def _init_(self, **kwargs):
"""
Define the base permissions
"""
yield self.load_from_database()
self.guard = vakt.Guard(self.vakt_storage, vakt.RulesChecker())
self.auth_platforms = deepcopy(AUTH_PLATFORMS) # Possible authentication platforms and their actions.
self.system_seed = self._Configs.get("core.rand_seed")
def main():
# configure logger
# root = logging.getLogger()
# root.setLevel(logging.INFO)
# root.addHandler(logging.StreamHandler())
# start server
storage = vakt.MemoryStorage()
# policy = vakt.Policy.from_json(
# '{"actions": [{"py/object": "vakt.rules.operator.Eq", "val": "get"}, {"py/object": "vakt.rules.operator.Eq", "val": "list"}, {"py/object": "vakt.rules.operator.Eq", "val": "read"}], "context": {}, "description": "Grant read access to all states", "effect": "allow", "meta": {}, "resources": [{"id": {"py/object": "vakt.rules.logic.Any"}, "platform": {"py/object": "vakt.rules.operator.Eq", "val": "lib/states"}}], "subjects": [{"py/object": "vakt.rules.operator.Eq", "val": "user:joe"}], "type": 2, "uid": "7d8b335b-9ee8-420d-94e0-ef17e3b92b15"}')
# storage.add(p)
for p in policies:
# print(f"adding p: {p}")
# print(p.to_json())
storage.add(p)
# print(f"references: {storage.get_all(100, 0)[0]}")
guard = vakt.Guard(storage, vakt.RulesChecker())
# inq = vakt.Inquiry(action='get',
# resource={'platform': 'lib/states', 'id': '*'},
# subject={'name': 'larry', 'role': 'admin'},
# context={'referer': 'https://github.com'})
#
# print(f"get - larry - admin - * - {bool(guard.is_allowed(inq))}")
#
# inq = vakt.Inquiry(action='edit',
# resource={'platform': 'lib/states', 'id': 'one'},
# subject={'name': 'larry', 'role': 'admin'},
# context={'referer': 'https://github.com'})
#
# print(f"edit - larry - admin - one - {bool(guard.is_allowed(inq))}")
#
inq = vakt.Inquiry(action='get',
resource={'platform': 'lib/states', 'id': '*'},
subject='user:joe',
context={'referer': 'https://github.com'})
print(f"get - * - user___joe - {bool(guard.is_allowed(inq))}")
roles = ['one', 'two']
inq = vakt.Inquiry(action='get',
resource={'platform': 'lib/states', 'id': 'one'},
subject='user:joe',
context={'referer': 'https://github.com'})
print(f"get - one - user___joe - {bool(guard.is_allowed(inq))}")
roles = ['one', 'two']
def auth(request, resource):
"""
Authorize requester
"""
user, action = get_user(request)
guard = vakt.Guard(storage, vakt.RulesChecker())
#print(resource, file=sys.stderr)
inq = vakt.Inquiry(
action=action,
resource=resource,
subject=user,
)
print(inq, file=sys.stderr)
allowed = guard.is_allowed(inq)
print(allowed, file=sys.stderr)
if allowed == False:
unauthourized()
def __init__(self):
self.storage = self._create_storage()
self.guard = vakt.Guard(self.storage, vakt.RulesChecker())
for p in policies:
self.storage.add(p)
}],
resources=[Eq('GOOSE')],
effect=vakt.ALLOW_ACCESS,
)
storage.add(policy)
policy = vakt.Policy(
str(uuid.uuid4()),
subjects=[Eq('ied02')],
actions=[{
'type': Or(Eq('subscribe')),
'dest': Eq('01:0c:cd:01:00:01')
}],
resources=[Eq('GOOSE')],
effect=vakt.ALLOW_ACCESS,
)
storage.add(policy)
policy = vakt.Policy(
str(uuid.uuid4()),
subjects=[Any()],
actions=[{
'dest': Not(StartsWith('01:0c:cd:01'))
}],
resources=[Eq('GOOSE')],
effect=vakt.DENY_ACCESS,
)
storage.add(policy)
guard = vakt.Guard(storage, vakt.RulesChecker())