rego.load_policy(policy_wasm).then(policy => {
// evaluate or save the policy
}, error => {
console.error("Failed to load policy: " + error)
})The policy_wasm needs to be either the raw byte array of
the compiled policy wasm file, or a web assembly module.
For example:
const fs = require('fs');
const policy_wasm = fs.readFileSync('policy.wasm')Alternatively the bytes can be pulled in remotely from a fetch or
in some cases (like CloudFlare Workers) the wasm is loaded directly into
the javascript context through external APIs.
The loaded policy object returned from load_policy() has, as of now, only
one method for evaluating the policy: eval_bool(). This will evaluate the
policy and expects a boolean query result. The return value is a javascript
Boolean.
The input parameter must be a JSON string.
Example:
input = '{"path": "/", "role": "admin"}';
rego.load_policy(policy_wasm).then(policy => {
allowed = policy.eval_bool(input);
console.log("allowed = " + allowed);
}).catch( error => {
console.error("Failed to load policy: " + error);
})See https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/
Either use the Compile REST API or opa build CLI tool.
For example:
opa build -d example.rego 'data.example.allow = true'Which is compiling the example.rego policy file with the query
data.example.allow = true. See ./examples for a
more comprehensive example.
See opa build --help for more details.