Download the PHP package buildsecurity/symfony-opa without Composer
On this page you can find all versions of the php package buildsecurity/symfony-opa. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download buildsecurity/symfony-opa
More information about buildsecurity/symfony-opa
Files in buildsecurity/symfony-opa
Package symfony-opa
Short Description Symfony middleware that adds Open Policy Agent authorization to incoming requests.
License MIT
Informations about the package symfony-opa
opa-symfony-middleware
Abstract
build.security provides simple development and management for your organization's authorization policy. opa-symfony-middleware is a PHP Symfony middleware intended for performing authorization requests against build.security PDP(Policy Decision Point)/OPA.
This package is built for PHP v8.0 and above and Symfony v4.22 and above.
Data Flow
Usage
Before you start we recommend completing the onboarding tutorial.
Important note
To simplify the setup process, the following example uses a local build.security PDP instance. If you are already familiar with how to run your PDP, You can also run a PDP on you environment (Dev/Prod, etc).
In that case, don't forget to change the hostname and the port in your code.
Simple usage
In your Symfony app directory:
Edit your PDP configuration file (services.yaml
) -
This will define how requests should be made to the PDP
Register the OpenPolicyAgent
service in your services.yaml
Mandatory configuration
hostname
: The hostname of the Policy Decision Point (PDP)port
: The port at which the OPA service is runningpolicyPath
: Full path to the policy (including the rule) that decides whether requests should be authorized
The PDP_HOSTNAME
, PDP_PORT
, PDP_POLICY_PATH
, PDP_READ_TIMEOUT_MS
, PDP_CONNECTION_TIMEOUT_MS
, PDP_RETRY_MAX_ATTEMPTS
and PDP_RETRY_BACKOFF_MS
environment variables, when added to your Symfony server environment, will override this service configuration.
Optional configuration
allowOnFailure
: Boolean. "Fail open" mechanism to allow access to the API in case the policy engine is not reachable. Default is false.includeBody
: Boolean. Whether or not to pass the request body to the policy engine. Default is true.includeHeaders
: Boolean. Whether or not to pass the request headers to the policy engine. Default is truetimeout
: Boolean. Amount of time to wait before request is abandoned and request is declared as failed. Default is 1000ms.enable
: Boolean. Whether or not to consult with the policy engine for the specific request. Default is true
Example
To add the authorization middleware to a controller method, just decorate it with the Authorize
attribute.
For more elaborated example click here
PDP Request example
This is what the input received by the PDP would look like.
If everything works well you should receive the following response: +
All versions of symfony-opa with dependencies
ext-ctype Version *
ext-iconv Version *
symfony/console Version 5.2.*
symfony/dotenv Version 5.2.*
symfony/flex Version ^1.3.1
symfony/framework-bundle Version 5.2.*
symfony/http-client Version 5.2.*
symfony/yaml Version 5.2.*
busybee/urljoin Version dev-main