-
Notifications
You must be signed in to change notification settings - Fork 0
/
sample.py
63 lines (55 loc) · 1.84 KB
/
sample.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
import grpc;
import authz_sdk.client as authz
import authz_sdk.api_pb2 as proto
# Initialize client
client = authz.Client('localhost:8081', '91f50c68-91e2-11ed-b84d-acde48001122', 'pvXX89f7L4257jogy3-r--XGvs3TrH6laR8i5zwAIEcqMLQm')
# Retrieve or create principal
try:
principal = client.stub.PrincipalGet(proto.PrincipalGetRequest(id='user-123'))
print('principal retrieved: {}', principal)
except grpc.RpcError as e:
response = client.stub.PrincipalCreate(proto.PrincipalCreateRequest(
id='user-123',
attributes=[
proto.Attribute(key='email', value='johndoe@acme.tld'),
],
))
print('principal created: {}', response)
# Retrieve or create resource
try:
resource = client.stub.ResourceGet(proto.ResourceGetRequest(id='post.123'))
print('resource retrieved: {}', resource)
except grpc.RpcError as e:
response = client.stub.ResourceCreate(proto.ResourceCreateRequest(
id='post.123',
kind='post',
value='123',
attributes=[
proto.Attribute(key='owner_email', value='johndoe@acme.tld'),
],
))
print('resource created: {}', response)
# Retrieve or create policy
try:
policy = client.stub.PolicyGet(proto.PolicyGetRequest(id='post-owners'))
print('policy retrieved: {}', policy)
except grpc.RpcError as e:
response = client.stub.PolicyCreate(proto.PolicyCreateRequest(
id='post-owners',
resources=['post.*'],
actions=['edit', 'delete'],
attribute_rules=[
'principal.email == resource.owner_email',
],
))
print('policy created: {}', response)
else:
print('policy retrieved: {}', policy)
# Check if principal is allowed
result = client.IsAllowed(
principal='user-123',
resource_kind='post',
resource_value='123',
action='edit',
)
print(result)