Convert an OpenAPI 3 specification to an OPA policy.
While this tool will produce a file representing a policy, it is advised a manual review of every line is performed prior to using the policy.
Items such as API-Keys must be manually set, and any other security related items not definable in a spec.
This tool is under development and may not support all OpenAPI3 features, please open feature requests if you find features missing that you require.
The easiest way to use opapg is via docker, mounting a folder with a spec in as a volume
docker run --volume d:/projects/myapi:/srv/app segrax/opapg from-openapi openapi.yaml --output=mypolicyThis will produce a policy and a set of tests for the policy (in the mounted volume) and will output the results of an 'opa test' command to the console
data.name.api.test_locat_id_oauth2_allowed: PASS (537.7µs)
data.name.api.test_locat_id_oauth2_denied: PASS (401.6µs)
data.name.api.test_locat_id_apiKey1_allowed: PASS (352.5µs)
data.name.api.test_locat_id_apiKey1_denied: PASS (293.5µs)
data.name.api.test_locations_near_allowed: PASS (280.2µs)
data.name.api.test_locations_get_allowed: PASS (849.6µs)
data.name.api.test_locations_create_bearerAuth_allowed: PASS (707.1µs)
data.name.api.test_locations_create_bearerAuth_denied: PASS (346.1µs)
data.name.api.test_media_get_allowed: PASS (398µs)
data.name.api.test_media_list_allowed: PASS (343.1µs)
data.name.api.test_media_upload_bearerAuth_allowed: PASS (314.3µs)
data.name.api.test_media_upload_bearerAuth_denied: PASS (447.2µs)
--------------------------------------------------------------------------------
PASS: 12/12Lots of features remain to be added, please submit ideas/feature requests to the issue tracker.
The MIT License (MIT). Please see License File for more information.