py_abac.policy package

Subpackages

• py_abac.policy.conditions package
  • Subpackages
    • py_abac.policy.conditions.attribute package
      • Submodules
      • py_abac.policy.conditions.attribute.all_in module
      • py_abac.policy.conditions.attribute.all_not_in module
      • py_abac.policy.conditions.attribute.any_in module
      • py_abac.policy.conditions.attribute.any_not_in module
      • py_abac.policy.conditions.attribute.base module
      • py_abac.policy.conditions.attribute.equals module
      • py_abac.policy.conditions.attribute.is_in module
      • py_abac.policy.conditions.attribute.is_not_in module
      • py_abac.policy.conditions.attribute.not_equals module
      • Module contents
    • py_abac.policy.conditions.collection package
      • Submodules
      • py_abac.policy.conditions.collection.all_in module
      • py_abac.policy.conditions.collection.all_not_in module
      • py_abac.policy.conditions.collection.any_in module
      • py_abac.policy.conditions.collection.any_not_in module
      • py_abac.policy.conditions.collection.base module
      • py_abac.policy.conditions.collection.is_empty module
      • py_abac.policy.conditions.collection.is_in module
      • py_abac.policy.conditions.collection.is_not_empty module
      • py_abac.policy.conditions.collection.is_not_in module
      • Module contents
    • py_abac.policy.conditions.logic package
      • Submodules
      • py_abac.policy.conditions.logic.all_of module
      • py_abac.policy.conditions.logic.any_of module
      • py_abac.policy.conditions.logic.base module
      • py_abac.policy.conditions.logic.not_ module
      • Module contents
    • py_abac.policy.conditions.numeric package
      • Submodules
      • py_abac.policy.conditions.numeric.base module
      • py_abac.policy.conditions.numeric.eq module
      • py_abac.policy.conditions.numeric.gt module
      • py_abac.policy.conditions.numeric.gte module
      • py_abac.policy.conditions.numeric.lt module
      • py_abac.policy.conditions.numeric.lte module
      • py_abac.policy.conditions.numeric.neq module
      • Module contents
    • py_abac.policy.conditions.object package
      • Submodules
      • py_abac.policy.conditions.object.equals_object module
      • Module contents
    • py_abac.policy.conditions.others package
      • Submodules
      • py_abac.policy.conditions.others.any module
      • py_abac.policy.conditions.others.cidr module
      • py_abac.policy.conditions.others.exists module
      • py_abac.policy.conditions.others.not_exists module
      • Module contents
    • py_abac.policy.conditions.string package
      • Submodules
      • py_abac.policy.conditions.string.base module
      • py_abac.policy.conditions.string.contains module
      • py_abac.policy.conditions.string.ends_with module
      • py_abac.policy.conditions.string.equals module
      • py_abac.policy.conditions.string.not_contains module
      • py_abac.policy.conditions.string.not_equals module
      • py_abac.policy.conditions.string.regex_match module
      • py_abac.policy.conditions.string.starts_with module
      • Module contents
  • Submodules
  • py_abac.policy.conditions.base module
  • py_abac.policy.conditions.schema module
  • Module contents

Submodules

py_abac.policy.policy module

Policy class

class py_abac.policy.policy.Policy(uid: str, description: str, rules: py_abac.policy.rules.Rules, targets: py_abac.policy.targets.Targets, effect: str, priority: int)

Bases: object

Policy class containing rules and targets

fits(ctx: py_abac.context.EvaluationContext) → bool

Check if the request fits policy

Parameters

ctx – evaluation context

Returns

True if fits else False

static from_json(data: dict) → py_abac.policy.policy.Policy

Create Policy object from JSON

to_json()

Convert policy object to JSON

property is_allowed

Check if access is allowed

class py_abac.policy.policy.PolicySchema(*, only: Union[Sequence[str], Set[str], None] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: marshmallow.schema.Schema

JSON schema for policy

post_load(data, **_)

opts = <marshmallow.schema.SchemaOpts object>

py_abac.policy.rules module

Policy rules class

class py_abac.policy.rules.RuleField(*, load_default: Any = <marshmallow.missing>, missing: Any = <marshmallow.missing>, dump_default: Any = <marshmallow.missing>, default: Any = <marshmallow.missing>, data_key: Optional[str] = None, attribute: Optional[str] = None, validate: Union[Callable[[Any], Any], Iterable[Callable[[Any], Any]], None] = None, required: bool = False, allow_none: Optional[bool] = None, load_only: bool = False, dump_only: bool = False, error_messages: Optional[Dict[str, str]] = None, metadata: Optional[Mapping[str, Any]] = None, **additional_metadata)

Bases: marshmallow.fields.Field

Marshmallow field class for rules

class py_abac.policy.rules.Rules(subject: Union[List, Dict], resource: Union[List, Dict], action: Union[List, Dict], context: Union[List, Dict])

Bases: object

Policy rules

is_satisfied(ctx: py_abac.context.EvaluationContext)

Check if request satisfies all conditions

Parameters

ctx – policy evaluation context

Returns

True if satisfied else False

class py_abac.policy.rules.RulesSchema(*, only: Union[Sequence[str], Set[str], None] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: marshmallow.schema.Schema

JSON schema for rules

post_load(data, **_)

opts = <marshmallow.schema.SchemaOpts object>

py_abac.policy.targets module

Policy targets class

class py_abac.policy.targets.TargetField(*, load_default: Any = <marshmallow.missing>, missing: Any = <marshmallow.missing>, dump_default: Any = <marshmallow.missing>, default: Any = <marshmallow.missing>, data_key: Optional[str] = None, attribute: Optional[str] = None, validate: Union[Callable[[Any], Any], Iterable[Callable[[Any], Any]], None] = None, required: bool = False, allow_none: Optional[bool] = None, load_only: bool = False, dump_only: bool = False, error_messages: Optional[Dict[str, str]] = None, metadata: Optional[Mapping[str, Any]] = None, **additional_metadata)

Bases: marshmallow.fields.Field

Marshmallow field class for targets

class py_abac.policy.targets.Targets(subject_id: list, resource_id: list, action_id: list)

Bases: object

Policy targets

match(ctx: py_abac.context.EvaluationContext)

Check if request matches policy targets

Parameters

ctx – policy evaluation context

Returns

True if matches else False

class py_abac.policy.targets.TargetsSchema(*, only: Union[Sequence[str], Set[str], None] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Optional[Dict] = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: Optional[str] = None)

Bases: marshmallow.schema.Schema

JSON schema for targets

post_load(data, **_)

opts = <marshmallow.schema.SchemaOpts object>

Module contents

Exposed classes and methods