Package org.apache.polaris.extension.auth.opa.model

package org.apache.polaris.extension.auth.opa.model

OPA authorization input model classes.

This package contains immutable model classes that define the structure of authorization requests sent to Open Policy Agent (OPA). These classes serve as the single source of truth for the OPA input schema.

Schema Generation

The JSON Schema for these models can be generated using the

invalid reference

org.apache.polaris.extension.auth.opa.model.OpaSchemaGenerator

utility or by running the Gradle task:

 ./gradlew :polaris-extensions-auth-opa:generateOpaSchema
 

This generates opa-input-schema.json which can be referenced in documentation and used by OPA policy developers.

Model Structure

• OpaRequest - Top-level request wrapper
• OpaAuthorizationInput - Authorization context containing actor, action, resource, and context
• Actor - Principal and roles
• Resource - Target and secondary resources
• ResourceEntity - Individual resource with type, name, and parents
• Context - Request metadata

Related Packages

Package	Description
org.apache.polaris.extension.auth.opa
org.apache.polaris.extension.auth.opa.token

Interfaces

Class	Description
Actor	Represents the actor (principal) making an authorization request.
Context	Additional context information for the authorization request.
OpaAuthorizationInput	OPA authorization input structure.
OpaRequest	OPA request wrapper containing the authorization input.
Resource	Represents the resource(s) being accessed in an authorization request.
ResourceEntity	Represents a single resource entity in the authorization context.