OPA policy evaluator using regorus

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bhanu12gb from gravatar.com bhanu12gb

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Requires: Python >=3.8
Report project as malware

Project description

opa-eval

High-performance OPA policy evaluator for Python — powered by Rust via PyO3 + maturin.

Perf benchmarks

Performance

Prerequisites

  • Python 3.9+
  • Rust toolchain (rustup)
  • maturin (pip install maturin)

Quick start

# Create venv and install dependencies
make venv

# Build the native module and install into the venv
make build

# Run tests
make test

Or manually:

python3 -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
maturin develop --release

Usage

import opa_eval

# Create an evaluator instance (one per policy / query)
authz = opa_eval.OpaEval("tests/policy.rego", query="data.authz.allow")

# Evaluate per request
result = authz.evaluate('{"role": "admin"}')         # JSON string → "true"
parsed = authz.evaluate_parsed('{"role": "admin"}')  # Python object → True

With external data

import json, opa_eval

rbac = opa_eval.OpaEval(
    "rbac.rego",
    data_json=json.dumps({"roles": {"alice": "admin", "bob": "viewer"}}),
    query="data.rbac.allow",
)

rbac.evaluate_parsed('{"user": "alice"}')  # True
rbac.evaluate_parsed('{"user": "bob"}')    # False

Multiple independent instances

authz = opa_eval.OpaEval("authz.rego", query="data.authz.allow")
rbac  = opa_eval.OpaEval("rbac.rego",  query="data.rbac.allow")

# Each instance is fully independent and thread-safe

FastAPI example

from contextlib import asynccontextmanager
from fastapi import FastAPI, Request, HTTPException
import json, opa_eval


_authz: opa_eval.OpaEval | None = None


@asynccontextmanager
async def lifespan(app: FastAPI):
    global _authz
    _authz = opa_eval.OpaEval("tests/policy.rego", query="data.authz.allow")
    yield


app = FastAPI(lifespan=lifespan)


@app.middleware("http")
async def authz(request: Request, call_next):
    input_doc = json.dumps({
        "method": request.method,
        "path": request.url.path,
        "role": request.headers.get("x-role", "anonymous"),
    })
    if not _authz.evaluate_parsed(input_doc):
        raise HTTPException(403, "denied by policy")
    return await call_next(request)

Thread safety

Each OpaEval instance is thread-safe — evaluate and evaluate_parsed can be called concurrently from multiple threads. Independent instances share no state and run fully in parallel.

Development

make build          # build native extension into venv
make test           # run pytest
make bench          # run benchmarks
make bench-compare  # compare vs OPA REST API and OPA CLI
make clean          # cargo clean + remove target/

Project structure

src/lib.rs        # PyO3 module — OpaEval class
opa_eval.pyi      # Python type stubs
pyproject.toml    # maturin build config
Cargo.toml        # Rust dependencies (pyo3, regorus)
tests/            # pytest tests and benchmarks

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bhanu12gb from gravatar.com bhanu12gb

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Requires: Python >=3.8

Release history Release notifications | RSS feed

This version

0.1.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

opa_eval-0.1.1-cp39-abi3-win_amd64.whl (2.6 MB view details)

Uploaded CPython 3.9+Windows x86-64

opa_eval-0.1.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.8 MB view details)

Uploaded CPython 3.9+manylinux: glibc 2.17+ x86-64

opa_eval-0.1.1-cp39-abi3-macosx_11_0_arm64.whl (2.5 MB view details)

Uploaded CPython 3.9+macOS 11.0+ ARM64

File details

Details for the file opa_eval-0.1.1-cp39-abi3-win_amd64.whl.

File metadata

  • Download URL: opa_eval-0.1.1-cp39-abi3-win_amd64.whl
  • Upload date:
  • Size: 2.6 MB
  • Tags: CPython 3.9+, Windows x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for opa_eval-0.1.1-cp39-abi3-win_amd64.whl
Algorithm Hash digest
SHA256 066ac54bee6fb0d55633e317f42aff88fc1d537a3fcc84df0f400c86dfbb075c
MD5 0430fdbbbca7f70d3536defe5a89a82f
BLAKE2b-256 859be7aaff38e5904f3af977a512de1f6458fe070fbff4107b28100beb3cc558

See more details on using hashes here.

File details

Details for the file opa_eval-0.1.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for opa_eval-0.1.1-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 60e16ab72d305cad4265b5f5df1137057232c223137a46b44c232354898779bd
MD5 1e392b655583f802b4dbc4a38bc5e959
BLAKE2b-256 0a78a88ce224dcb7b47fd18bc4ed84ed19a3cc4a69340b4c900180ba842f9aa0

See more details on using hashes here.

File details

Details for the file opa_eval-0.1.1-cp39-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for opa_eval-0.1.1-cp39-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 80cb0385ae0d3ee17db71c1e59222a339d6af503b3d5588a8f1e9bc7e68134b7
MD5 e02dcbaf1ba38c32e62c00fcd0f94e02
BLAKE2b-256 56d1b3af63a9844dbdd95ff7b591716dea9fc6689ec56e633d1f2248fa30fd2b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page