No project description provided
Project description
Cedar Python
This repository contains cedarpy
, a Python package that allows using the (Rust) Cedar Policy library from Python more convenient.
This project is built on the PyO3 and maturin projects. These projects are designed to enable Python to use Rust code and vice versa.
Note: This project is not officially supported by AWS or the Cedar Policy team.
Getting started
You'll need a few things to get started:
- Python +3.9
- Rust and
cargo
The most common development commands are in the Makefile
Note: This project is developed on an M1 Mac with Python 3.9.
Create virtual env
First create a Python virtual environment for this project with:
make venv-dev
In addition to creating a dedicated virtual environment, this will install cedar-py
's dependencies.
If this works you should be able to run the following command:
maturin --help
Build and run cedar-py
tests
Ensure the cedar-py
virtual environment is active by sourcing it in your shell:
source venv-dev/bin/activate
Now run:
make quick
The make quick
command will build the Rust source code with maturin
and run the project's tests with pytest
.
If all goes well, you should see output like:
(venv-dev) swedish-chef:cedar-py skuenzli$ make quick
Performing quick build
set -e ;\
maturin develop ;\
pytest
📦 Including license file "/path/to/cedar-py/LICENSE"
🔗 Found pyo3 bindings
🐍 Found CPython 3.9 at /path/to/cedar-py/venv-dev/bin/python
📡 Using build options features from pyproject.toml
Ignoring maturin: markers 'extra == "dev"' don't match your environment
Ignoring pip-tools: markers 'extra == "dev"' don't match your environment
Ignoring pytest: markers 'extra == "dev"' don't match your environment
💻 Using `MACOSX_DEPLOYMENT_TARGET=11.0` for aarch64-apple-darwin by default
Compiling cedarpy v0.1.0 (/path/to/cedar-py)
Finished dev [unoptimized + debuginfo] target(s) in 3.06s
📦 Built wheel for CPython 3.9 to /var/folders/k2/tnw8n1c54tv8nt4557pfx3440000gp/T/.tmpO6aj6c/cedarpy-0.1.0-cp39-cp39-macosx_11_0_arm64.whl
🛠 Installed cedarpy-0.1.0
================================================================================================ test session starts ================================================================================================
platform darwin -- Python 3.9.12, pytest-7.4.0, pluggy-1.2.0
rootdir: /path/to/cedar-py
configfile: pyproject.toml
testpaths: tests/unit
collected 10 items
tests/unit/test_authorize.py::AuthorizeTestCase::test_authorize_basic_ALLOW PASSED [ 10%]
tests/unit/test_authorize.py::AuthorizeTestCase::test_authorize_basic_DENY PASSED [ 20%]
... snip ... # a bunch of tests passing - please write more!
tests/unit/test_import_module.py::InvokeModuleTestFunctionTestCase::test_invoke_parse_test_policy PASSED [100%]
================================================================================================ 10 passed in 0.51s =================================================================================================
Integration tests
This project supports validating correctness with official Cedar integration tests. To run those tests you'll need to retrieve the cedar-integration-tests
data with:
make submodules
Then you can run:
make integration-tests
cedar-py
currently passes 46 of the 50 'example_use_cases_doc' tests. We will support executing more tests shortly. See test_cedar_integration_tests.py for details.
Using the library
Releases of cedarpy
will be available on PyPi soon. For now, if you'd like to use the library, you can build a release locally and install it with pip
.
If you used make quick
above, the cedarpy
module will already be installed. You can also use make release
to build a release locally.
The release process will build a wheel and output it into target/wheels/
You can install that file with pip, e.g.:
pip install /path/to/cedar-py/target/wheels/cedarpy-0.1.0-cp39-cp39-macosx_11_0_arm64.whl
Then you can use the library from your Python project just like the tests demonstrate:
from cedarpy import is_authorized, AuthzResult, Decision
policies: str = "//a string containing cedar policies"
entities: list = [ # a list of Cedar entities; can also be a json-formatted string of Cedar entities
{"uid": {"__expr": "User::\"alice\""}, "attrs": {}, "parents": []}
# ...
]
request = {
"principal": "User::\"bob\"",
"action": "Action::\"view\"",
"resource": "Photo::\"1234-abcd\"",
"context": {}
}
authz_result: AuthzResult = is_authorized(request, policies, entities)
# so you can assert on the decision like:
assert Decision.Allow == authz_result.decision
# or use the 'allowed' convenience method
assert authz_result.allowed
# or even via AuthzResult's attribute subscripting support
assert authz_result['allowed']
Contributing
This project is very early stage. This project uses GitHub issues. Contributions are welcome.
