Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Jarl is an Open Policy Agent (OPA) evaluator for the JVM and Javascript, written in Clojure(Script)

License

NotificationsYou must be signed in to change notification settings

borgeby/jarl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

buildcodecov

Jarl is anOpen Policy Agent (OPA) evaluator for the JVM and Javascript, written in Clojure(Script). Jarl allows you to evaluate policy directly in your JVM language or Javascript environment of choice. Seethis blog for an introduction to the intermediate representation (IR) format of OPA that Jarl uses for evaluation, and why you may want to consider that as an option.

While originally an abbreviation for the "JVM Alternative for the Rego Language", Javascript support — for both the browserand Node.js — has been made possible by ClojureScript, and it's not unthinkable that more platforms will be added to thesupport matrix in the future.

Usage

Simple example policy compiled to plan by OPA, and executed by Jarl.

policy.rego

packagepolicyimportfuture.keywords.ifimportfuture.keywords.indefaultallow:=false# METADATA# entrypoint: trueallow if"admin" ininput.user.roles
opa build --target plan policy.rego

We now have a bunde containing theplan.json file that we may submit for execution by Jarl!

Before we do, we'll need to create an input to use for evaluation.

input.json

{"user": {"roles": ["admin"        ]    }}

Evaluate

lein run bundle.tar.gz --input input.json

Output

[{"result":true}]

Note that the above constitutes a simple flow for development and testing only. Production artifacts, or a fixed API forintegrations, will be here at a later point in time.

Clojure

In thecore directory, runlein repl to launch a REPL in thejarl.core namespace:

(jarl.logging/set-log-level:warn)(definput {"user" {"roles" ["admin"]}})(defdata {})(-> (slurp"path/to/plan.json")    (parser/parse-json)    (eval-plan"policy/allow" input data)); [{"result" true}]

Java

Jarl provides a simple API for evaluating policies.

Evaluating a Plan

varfile =newFile("path/to/plan.json");varinput =Map.of("user","alice");Map<String, ?>data =Map.of();varallowed =Jarl.builder(file)        .build()        .getPlan("my_policy/allow")        .eval(input,data)        .allowed();if (allowed) {  ...}

Built-in Functions

While still in an early stage of development, Jarl already supportsmost of the built-in functionsprovided by OPA. Jarl intends not just to support all built-in functions out of the box, but to make it trivial toimplement custom built-in functions for any platform, or even replace existing implementations with custom ones.

Development

See thedevelopment guide.

About

Jarl is an Open Policy Agent (OPA) evaluator for the JVM and Javascript, written in Clojure(Script)

Topics

Resources

License

Stars

Watchers

Forks

Contributors5

[8]ページ先頭
©2009-2025 Movatter.jp