Rust Open Policy Agent SDK

一个用于使用编译为 WASM 的 OPA 策略的 crate。

试用

这包括一个 CLI 工具来试用 SDK 实现。

cargo run --features=cli --      \
    --module ./policy.wasm       \
    --data-path ./data.json      \
    --input '{"hello": "world"}' \
    --entrypoint 'hello/world'

将环境变量 RUST_LOG 设置为 info 以显示执行时的计时信息。

opa-wasm
Evaluates OPA policies compiled as WASM modules

USAGE:
    opa-eval [OPTIONS] --entrypoint <ENTRYPOINT> <--module <MODULE>|--bundle <BUNDLE>>

OPTIONS:
    -m, --module <MODULE>            Path to the WASM module
    -b, --bundle <BUNDLE>            Path to the OPA bundle
    -e, --entrypoint <ENTRYPOINT>    Entrypoint to use
    -d, --data <JSON>                JSON literal to use as data
    -D, --data-path <PATH>           Path to a JSON file to load as data
    -i, --input <JSON>               JSON literal to use as input
    -I, --input-path <PATH>          Path to a JSON file to load as data
    -h, --help                       Print help information

作为库

use std::collections::HashMap;

use anyhow::Result;

use opa_wasm::{wasmtime, Runtime};

#[tokio::main]
async fn main() -> Result<()> {
    // Configure the WASM runtime
    let mut config = wasmtime::Config::new();
    config.async_support(true);

    let engine = wasmtime::Engine::new(&config)?;

    // Load the policy WASM module
    let module = tokio::fs::read("./policy.wasm").await?;
    let module = wasmtime::Module::new(&engine, module)?;

    // Create a store which will hold the module instance
    let mut store = wasmtime::Store::new(&engine, ());

    let data = HashMap::from([("hello", "world")]);
    let input = HashMap::from([("message", "world")]);

    // Instantiate the module
    let runtime = Runtime::new(&mut store, &module).await?;

    let policy = runtime.with_data(&mut store, &data).await?;

    // Evaluate the policy
    let res: serde_json::Value = policy.evaluate(&mut store, "hello/world", &input).await?;

    println!("{}", res);

    Ok(())
}