def ExplainGranted(self, request, context): """Provides information on why a member has access to a resource. Args: request (object): gRPC request. context (object): gRPC context. Returns: object: proto message of explain granted result. """ reply = explain_pb2.ExplainGrantedReply() if not self.is_supported: return self._set_not_supported_status(context, reply) model_name = self._get_handle(context) result = self.explainer.explain_granted(model_name, request.member, request.resource, request.role, request.permission) bindings, member_graph, resource_names = result memberships = [] for child, parents in member_graph.items(): memberships.append( explain_pb2.Membership(member=child, parents=parents)) reply.memberships.extend(memberships) reply.resource_ancestors.extend(resource_names) reply.bindings.extend([ explain_pb2.Binding(member=member, resource=resource, role=role) for resource, role, member in bindings ]) return reply
def ExplainDenied(self, request, context): """Provides information on how to grant access. Args: request (object): gRPC request. context (object): gRPC context. Yields: object: Generator of proto message of explain denied result. """ reply = explain_pb2.BindingStrategy() if not self.is_supported: yield self._set_not_supported_status(context, reply) model_name = self._get_handle(context) binding_strategies = self.explainer.explain_denied( model_name, request.member, request.resources, request.permissions, request.roles) for overgranting, bindings in binding_strategies: strategy = explain_pb2.BindingStrategy(overgranting=overgranting) strategy.bindings.extend([ explain_pb2.Binding(member=b[1], resource=b[2], role=b[0]) for b in bindings ]) yield strategy