/node-open-policy-agent

Node module for Open Policy Agent https://github.com/open-policy-agent/opa

Primary LanguageJavaScriptMIT LicenseMIT

node-open-policy-agent

npm

Node module for Open Policy Agent https://github.com/open-policy-agent/opa

Installation

npm install --save @fnzc/node-open-policy-agent

or

yarn add @fnzc/node-open-policy-agent

Usage

See Functions section for a list of the provided functions.

All functions can be called using a callback but they also return a promise.

Options to provide to the OPA command are represented by an object. Provide an empty string for self-sufficient options (e.g: help). All functions come with a help option that you can print to see the specific usage.

const {parse} = require('@fnzc/node-open-policy-agent');
parse({help: ''}, res => console.log('Res: ', res))

const helpRes = async () {
    const res = await parse({help: ''});
    console.log(res);
}
helpRes()

You can also use the test/test.js file provided in the package to see basic usage of all the functions. Basic usage:

const {evalQueryBoolean} = require('@fnzc/node-open-policy-agent');
evalQueryBoolean(
    {data: 'test/example.rego', input: 'test/data.json', package: 'opa.example'},
    res => console.log('Res: ', res)
)

const evalRes = async () {
    const res = await evalQueryBoolean({data: 'test/example.rego', input: 'test/data.json', package: 'opa.example'});
    console.log(res);
}
evalRes()

Functions

Name Description Options OPA equivalent
build Compile a Rego policy query into an executable for enforcement. data: set data file(s) or directory path(s), debug: enable debug output, help: help for build, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files), output: set the filename of the compiled policy (default "policy.wasm") opa build
check Check Rego source files for parse and compilation errors. format: {pretty,json} set output format (default pretty), help: help for check, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files), max-errors: set the number of errors to allow before compilation fails early (default 10) opa check
deps Analyze Rego query dependencies. data: set data file(s) or directory path(s), format: {pretty,json} set output format (default pretty), help: help for deps, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files) opa deps
evalQuery Evaluate a Rego query and print the result. coverage: report coverage, data: set data file(s) or directory path(s), explain: enable query explainations, fail: exits with non-zero exit code on undefined result and errors, format: {json,values,bindings,pretty} set output format (default json), help: help for eval, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files), import: set query import(s), input: set input file path, metrics: report query performance metrics, package: set query package, partial: perform partial evaluation, pretty-limit: set limit after which pretty output gets truncated (default 80), profile: perform expression profiling, profile-limit: set number of profiling results to show (default 10), profile-sort: set sort order of expression profiler results, stdin: read query from stdin, stdin-input: read input document from stdin, unknowns`: set paths to treat as unknown during partial evaluation (default [input]) opa eval
evalQueryBoolean Evaluate a Rego query and print the result. coverage: report coverage, data: set data file(s) or directory path(s), explain: enable query explainations, fail: exits with non-zero exit code on undefined result and errors, format: {json,values,bindings,pretty} set output format (default json), help: help for eval, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files), import: set query import(s), input: set input file path, metrics: report query performance metrics, package: set query package, partial: perform partial evaluation, pretty-limit: set limit after which pretty output gets truncated (default 80), profile: perform expression profiling, profile-limit: set number of profiling results to show (default 10), profile-sort: set sort order of expression profiler results, stdin: read query from stdin, stdin-input: read input document from stdin, unknowns`: set paths to treat as unknown during partial evaluation (default [input]) opa eval "data.[package].allow"
fmt Format Rego source files. diff: only display a diff of the changes, help: help for fmt, list: list all files who would change when formatted, write: overwrite the original source file opa fmt
help Help provides help for any command in the application. help: help for help opa help
parse Parse Rego source file and print AST. format: {pretty,json} set output format (default pretty), help: help for parse opa parse
testRego Execute Rego test cases. coverage: report coverage (overrides debug tracing), format: {pretty,json} set output format (default pretty), help: help for test, ignore: set file and directory names to ignore during loading (e.g., '.*' excludes hidden files), max-errors: set the number of errors to allow before compilation fails early (default 10), show-failure-line: show test failure line, threshold: set coverage threshold and exit with non-zero status if coverage is less than threshold %, timeout: set test timeout (default 5s), verbose: set verbose reporting mode opa test
version Show version and build information for OPA. help: help for version opa version

Contributing

Pull requests are welcome.