This is the source for the opa-wasm Python module which is an SDK for using WebAssembly (wasm) compiled Open Policy Agent Rego policies using wasmer-python.

Getting Started

Install the module

You may choose to use either the cranelift or llvm compiler package as follows:

pip install opa-wasm[cranelift]

or

pip install opa-wasm[llvm]

If you are using zsh, consider adding double-quote around the package name such as "opa-wasm[cranelift]" or "opa-wasm[llvm]" .

For builds that target AWS Lambda as an execution environment, it is recommended to use cranelift. This avoids the need to bundle additional binary dependencies as part of the lambda package.

See the wasmer-python docs for more information

Usage

There are only a couple of steps required to start evaluating the policy.

# Import the module
from opa_wasm import OPAPolicy

# Load a policy by specifying its file path
policy = OPAPolicy('./policy.wasm')

# Optional: Set policy data
policy.set_data({"company_name": "ACME"})

# Evaluate the policy
input = {"user": "alice"}
result = policy.evaluate(input)

Writing the policy

See https://www.openpolicyagent.org/docs/latest/how-do-i-write-policies/

Compiling the policy

Either use the Compile REST API or opa build CLI tool.

For example, with OPA v0.20.5+:

opa build -t wasm -e 'example/allow' example.rego

Which compiles the example.rego policy file with the result set to data.example.allow. The result will be an OPA bundle with the policy.wasm binary included.

See opa build --help for more details.

Credits

This project was inspired by the equivalent NPM Module @open-policy-agent/opa-wasm