def ExplainGranted(self, request, context):
"""Provides information on why a member has access to a resource.
Args:
request (object): gRPC request.
context (object): gRPC context.
Returns:
object: proto message of explain granted result.
"""
reply = explain_pb2.ExplainGrantedReply()
if not self.is_supported:
return self._set_not_supported_status(context, reply)
model_name = self._get_handle(context)
result = self.explainer.explain_granted(model_name, request.member,
request.resource, request.role,
request.permission)
bindings, member_graph, resource_names = result
memberships = []
for child, parents in member_graph.items():
memberships.append(
explain_pb2.Membership(member=child, parents=parents))
reply.memberships.extend(memberships)
reply.resource_ancestors.extend(resource_names)
reply.bindings.extend([
explain_pb2.Binding(member=member, resource=resource, role=role)
for resource, role, member in bindings
])
return reply
def ExplainDenied(self, request, context):
"""Provides information on how to grant access.
Args:
request (object): gRPC request.
context (object): gRPC context.
Yields:
object: Generator of proto message of explain denied result.
"""
reply = explain_pb2.BindingStrategy()
if not self.is_supported:
yield self._set_not_supported_status(context, reply)
model_name = self._get_handle(context)
binding_strategies = self.explainer.explain_denied(
model_name, request.member, request.resources, request.permissions,
request.roles)
for overgranting, bindings in binding_strategies:
strategy = explain_pb2.BindingStrategy(overgranting=overgranting)
strategy.bindings.extend([
explain_pb2.Binding(member=b[1], resource=b[2], role=b[0])
for b in bindings
])
yield strategy