Some ways to contribute are:
- Use the project and report experience and issues
- Document usage and limitations
- Enhance the library with additional functionality you need
- Add test cases, particularly those from
cedar-integration-tests
You can reach peopel interested in this project in the cedar-py
channel of the Cedar Policy Slack workspace.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for cedarpy-0.1.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | c7e78cbd4b41328933faae2b7bc78bd4c2d2c2a4ecf4010b158d3a75912269fa |
|
MD5 | f98c84163cc9980002ba886d8c8e180b |
|
BLAKE2b-256 | fcf404f268e5d56b667484ee247d3eb6b9903514d803c615ef98e3f26e30d2b8 |
Hashes for cedarpy-0.1.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d7d77a3e4a460a3ed163a5abc840f11d91a59730751eea0132945245c6089214 |
|
MD5 | e46c1aaf2b8e7e4e20e4b47b27a11433 |
|
BLAKE2b-256 | 6691071b7958a6d783d44d781c0faf127ce7315cde6e87e61e60bb16c54b16cd |
Hashes for cedarpy-0.1.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a7e09f26ece616082d3953dad60f172163f9e7377820d6eb517fe1bb6328c8d7 |
|
MD5 | 4d9f71de81baea58531213cd7a42c208 |
|
BLAKE2b-256 | 91eba27d0e80c0c6fa5944ffc704807715400f8aa99715cda8d82dad49d80941 |
Hashes for cedarpy-0.1.0-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a51f4c6f780b43f343fcf1ce7df834e4dfcf7c5b664b363ed3441eeca8df63a0 |
|
MD5 | 094078db96140acd0b07d70c11fa3eea |
|
BLAKE2b-256 | ff61b06ccd44578bdf01519fcf6e08e932ef877c54ff107887078feb21cede35 |
Hashes for cedarpy-0.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 19aedf10da4ee72ba8755120474c7e9f51690de5fc802d690cd57d0f77d07463 |
|
MD5 | a57a3f2020d7f2e4a9b37f796000a3a8 |
|
BLAKE2b-256 | 1aa1245261adbf652f684de25ec8924fd1c2a773e5c737cb15a1d3e06ff981dd |
Hashes for cedarpy-0.1.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 848a28e1b600f143c102f3284931cec98b28308980a5129928b0330a5d852a13 |
|
MD5 | ad79c49652b97fe019eb628e69ce9319 |
|
BLAKE2b-256 | 93960d4261312abd8f06dacd1ed4ac98a251c7cdbe154252487de7f7232a5609 |
Hashes for cedarpy-0.1.0-cp311-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a109ab8e7cb522eb87a14b3433cf7820a5a61102c0ce58b2ed7485d8732836e4 |
|
MD5 | 1e05ce7a508c09eb96ed6bea6e34e1cf |
|
BLAKE2b-256 | 40957f75498b0e11946d22044ba9619e59d5b239b6181542cf35317d585af3ab |
Hashes for cedarpy-0.1.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 56566b890c208e82e35f28c6f7b5d330775d0e5b473dce69e9d00c1c286f538a |
|
MD5 | 7200f49bb17cdaed86af2c27259e157f |
|
BLAKE2b-256 | b5edc5e4d8b0c5e02bcdf01ae4f75a5c5bf0e61409be8863591caf6137e57037 |
Hashes for cedarpy-0.1.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 55bb1f3a5d16d2ed3c264c31f38c4733b87a8072ea1570c540ac28bbd0501e8c |
|
MD5 | 0124f8807182e384b262d6a0fd6b6da7 |
|
BLAKE2b-256 | bea1b59d0710a5b809bf7725a1de44fc69ecdfdc577c184f6fd11f8c084e07ec |
Hashes for cedarpy-0.1.0-cp311-cp311-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bb59df1debb7568e36a77db8f810656b4fe08f20bac299f135d5a24080d1cc68 |
|
MD5 | 1a5ba26b7b8623c791dd9148d4c5c0d4 |
|
BLAKE2b-256 | 58c800b62ea2108a8d2697dd3cf7a042a59deee3f7a6aff1efac0e2a8e5b26be |
