Policy evaluation should not entail fetching policy

[anderseknert]

First of all, thanks for contributing this client to the OPA and Python ecosystems!

While browsing the source code of the check_permission function today, I noticed that it fetches the the policy identified by the policy_name argument for each request, and parses its AST JSON for the package path + rules, to use to build the actual policy query. This is extra roundtrip to OPA is quite inefficient and should normally not be needed, as the query path should either be known by the client beforehand (either via configuration, hard coded, or whatever makes the most sense), or it could query / for the default decision.

The query_rule function on the other hand looks like a fairly idiomatic approach. I would suggest making that the first and most prominent example under the Policy Evaluation section of the docs, and if not remove the check_permission example, at least include a disclaimer about the other method being the preferred one.

[Turall]

Hi @anderseknert ,
Thank you so much for taking the time to review the project and share your feedback, especially given your deep involvement in the OPA ecosystem. It means a lot.
You’re right about the inefficiency in the current check_permission implementation. Fetching the policy AST for every request was intended as a flexible approach, but in practice, it introduces unnecessary overhead. I now see that predefining the query path — or leveraging the default decision endpoint — is a much cleaner and more idiomatic solution.

I’ll be making a couple of updates based on your suggestions:
• Promoting query_rule as the primary example under the Policy Evaluation section of the docs.
• Adding a disclaimer to the check_permission method to clarify its limitations and recommend query_rule for performance-sensitive use cases.
• Potentially refactoring or deprecating check_permission in a future release if it doesn’t serve a clear value beyond query_rule.

Thanks again for the thoughtful feedback — appreciate your help improving the client and making it a better part of the Python + OPA tooling landscape.

[anderseknert]

Awesome! Looking forward to see the change in action 😃 Ping me if you want help with reviewing later.

[Turall]

@anderseknert I’ve added a deprecation warning to the check_permission method and updated the README to highlight query_rule as the recommended approach. Let me know if you think there’s any additional functionality that would be useful for common OPA use cases to improve the client further!

[anderseknert]

Awesome, thanks @Turall!