Skip to main content

Flask extension to use OPA as a client

Project description

Flask-OPA

Build Status codecov PyPI Version

Simple to use Flask extension that lets you use Open Policy Agent in your project.

How to run the application

If you want to try a demo check the code in examples, but for development:

  1. Run OPA in server mode

    • Check the latest OPA release and download it.
    • Put the binary file in the path of your system
    • Allow its execution with something like
    • Run opa in server mode with the sample policies
    cd examples
    opa run -s -w data.json app.rego
    
    • -s is to run it in server mode instead of opening the REPL
    • -w is for watching the changes of the data/policy files
  2. Specify configuration variables

    • OPA_URL url string that specifies the OPA url to evaluate your input. It includes the path of the policy. E.g http://localhost:8181/v1/data/examples/allow.

    • OPA_SECURED boolean to specify if OPA will be enabled to your application.

    See more at the rest api reference

  3. Bind the OPA class to your Flask application

    Its easy to bind the Flask-OPA library to your application. Just follow the following steps:

  4. Create the OPA instance

    app = Flask(__name__)
    app.config.from_pyfile('app.cfg')
    opa = OPA(app, parse_input)
    

    Lets see the parameters that we passed to the OPA class:

    • parse_input (Required) contains a method that returns the input data json to be evaluated by the policy, e.g.:
    {
        "input": {
          "method": "GET",
          "path": ["data", "jon"],
          "user": "paul"
        }
    }
    
    • url (Optional) to use an specific url instead of the OPA_URL optionally specified in the app configuration.
    • allow_function (Optional) predicate that determinate if the response from OPA allows (True) or denies (False) the request

    If you want enforce the OPA security in your application you can create the OPA instance like this:

    opa = OPA.secured(app, parse_input, url="http://localhost:8181/v1/data/package_name/allow")
    

    or

    opa = OPA(app, parse_input, url="http://localhost:8181/v1/data/package_name/allow").secured()
    

    otherwise OPA will enforce your security only if OPA_SECURED is True.

    Specify the logging level to DEBUG if you want to get access to Flask-OPA logs of its operations using

    app.logger.setLevel(logging.DEBUG)
    
  5. Run your Flask application.

Status

Pre-release or Beta: The project has gone through multiple rounds of active development with a goal of reaching a stable release version, but is not there yet.

Path of Development: Active (October 16st 2018)

Author

Eliecer Hernandez Garbey

Links

License

This project is licensed under the MIT License - see the LICENSE.md file for details.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Flask-OPA-0.3.tar.gz (4.4 kB view hashes)

Uploaded Source

Built Distribution

Flask_OPA-0.3-py2.py3-none-any.whl (4.9 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page