Hashes for cedarpy-0.1.0-cp311-cp311-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 79b94059d008dce90e01d2a45071bdac4794c1579463d5c498634150e11879db |
|
MD5 | 0d8e54e7b0e678fcd946968fdb47d0a7 |
|
BLAKE2b-256 | e1a9bef1444cc737c5d505365f894a08c6eaf4e03af7d778720d4629333d3b1f |
Hashes for cedarpy-0.1.0-cp310-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4dd4aa5484ca860930d7f1eaadb86e43cd10b9ccf9c733aee92ee0b5ef1990ac |
|
MD5 | 7f372949227d1f93176a789879e2455a |
|
BLAKE2b-256 | 1362d80c2b93b9fc70c34257299a96ac8e07b2d3b7626fbb15969d7ac13c9a6b |
Hashes for cedarpy-0.1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e265dbf864981d7ec42bab8d41186dd946089614d289160de7fdc03ef6daa6c5 |
|
MD5 | aed705b75dbaa0ed4e44e1652662ea29 |
|
BLAKE2b-256 | 602e4a7be757128352b9e0c436d30847caa49eddbb74d08f165a6cf77423237b |
Hashes for cedarpy-0.1.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f41dced064e2a3c1ed61854167644a98e759b6f0f3c50610a5ee3f7f587710ae |
|
MD5 | c88f1ff25f0d1d8309d6f5f373a6512f |
|
BLAKE2b-256 | 3436eace3f1b05d223a6373f2a64121ac3b47919d68a44d1d9ee18a47a5a9696 |
Hashes for cedarpy-0.1.0-cp310-cp310-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b0e60a69631de992762c147e954312cb7530e160111fbed1c5ced3fc5efd27a3 |
|
MD5 | 275083bf647ebe21442178e3596c03ca |
|
BLAKE2b-256 | 6045898c7bb69ec66b38c5dca295b7fb8bea2d52acdf789bcd1f2d9af55764fb |
Hashes for cedarpy-0.1.0-cp310-cp310-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b68448aa3d1c140362bfd79d552f1739f52eb05134f795664739f7dd9a5b851d |
|
MD5 | 36474f79d81a0072bd796c6e14b365dd |
|
BLAKE2b-256 | deea51866bcd6db15d28a1684d14d96a9269010d5c2839cd39f8a64fed79dc01 |
Hashes for cedarpy-0.1.0-cp39-none-win_amd64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2b16a1d6bba14a02c11d03e4f4024d1dbff273a43a74308f70f0efb8816e1b19 |
|
MD5 | db71014d94acc8a533d05caf3f0a8607 |
|
BLAKE2b-256 | 41a58a9aa8d60b57492a5f5e20b055511158888759136ac086e7258e9e7f25e0 |
Hashes for cedarpy-0.1.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 94bde1fc4cf90427d4f9345fec7b457e64a0f537e4535a2b5ec604aed32e3290 |
|
MD5 | 558e5c8379c4a4439ee1b969979888dd |
|
BLAKE2b-256 | 1dd41f18450d56579632df3f58dd66c61278e12e895e0e088fc1721fa7a9c90e |
Hashes for cedarpy-0.1.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f601bbaf9dd4c700d8dd62e77137fc6e35c0a71204c543622d7d58fdd52f706b |
|
MD5 | ed920be35c0468d71a655e93c8965f8f |
|
BLAKE2b-256 | 89496b68edf836ba3f46adfc6527087727df752bf52b03868e8e2d9b1d2ef123 |
Hashes for cedarpy-0.1.0-cp39-cp39-macosx_11_0_arm64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 851c1c1b628c5da85e53ffd4d05eadd81b1e1dc6459b7d5448361b8f18ff3734 |
|
MD5 | 373a359ff4ec69851079a3894a8cbb7d |
|
BLAKE2b-256 | 4dbd1645e7b349f8113cadd152c2098476c1bd65429f298dde9393f4d4343853 |
Hashes for cedarpy-0.1.0-cp39-cp39-macosx_10_7_x86_64.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7d65436f41206e7739619db495625444db4fb75cbd18d27fd0912681229f86c2 |
|
MD5 | 1a74857d1079e4684762402172466fdc |
|
BLAKE2b-256 | 9c5a9bacc22292e50f46997e3887b25b302fe4ee94856e645c7d402f330657d6 |