KBAC - Key-based Access Control
Last modified by John on 2021/10/31 17:47
Introduction
Provides simple access control based on key+principals (all strings).
Examples
By role:
import kbac
ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])
print(ac.is_allowed(["viewer"], ["lucy"]))
print(ac.is_allowed(["manager"], ["lucy"]))
print(ac.is_allowed(["viewer", "manager"], ["rick"]))
ac = kbac.KBAC()
ac.add("viewer", ["bob", "joe"])
ac.add("manager", ["lucy", "rick"])
print(ac.is_allowed(["viewer"], ["lucy"]))
print(ac.is_allowed(["manager"], ["lucy"]))
print(ac.is_allowed(["viewer", "manager"], ["rick"]))
Notes:
- add individual settings using KBAC.add()
- test if lucy is a viewer
- test if lucy is a manager
- test if rick is a viewer or manager
By service:
import kbac
acdict = {
"list": "dudley, al, jeffrey",
"create": "dudley, jill",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
print("key (%s) allowed (%s)" % (key, ac.is_allowed([key], principals)))
acdict = {
"list": "dudley, al, jeffrey",
"create": "dudley, jill",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
principals = ["dudley"]
print "principals (%s)" % (principals,)
for key in acdict:
print("key (%s) allowed (%s)" % (key, ac.is_allowed([key], principals)))
Notes:
- load KBAC object from dictionary
- test which keys/services dudley is allowed
Display settings:
import kbac
acdict = {
"list": "dudley, al",
"create": "dudley, brittany",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
for key in ac.keys():
print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))
acdict = {
"list": "dudley, al",
"create": "dudley, brittany",
"delete": "dudley",
}
ac = kbac.KBAC()
ac.load(acdict.items())
for key in ac.keys():
print("key (%s) principals (%s)\n" % (key, sorted(ac.principals(key))))
Notes:
- extract settings using KBAC.keys() and KBAC.principals()