top of page
  • Shawn McKinney

Introducing a pythonic RBAC API


py-fortress is a Python API implementing Role-Based Access Control level 0 – Core. It’s still pretty new so there’s going to be some rough edges that will need to be smoothed out in the coming weeks.

To try it out, clone its git repo and use one of the fortress docker images for OpenLDAP or Apache Directory. The README has the details.

The API is pretty simple to use.

ADMIN FUNCTIONS WORK LIKE THIS

# Add User:
admin_mgr.add_user(User(uid='foo', password='secret'))

# Add Role:
admin_mgr.add_role(Role(name='customer'))

# Assign User:
admin_mgr.assign(User(uid='foo'), Role(name='customer'))

# Add Permission:
admin_mgr.add_perm_obj(PermObj(obj_name='shopping-cart'))
admin_mgr.add_perm(Perm(obj_name='shopping-cart', op_name='checkout'))

# Grant:
admin_mgr.grant(Perm(obj_name='shopping-cart', op_name='checkout'),Role(name='customer')) 

ACCESS CONTROL FUNCTIONS

# Create Session, False means mandatory password authentication.
session = access_mgr.create_session(User(uid='foo', password='secret'), False)

# Permission check, returns True if allowed:
result = access_mgr.check_access(session, Perm(obj_name='shopping-cart', op_name='checkout'))

# Get all the permissions allowed for user:
perms = access_mgr.session_perms(session)

# Check a role:
result = access_mgr.is_user_in_role(session, Role(name='customer'))

# Get all roles in the session:
roles = access_mgr.session_roles(session)

In addition, there’s the full compliment of review apis as prescribed by RBAC. If interested, look at the RBAC modules:

  • admin_mgr

  • review_mgr

  • access_mgr

Each of the modules have comments that describe the functions, along with their required and optional attributes.

Try it out and let me know what you think. There will be a release in the near future that will include some additional tooling. If it takes off, RBAC1 – RBAC3 will follow.

126 views0 comments

Recent Posts

See All

OpenLDAP Containers and a Helm Chart

Symas announces commercial support for an OpenLDAP container and associated Helm Chart, simplifying deployment of OpenLDAP within Kubernetes or anywhere Docker is available. The containers and chart,

OpenLDAP & LMDB Sizing Guide

Jan 17, 2022 Introduction Symas OpenLDAP configured with LMDB has been extensively tested and its performance characteristics are well understood. Both OpenLDAP and LMDB’s scaling characteristics are

Implementing LDAPS in Symas OpenLDAP 2.5+

Please note that the certificates must be in a pem format (.pem or .crt). You will need three certificates: Root CA certificate, server certificate (with the fqdn of server in subject line or in the s

Comments


bottom of page