Important
The documentation for this SDK lives at https://docs.styra.com/sdk, with reference documentation available at https://styrainc.github.io/opa-java/javadoc
You can use the Styra OPA SDK to connect to Open Policy Agent and Enterprise OPA deployments.
This package is published on Maven Central as com.styra/opa. The Maven Central page includes up-to-date instructions to add it as a dependency to your Java project, tailored for a variety of build systems including Maven and Gradle.
If you wish to build from source and publish the SDK artifact to your local Maven repository (on your filesystem) then use the following command (after cloning the git repo locally):
On Linux/MacOS:
./gradlew publishToMavenLocal -Pskip.signingOn Windows:
gradlew.bat publishToMavenLocal -Pskip.signingpackage org.example;
import com.styra.opa.OPAClient;
import com.styra.opa.OPAException;
import java.util.Map;
import java.util.List;
import static java.util.Map.entry;
public class App {
public static void main(String[] args) throws Exception {
System.out.println(new App().getGreeting());
// Create an OPA instance, this handles any state needed for interacting
// with OPA, and can be re-used for multiple requests if needed.
String opaURL = "http://localhost:8181";
OPAClient opa = new OPAClient(opaURL);
// This will be the input to our policy.
java.util.Map<String,Object> input = java.util.Map.ofEntries(
entry("subject", "alice"),
entry("action", "read"),
entry("resource", "/finance/reports/fy2038_budget.csv")
);
// We will read the list of policy violations, and whether the request
// is allowed or not into these.
java.util.List<Object> violations;
boolean allowed;
// Perform the request against OPA.
try {
allowed = opa.check("policy/allow", input);
violations = opa.evaluate("policy/violations", input);
} catch (OPAException e ) {
// Note that OPAException usually wraps other exception types, in
// case you need to do more complex error handling.
System.out.println("exception while making request against OPA: " + e);
throw e; // crash the program
}
System.out.println("allowed: " + allowed);
System.out.println("violations: " + violations);
}
}Note
For low-level SDK usage, see the sections below.
package hello.world;
import com.styra.opa.openapi.OpaApiClient;
import com.styra.opa.openapi.models.operations.*;
import com.styra.opa.openapi.models.shared.*;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Optional;
import org.openapitools.jackson.nullable.JsonNullable;
import static java.util.Map.entry;
public class Application {
public static void main(String[] args) throws Exception {
try {
OpaApiClient sdk = OpaApiClient.builder()
.build();
ExecuteDefaultPolicyWithInputResponse res = sdk.executeDefaultPolicyWithInput()
.pretty(false)
.acceptEncoding(GzipAcceptEncoding.GZIP)
.input(Input.of(8203.11d))
.call();
if (res.result().isPresent()) {
// handle response
}
} catch (com.styra.opa.openapi.models.errors.ClientError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.ServerError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.SDKError e) {
// handle exception
throw e;
} catch (Exception e) {
// handle exception
throw e;
}
}
}package hello.world;
import com.styra.opa.openapi.OpaApiClient;
import com.styra.opa.openapi.models.operations.*;
import com.styra.opa.openapi.models.shared.*;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Optional;
import org.openapitools.jackson.nullable.JsonNullable;
import static java.util.Map.entry;
public class Application {
public static void main(String[] args) throws Exception {
try {
OpaApiClient sdk = OpaApiClient.builder()
.build();
ExecutePolicyWithInputRequest req = ExecutePolicyWithInputRequest.builder()
.path("app/rbac")
.requestBody(ExecutePolicyWithInputRequestBody.builder()
.input(Input.of(false))
.build())
.build();
ExecutePolicyWithInputResponse res = sdk.executePolicyWithInput()
.request(req)
.call();
if (res.successfulPolicyEvaluation().isPresent()) {
// handle response
}
} catch (com.styra.opa.openapi.models.errors.ClientError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.ServerError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.SDKError e) {
// handle exception
throw e;
} catch (Exception e) {
// handle exception
throw e;
}
}
}- executeDefaultPolicyWithInput - Execute the default decision given an input
- executePolicy - Execute a policy
- executePolicyWithInput - Execute a policy given an input
- health - Verify the server is operational
You can override the default server globally by passing a server index to the serverIndex builder method when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the indexes associated with the available servers:
| # | Server | Variables |
|---|---|---|
| 0 | http://localhost:8181 |
None |
package hello.world;
import com.styra.opa.openapi.OpaApiClient;
import com.styra.opa.openapi.models.operations.*;
import com.styra.opa.openapi.models.shared.*;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Optional;
import org.openapitools.jackson.nullable.JsonNullable;
import static java.util.Map.entry;
public class Application {
public static void main(String[] args) throws Exception {
try {
OpaApiClient sdk = OpaApiClient.builder()
.serverIndex(0)
.build();
ExecuteDefaultPolicyWithInputResponse res = sdk.executeDefaultPolicyWithInput()
.pretty(false)
.acceptEncoding(GzipAcceptEncoding.GZIP)
.input(Input.of(8203.11d))
.call();
if (res.result().isPresent()) {
// handle response
}
} catch (com.styra.opa.openapi.models.errors.ClientError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.ServerError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.SDKError e) {
// handle exception
throw e;
} catch (Exception e) {
// handle exception
throw e;
}
}
}The default server can also be overridden globally by passing a URL to the serverURL builder method when initializing the SDK client instance. For example:
package hello.world;
import com.styra.opa.openapi.OpaApiClient;
import com.styra.opa.openapi.models.operations.*;
import com.styra.opa.openapi.models.shared.*;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Optional;
import org.openapitools.jackson.nullable.JsonNullable;
import static java.util.Map.entry;
public class Application {
public static void main(String[] args) throws Exception {
try {
OpaApiClient sdk = OpaApiClient.builder()
.serverURL("http://localhost:8181")
.build();
ExecuteDefaultPolicyWithInputResponse res = sdk.executeDefaultPolicyWithInput()
.pretty(false)
.acceptEncoding(GzipAcceptEncoding.GZIP)
.input(Input.of(8203.11d))
.call();
if (res.result().isPresent()) {
// handle response
}
} catch (com.styra.opa.openapi.models.errors.ClientError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.ServerError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.SDKError e) {
// handle exception
throw e;
} catch (Exception e) {
// handle exception
throw e;
}
}
}Handling errors in this SDK should largely match your expectations. All operations return a response object or raise an error. If Error objects are specified in your OpenAPI Spec, the SDK will throw the appropriate Exception type.
| Error Object | Status Code | Content Type |
|---|---|---|
| models/errors/ClientError | 400,404 | application/json |
| models/errors/ServerError | 500 | application/json |
| models/errors/SDKError | 4xx-5xx | / |
package hello.world;
import com.styra.opa.openapi.OpaApiClient;
import com.styra.opa.openapi.models.operations.*;
import com.styra.opa.openapi.models.shared.*;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Optional;
import org.openapitools.jackson.nullable.JsonNullable;
import static java.util.Map.entry;
public class Application {
public static void main(String[] args) throws Exception {
try {
OpaApiClient sdk = OpaApiClient.builder()
.build();
ExecuteDefaultPolicyWithInputResponse res = sdk.executeDefaultPolicyWithInput()
.pretty(false)
.acceptEncoding(GzipAcceptEncoding.GZIP)
.input(Input.of(8203.11d))
.call();
if (res.result().isPresent()) {
// handle response
}
} catch (com.styra.opa.openapi.models.errors.ClientError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.ServerError e) {
// handle exception
throw e;
} catch (com.styra.opa.openapi.models.errors.SDKError e) {
// handle exception
throw e;
} catch (Exception e) {
// handle exception
throw e;
}
}
}This repository includes components generated by Speakeasy based on this OpenAPI spec, as well as human authored code that simplifies usage. The Speakeasy generated code resides in the com.styra.opa.sdk package and offers the greatest level of control, but is more verbose and complicated. The hand written com.styra.opa package offers a simplified API designed to make using the OPA REST API straightforward for common use cases.
To build the SDK, use ./gradlew build, the resulting JAR will be placed in ./build/libs/api.jar.
To build the documentation site, including JavaDoc, run ./scripts/build_docs.sh OUTPUT_DIR. You should replace OUTPUT_DIR with a directory on your local system where you would like the generated docs to be placed. You can also preview the documentation site ephemerally using ./scripts/serve_docs.sh, which will serve the docs on http://localhost:8000 until you use Ctrl+C to exit the script.
To run the unit tests, you can use ./gradlew test.
To run the linter, you can use ./gradlew lint
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.