diff --git a/README.md b/README.md index ba8bea8..03c2cbf 100644 --- a/README.md +++ b/README.md @@ -354,31 +354,7 @@ await client.delete_data('users') #### Check Permission (Policy Evaluation) -You can evaluate policies with input data using `check_permission`. - -- **Synchronous**: - -```python -input_data = {"user": "admin"} -policy_name = 'example_policy' -rule_name = 'allow' - -result = client.check_permission(input_data, policy_name, rule_name) -print(result) -``` - -- **Asynchronous**: - -```python -input_data = {"user": "admin"} -policy_name = 'example_policy' -rule_name = 'allow' - -result = await client.check_permission(input_data, policy_name, rule_name) -print(result) -``` - -Queries a package rule with the given input data +Evaluate a rule from a known package path. This is the **recommended method** for evaluating OPA decisions. ```python @@ -422,6 +398,39 @@ print(await client.query_rule(input_data=check_data, package_path="play", rule_n ``` +You can evaluate policies with input data using `check_permission`. +### ⚠️ Deprecated: `check_permission()` + +This method introspects the policy AST to construct a query path dynamically. It introduces unnecessary overhead and is **not recommended** for production use. + +- **Synchronous**: + +```python +input_data = {"user": "admin"} +policy_name = 'example_policy' +rule_name = 'allow' + +result = client.check_permission(input_data, policy_name, rule_name) +print(result) +``` +> 🔥 Prefer `query_rule()` instead for better performance and maintainability. + +### ⚠️ Deprecated: `check_permission()` + +- **Asynchronous**: + +```python +input_data = {"user": "admin"} +policy_name = 'example_policy' +rule_name = 'allow' + +result = await client.check_permission(input_data, policy_name, rule_name) +print(result) +``` +> 🔥 Prefer `query_rule()` instead for better performance and maintainability. + + + ### Ad-hoc Queries Execute ad-hoc queries directly: diff --git a/opa_client/opa.py b/opa_client/opa.py index 03eb171..2c7edc7 100644 --- a/opa_client/opa.py +++ b/opa_client/opa.py @@ -1,5 +1,6 @@ import os import threading +import warnings from typing import Dict, Optional from urllib.parse import urlencode @@ -391,6 +392,11 @@ def check_permission( Returns: dict: The result of the permission check. """ + warnings.warn( + "check_permission is deprecated and will be removed in a future release. Use `query_rule` instead.", + DeprecationWarning, + stacklevel=2 + ) policy = self.get_policy(policy_name) ast = policy.get("result", {}).get("ast", {}) package_path = "/".join( diff --git a/opa_client/opa_async.py b/opa_client/opa_async.py index 33a5dcd..9ac6091 100644 --- a/opa_client/opa_async.py +++ b/opa_client/opa_async.py @@ -1,5 +1,5 @@ import asyncio -import json +import warnings import os import ssl from typing import Dict, Optional, Union @@ -422,6 +422,11 @@ async def check_permission( Returns: dict: The result of the permission check. """ + warnings.warn( + "check_permission is deprecated and will be removed in a future release. Use `query_rule` instead.", + DeprecationWarning, + stacklevel=2 + ) policy = await self.get_policy(policy_name) ast = policy.get("result", {}).get("ast", {}) package_path = "/".join( diff --git a/poetry.lock b/poetry.lock index 9956e32..7fcba8d 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1411,4 +1411,4 @@ propcache = ">=0.2.1" [metadata] lock-version = "2.1" python-versions = "^3.9" -content-hash = "0ee928b6044ff99d1fd6522e48131635092c41b487f890656143a2dd7135d74f" +content-hash = "a124f0f317a394478d06282c19e8c3dd86b1d66ea057fdd1f1f03990a5945db0" diff --git a/pyproject.toml b/pyproject.toml index c00d6ec..2a53e74 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,6 +25,7 @@ python = "^3.9" requests = "^2.32.3" aiohttp = {extras = ["speedups"], version = "^3.10.9"} aiofiles = "^24.1.0" +urllib3 = "^2.5.0" [tool.poetry.group.dev.dependencies] pytest = "^8.3.3"