This is the source for the opa-wasm Python module which is an SDK for using WebAssembly (wasm) compiled Open Policy Agent Rego policies using wasmer-python.
You may choose to use either the cranelift or llvm compiler package as follows:
pip install opa-wasm[cranelift]
or
pip install opa-wasm[llvm]
If you are using zsh, consider adding double-quote around the package name such as "opa-wasm[cranelift]" or "opa-wasm[llvm]" .
For builds that target AWS Lambda as an execution environment, it is recommended to use cranelift. This avoids the need to bundle additional binary dependencies as part of the lambda package.
See the wasmer-python docs for more information
There are only a couple of steps required to start evaluating the policy.
# Import the module
from opa_wasm import OPAPolicy
# Load a policy by specifying its file path
policy = OPAPolicy('./policy.wasm')
# Optional: Set policy data
policy.set_data({"company_name": "ACME"})
# Evaluate the policy
input = {"user": "alice"}
result = policy.evaluate(input)See https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/
Either use the Compile REST API or opa build CLI tool.
For example, with OPA v0.20.5+:
opa build -t wasm -e 'example/allow' example.regoWhich compiles the example.rego policy file with the result set to
data.example.allow. The result will be an OPA bundle with the policy.wasm
binary included.
See opa build --help for more details.
This project was inspired by the equivalent NPM Module @open-policy-agent/opa-wasm