基于属性的访问控制(ABAC)
py-abac的Python项目详细描述
py ABAC公司
python的基于属性的访问控制(ABAC)。在
简介
Py-ABAC是基于策略的基于属性的访问控制(ABAC)工具包。ABAC为您提供了对限制对资源访问的规则定义的细粒度控制,通常被认为是“下一代”授权模型。py-ABAC的设计源于XACML标准和abacythonsdkVakt。在
有关详细信息,请参见documentation。在
安装
PyABAC运行在Python>;=3.5上。PyPy实现也受支持。在
要安装基本软件包,请运行以下命令:
pip install py-abac
对于基本包,可以使用内存策略存储后端。对于其他持久后端运行:
^{pr2}$示例用法
快速潜入:
frompymongoimportMongoClientfrompy_abacimportPDP,Policy,AccessRequestfrompy_abac.storage.mongoimportMongoStorage# Policy definition in JSONpolicy_json={"uid":"1","description":"Max and Nina are allowed to create, delete, get any ""resources only if the client IP matches.","effect":"allow","rules":{"subject":[{"$.name":{"condition":"Equals","value":"Max"}},{"$.name":{"condition":"Equals","value":"Nina"}}],"resource":{"$.name":{"condition":"RegexMatch","value":".*"}},"action":[{"$.method":{"condition":"Equals","value":"create"}},{"$.method":{"condition":"Equals","value":"delete"}},{"$.method":{"condition":"Equals","value":"get"}}],"context":{"$.ip":{"condition":"CIDR","value":"127.0.0.1/32"}}},"targets":{},"priority":0}# Parse JSON and create policy objectpolicy=Policy.from_json(policy_json)# Setup policy storageclient=MongoClient()storage=MongoStorage(client)# Add policy to storagestorage.add(policy)# Create policy decision pointpdp=PDP(storage)# A sample access request JSONrequest_json={"subject":{"id":"","attributes":{"name":"Max"}},"resource":{"id":"","attributes":{"name":"myrn:example.com:resource:123"}},"action":{"id":"","attributes":{"method":"get"}},"context":{"ip":"127.0.0.1"}}# Parse JSON and create access request objectrequest=AccessRequest.from_json(request_json)# Check if access request is allowed. Evaluates to True since # Max is allowed to get any resource when client IP matches.assertpdp.is_allowed(request)
文件
Py ABAC文档可以在https://py-abac.readthedocs.io找到
您也可以通过在docs
文件夹中运行make html
来构建文档。在
测井
py ABAC遵循库的通用日志记录模式:
它对应的模块记录发生的所有事件,但默认情况下日志消息由NullHandler
处理。由外部代码/应用程序提供所需的日志处理程序、过滤器、级别等
例如:
importloggingroot=logging.getLogger()root.setLevel(logging.INFO)root.addHandler(logging.StreamHandler())...# here go all the py_abac calls.
里程碑
最有价值的功能按重要性排序:
- [x] 斯芬克斯文件
- []政策义务
- [x] 内存存储
- [x] SQL存储
- []存储缓存机制
- [x] 文件存储
致谢
py-ABAC的概念和实现设计源于XACML标准和abacythonsdkVakt。在
发展
Py-ABAC需要一些后端数据库,如MongoDB、MySQL等进行测试和开发。为了方便 test文件夹中提供了一个docker-compose文件来生成所需的基础结构。只需运行:
$ cd tests $ docker-compose up -d # this spawns up all the databases. $ cd .. # returns to the root repo folder
要破解py ABAC运行:
$ pip install -e .[dev]# to install all dependencies $ pytest --cov=py_abac tests/ # to get coverage report $ pylint py_abac # to check code quality with PyLint $ bandit py_abac # to check code security with Bandit
您可以选择使用make
来执行开发任务。在
许可证
源代码是在Apache许可证2.0版下授权的
捐款
拉请求和错误报告总是受欢迎的!:)
- 项目
标签: