From de2889318bfad0c88665054b3d38d86365995d48 Mon Sep 17 00:00:00 2001 From: mayabarak Date: Sun, 14 Jan 2024 11:10:38 +0200 Subject: [PATCH] fix error --- permit/enforcement/enforcer.py | 39 ++++++++++++++++++++++------------ tests/conftest.py | 27 +++++++++++++++++++++++ tests/test_abac_pdp.py | 33 ++++++++++++++++++++++++++++ 3 files changed, 86 insertions(+), 13 deletions(-) create mode 100644 tests/test_abac_pdp.py diff --git a/permit/enforcement/enforcer.py b/permit/enforcement/enforcer.py index bf2557e..e5aa4d3 100644 --- a/permit/enforcement/enforcer.py +++ b/permit/enforcement/enforcer.py @@ -228,6 +228,16 @@ async def check( data=json.dumps(input), ) as response: if response.status != 200: + if response.status == 501: + raise PermitConnectionError( + f"Permit SDK got error: {response.status}, \n \ + and cannot connect to the PDP container, make sure you are not using ABAC policy." + f"Also, please check your configuration and make" + f" sure it's running at {self._base_url} and accepting requests. \n \ + Read more about setting up the PDP at " + f"https://docs.permit.io/reference/SDKs/Python/quickstart_python" + ) + error_json: dict = await response.json() logger.error( "error in permit.check({}, {}, {}):\n{}\n{}".format( @@ -240,7 +250,7 @@ async def check( ) raise PermitConnectionError( f"Permit SDK got unexpected status code: {response.status}, please check your Permit SDK class init and PDP container are configured correctly. \n\ - Read more about setting up the PDP at https://docs.permit.io/reference/SDKs/Python/quickstart_python" + Read more about setting up the PDP at https://docs.permit.io/category/python" ) content: dict = await response.json() @@ -259,19 +269,22 @@ async def check( # ) return decision except aiohttp.ClientError as err: - logger.error( - "error in permit.check({}, {}, {}):\n{}".format( - normalized_user, - action, - self._resource_repr(normalized_resource), - err, + if isinstance(err, PermitConnectionError): + raise err + else: + logger.error( + "error in permit.check({}, {}, {}):\n{}".format( + normalized_user, + action, + self._resource_repr(normalized_resource), + err, + ) + ) + raise PermitConnectionError( + f"Permit SDK got error: {err}, \n \ + and cannot connect to the PDP container, please check your configuration and make sure it's running at {self._base_url} and accepting requests. \n \ + Read more about setting up the PDP at https://docs.permit.io/reference/SDKs/Python/quickstart_python" ) - ) - raise PermitConnectionError( - f"Permit SDK got error: {err}, \n \ - and cannot connect to the PDP container, please check your configuration and make sure it's running at {self._base_url} and accepting requests. \n \ - Read more about setting up the PDP at https://docs.permit.io/reference/SDKs/Python/quickstart_python" - ) def _normalize_resource(self, resource: ResourceInput) -> ResourceInput: normalized_resource: ResourceInput = resource.copy() diff --git a/tests/conftest.py b/tests/conftest.py index 4ee096b..b34f2e7 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -47,3 +47,30 @@ def permit(permit_config: PermitConfig) -> Permit: @pytest.fixture def sync_permit(permit_config: PermitConfig) -> SyncPermit: return SyncPermit(permit_config) + + +@pytest.fixture +def permit_config_cloud() -> PermitConfig: + token = os.getenv("PDP_API_KEY", "") + pdp_address = os.getenv("PDP_URL", "https://cloudpdp.api.permit.io") + api_url = os.getenv("PDP_CONTROL_PLANE", "https://api.permit.io") + + if not token: + pytest.fail("PDP_API_KEY is not configured, test cannot run!") + + return PermitConfig( + **{ + "token": token, + "pdp": pdp_address, + "api_url": api_url, + "log": { + "level": "debug", + "enable": True, + }, + } + ) + + +@pytest.fixture +def permit_cloud(permit_config_cloud: PermitConfig) -> Permit: + return Permit(permit_config_cloud) diff --git a/tests/test_abac_pdp.py b/tests/test_abac_pdp.py new file mode 100644 index 0000000..e605ca8 --- /dev/null +++ b/tests/test_abac_pdp.py @@ -0,0 +1,33 @@ +from permit import Permit, PermitConnectionError, TenantCreate, UserCreate + + +def abac_user(user: UserCreate): + return user.dict(exclude={"first_name", "last_name"}) + + +async def test_abac_pdp_cloud_error(permit_cloud: Permit): + + user_test = UserCreate( + **dict( + key="maya@permit.io", + email="maya@permit.io", + first_name="Maya", + last_name="Barak", + attributes={"age": 23}, + ) + ) + TESLA = TenantCreate(key="tesla", name="Tesla Inc") + + try: + resp = await permit_cloud.check( + abac_user(user_test), + "sign", + { + "type": "document", + "tenant": TESLA.key, + "attributes": {"private": False}, + }, + ) + + except Exception as error: + assert isinstance(error, PermitConnectionError)