AZTP (Agentic Zero Trust Protocol) Client Library for Python
Project description
AZTP Client Python
Enterprise-grade identity service client for secure workload identity management using AZTP standards.
Table of Contents
Installation
pip install aztp-client
Requirements
- Python 3.8 or higher
Trusted Domains
The AZTP client maintains a whitelist of trusted domains for use with the trustDomain parameter. If not specified, defaults to aztp.network.
from aztp_client import whiteListTrustDomains
print("Available trusted domains:", whiteListTrustDomains)
Current Trusted Domains:
gptarticles.xyzgptapps.aivcagents.ai
Quick Start
from aztp_client import Aztp
client = Aztp(api_key="your-api-key")
agent = await client.secure_connect({}, "service1", config={"isGlobalIdentity": False})
Core Methods
Identity Management
| Method | Description |
|---|---|
secure_connect(crew_agent, name, config) |
Create a secure connection for a workload |
verify_identity(agent) |
Verify the identity of a secured agent |
verify_identity_connection(from_aztp_id, to_aztp_id) |
Verify connection between two agents |
get_identity(agent) |
Get identity information for a secured agent |
discover_identity(trust_domain, requestor_identity) |
Discover identities based on parameters |
revoke_identity(aztp_id, reason) |
Revoke an AZTP identity |
reissue_identity(aztp_id) |
Restore a previously revoked identity |
link_identities(source_identity, target_identity, relationship_type, metadata) |
Link two workload identities together |
Policy Management
| Method | Description |
|---|---|
get_policy(aztp_id) |
Get access policy for a specific AZTP identity |
get_policy_value(policies, filter_key, filter_value) |
Filter and extract a specific policy statement |
is_action_allowed(policy, action) |
Check if an action is allowed by a policy statement |
Policy Statement Structure
- The
Statementfield in a policy can be either a single dict or a list of dicts. - The
Actionfield can be a string or a list of strings. - The
is_action_allowedmethod normalizes both cases and works for all valid policy structures.
Example: Check if an action is allowed
policy_statement = aztpClient.get_policy_value(identity_access_policy, "code", "policy:0650537f8614")
if policy_statement:
is_allowed = aztpClient.is_action_allowed(policy_statement, "read")
print(f"Is 'read' allowed? {is_allowed}")
Example Policy Statement:
{
"Statement": [
{
"Effect": "Allow",
"Action": ["read", "write"]
},
{
"Effect": "Deny",
"Action": "delete"
}
]
}
Examples
Identity Revocation and Reissue
import os
import asyncio
from aztp_client import Aztp, whiteListTrustDomains
from dotenv import load_dotenv
load_dotenv()
async def main():
api_key = os.getenv("AZTP_API_KEY")
base_url = os.getenv("AZTP_BASE_URL")
if not api_key:
raise ValueError("AZTP_API_KEY is not set")
aztpClient = Aztp(api_key=api_key, base_url=base_url)
agent = {}
agent_name = "astha-local/arjun"
# Secure Connect
print(f"Connecting agent: {agent_name}")
localTestAgent = await aztpClient.secure_connect(agent, agent_name, {"isGlobalIdentity": False})
print("AZTP ID:", localTestAgent.identity.aztp_id)
# Verify
print(f"Verifying identity for agent: {agent_name}")
verify = await aztpClient.verify_identity(localTestAgent)
print("Verify:", verify)
# Revoke identity
print(f"Revoking identity for agent: {agent_name}")
revoke_result = await aztpClient.revoke_identity(localTestAgent.identity.aztp_id, "Revoked by user")
print("Identity Revoked:", revoke_result)
# Verify after revoke
print(f"Verifying identity after revoke for agent: {agent_name}")
is_valid_after_revoke = await aztpClient.verify_identity(localTestAgent)
print("Identity Valid After Revoke:", is_valid_after_revoke)
# Reissue identity
print(f"Reissuing identity for agent: {agent_name}")
reissue_result = await aztpClient.reissue_identity(localTestAgent.identity.aztp_id)
print("Identity Reissued:", reissue_result)
# Verify after reissue
print(f"Verifying identity after reissue for agent: {agent_name}")
is_valid_after_reissue = await aztpClient.verify_identity(localTestAgent)
print("Identity Valid After Reissue:", is_valid_after_reissue)
# Get and display policy information
print(f"Getting policy information for agent: {agent_name}")
identity_access_policy = await aztpClient.get_policy(localTestAgent.identity.aztp_id)
# Extract a specific policy by code (replace with your actual policy code)
policy = aztpClient.get_policy_value(
identity_access_policy,
"code",
"policy:0650537f8614" # Replace with your actual policy code
)
if policy:
is_allow = aztpClient.is_action_allowed(policy, "read")
print({"is_allow": is_allow})
if is_allow:
print({"actions": actions})
else:
print("Policy not found.")
