PHPackages acrnogor/symfony-opa-form - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. acrnogor/symfony-opa-form ActiveSymfony-bundle[Authentication & Authorization](/categories/authentication) acrnogor/symfony-opa-form ========================= Symfony middleware that adds Open Policy Agent authorization to incoming requests. 01PHP Since Oct 14Pushed 1y agoCompare [ Source](https://github.com/acrnogor/opa-symfony-middleware-fork)[ Packagist](https://packagist.org/packages/acrnogor/symfony-opa-form)[ RSS](/packages/acrnogor-symfony-opa-form/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) opa-symfony-middleware ====================== [](#opa-symfony-middleware) [![build-logo](Logo-build.png)](Logo-build.png) Abstract -------- [](#abstract) [build.security](https://docs.build.security/) provides simple development and management for your organization's authorization policy. opa-symfony-middleware is a PHP Symfony middleware intended for performing authorization requests against build.security PDP(Policy Decision Point)/[OPA](https://www.openpolicyagent.org/). This package is built for PHP v8.0 and above and Symfony v4.22 and above. Data Flow --------- [](#data-flow) [![drawing](Data%20flow.png)](Data%20flow.png) Usage ----- [](#usage) Before you start we recommend completing the onboarding tutorial. --- **Important note** To simplify the setup process, the following example uses a local [build.security PDP instance](https://docs.build.security/policy-decision-points-pdp/pdp-deployments/standalone-docker-1). If you are already familiar with how to run your PDP, You can also run a PDP on you environment (Dev/Prod, etc). In that case, don't forget to change the **hostname** and the **port** in your code. --- ### Simple usage [](#simple-usage) In your Symfony app directory: ``` composer require buildsecurity/symfony-opa ``` Edit your PDP configuration file (`services.yaml`) - This will define how requests should be made to the PDP ``` parameters: pdp.port: 8181 pdp.hostname: http://localhost pdp.policy.path: /authz/allow pdp.readTimeout.milliseconds: 5000 pdp.connectionTimeout.milliseconds: 5000 pdp.retry.maxAttempts: 2 pdp.retry.backoff.milliseconds: 250 ``` Register the `OpenPolicyAgent` service in your `services.yaml` ``` services: # Make the PDP configuration to the OpenPolicyAgent service. BuildSecurity\OpenPolicyAgentBundle\OpenPolicyAgent: arguments: $pdp_config: port: '%env(default:pdp.port:PDP_PORT)%' hostname: '%env(default:pdp.hostname:PDP_HOSTNAME)%' policy.path: '%env(default:pdp.policy.path:PDP_POLICY_PATH)%' readTimeout.milliseconds: '%env(default:pdp.readTimeout.milliseconds:PDP_READ_TIMEOUT_MS)%' connectionTimeout.milliseconds: '%env(default:pdp.connectionTimeout.milliseconds:PDP_CONNECTION_TIMEOUT_MS)%' retry.maxAttempts: '%env(default:pdp.retry.maxAttempts:PDP_RETRY_MAX_ATTEMPTS)%' retry.backoff.milliseconds: '%env(default:pdp.retry.backoff.milliseconds:PDP_RETRY_BACKOFF_MS)%' ``` ### Mandatory configuration [](#mandatory-configuration) 1. `hostname`: The hostname of the Policy Decision Point (PDP) 2. `port`: The port at which the OPA service is running 3. `policyPath`: Full path to the policy (including the rule) that decides whether requests should be authorized The `PDP_HOSTNAME`, `PDP_PORT`, `PDP_POLICY_PATH`, `PDP_READ_TIMEOUT_MS`, `PDP_CONNECTION_TIMEOUT_MS`, `PDP_RETRY_MAX_ATTEMPTS` and `PDP_RETRY_BACKOFF_MS` environment variables, when added to your Symfony server environment, will override this service configuration. ### Optional configuration [](#optional-configuration) 1. `allowOnFailure`: Boolean. "Fail open" mechanism to allow access to the API in case the policy engine is not reachable. **Default is false**. 2. `includeBody`: Boolean. Whether or not to pass the request body to the policy engine. **Default is true**. 3. `includeHeaders`: Boolean. Whether or not to pass the request headers to the policy engine. **Default is true** 4. `timeout`: Boolean. Amount of time to wait before request is abandoned and request is declared as failed. **Default is 1000ms**. 5. `enable`: Boolean. Whether or not to consult with the policy engine for the specific request. **Default is true** ##### Example [](#example) To add the authorization middleware to a controller method, just decorate it with the `Authorize` attribute. ```