# Link identities
print(f"Linking {agent_name}'s identity to another service")
try:
target_identity = "aztp://astha.ai/workload/production/node/partner-service"
link_result = await aztpClient.link_identities(
localTestAgent.identity.aztp_id,
target_identity,
"linked"
)
print(f"Identities linked successfully. Link ID: {link_result.get('_id')}")
except Exception as e:
print(f"Failed to link identities: {str(e)}")
if __name__ == "__main__":
asyncio.run(main())
### Linking Identities
```python
import os
import asyncio
from aztp_client import Aztp
from dotenv import load_dotenv
load_dotenv()
async def main():
api_key = os.getenv("AZTP_API_KEY")
base_url = os.getenv("AZTP_BASE_URL")
if not api_key:
raise ValueError("AZTP_API_KEY is not set")
aztpClient = Aztp(api_key=api_key, base_url=base_url)
# Define the source and target identities
source_identity = "aztp://astha.ai/workload/production/node/service-a"
target_identity = "aztp://astha.ai/workload/production/node/service-b"
# Link the two identities with a peer relationship
try:
result = await aztpClient.link_identities(
source_identity=source_identity,
target_identity=target_identity,
relationship_type="linked", # Can be "linked" or "parent"
)
print("Identity link created successfully:")
print(f"Link ID: {result.get('_id')}")
print(f"Source: {result.get('sourceIdentity')}")
print(f"Target: {result.get('targetIdentity')}")
print(f"Relationship: {result.get('relationshipType')}")
except Exception as e:
print(f"Error linking identities: {str(e)}")
if __name__ == "__main__":
asyncio.run(main())
---
## Error Handling
- **Connection Errors**: Handles network and server connectivity issues
- **Authentication Errors**: Manages API key and authentication failures
- **Validation Errors**: Validates input parameters and trust domains
- **Policy Errors**: Handles policy retrieval and validation failures
---
## License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aztp_client-1.0.29.tar.gz
(12.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aztp_client-1.0.29.tar.gz.
File metadata
- Download URL: aztp_client-1.0.29.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
25a1f0aea41815988164d2ca09567548124402f7f4321101ad3ef204609bd714
|
|
| MD5 |
f8200509e20ca21dc7f2cbfa52bce1bc
|
|
| BLAKE2b-256 |
bd6b0b46168676667a871cf4b98de0f3013fa1c2a23a2962093a9033409d9fd1
|
File details
Details for the file aztp_client-1.0.29-py3-none-any.whl.
File metadata
- Download URL: aztp_client-1.0.29-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f7852cffd2c206a878fb9f306203d4cf6e767c9c734b516067481b335fcd8dea
|
|
| MD5 |
535fe136f12a54b5cc5e4b3cbc08541e
|
|
| BLAKE2b-256 |
d58c3a324d623d5dd3ed43892cc635d6794402c7953f2ae3a51e5c11b61fd407
|
