Skip to main content

Veza Open Authorization API (OAA) SDK

Project description

Python SDK for Veza Open Authorization API

The oaaclient package provides data models, methods and a command-line interface for using the Open Authorization API. You can use it to format and publish user, resource, and authorization metadata for processing by a Veza instance.

For example usage, please see the samples directory. For more information on Veza visit https://www.veza.com.

What is OAA?

The Open Authorization API is used to submit authorization metadata for custom applications to a Veza instance for parsing and inclusion in the Entity Catalog.

  • A typical OAA-based integration will use APIs to query the source application for information about users, resources, and permissions, along with other authorization entities such as groups and roles.
  • This data payload is published to Veza as a JSON object. The oaaclient modules simplify building the required JSON model and pushing the payload to Veza via the REST API.
  • Any application or identity provider added using OAA becomes fully available for search, rules and alerts, and access reviews, similar to any officially-supported integration.

Using the SDK

The oaaclient SDK includes the following components:

  • oaaclient.client: Veza API communication (data provider management, payload push, etc.). Requires an API key for authentication.
  • oaaclient.templates: Classes for modeling and generating an OAA payload.
  • oaaclient.utils: Additional utility functions (icon encoding, etc.).

Sample Workflow

Create the Veza API connection and a new custom application:

from oaaclient.client import OAAClient
from oaaclient.templates import CustomApplication, OAAPermission

# creates a connection class to communicate with Veza
veza_con = OAAClient(url=veza_url, token=veza_api_key)

# creates a new Custom Application model
custom_app = CustomApplication(name="Sample App", application_type="sample")

Once the CustomApplication class is instantiated, you can use the public methods to populate the new app with local users, groups, resources, and permissions metadata:

custom_app.add_custom_permission("owner", [OAAPermission.DataRead, OAAPermission.DataWrite])
jane = custom_app.add_local_user("jane", identities="jane@example.com")
resource1 = custom_app.add_resource(name="Resource 1", resource_type="thing")
jane.add_permission(permission="owner", resources=[resource1])

Once all identities, permissions and resources are modeled, the client connection handles the final push to Veza:

veza_con.push_application(provider, data_source_name, application_object=custom_app)

For more examples see the samples directory.

Command Line Use

The oaaclient can also be used as a command line tool for pushing completed OAA payloads to Veza for testing and debugging, without needing to make the API requests "by hand."

You will need the following JSON files:

  1. provider.json - must contain the provider name and template to use (application or idp).

    {
      "name": "ProviderName",
      "custom_template": "application"
    }
    
  2. auth.json - defines the Veza host and API key to use

    {
      "host": "https://demo.vezacloud.com",
      "token": "ZXlKaGJHY2lPaUpJ....."
    }
    
  3. payload.json - The complete OAA JSON body to submit. For full reference see the Veza documentation. This format must match the schema (template) selected in provider.json.

Once the above files are created, the payload can be pushed with the following command:

oaaclient  --provider provider.json --auth auth.json payload.json

The client will read the files and push the payload to Veza. The client will automatically create any required custom provider and data sources.

Handling Errors

The OAAClient class handles API connections to Veza. If there are errors connecting or the API returns errors OAAClient will raise an OAAClientError exception. If the payload does not conform to the template requirements the OAAClientError.details will contain a list of any issues encountered.

    try:
        response = veza_con.push_application(provider_name=provider_name,
                                             data_source_name=data_source_name,
                                             application_object=custom_app,
                                            )
        if response.get("warnings"):
            print("Push succeeded with warnings:")
            for w in response["warnings"]:
                print(w)
    except OAAClientError as e:
        print(f"Error: {e.error}: {e.message} ({e.status_code})", file=sys.stderr)
        if hasattr(e, "details"):
            for d in e.details:
                print(d, file=sys.stderr)

Additional documentation

Since any given source application or service will have different methods for retrieving entities, authorization, and other required metadata, each OAA connector will be slightly different. You should consult the API documentation for your application when considering how you will source the information, and refer to existing Veza-supported OAA connectors for real-world examples.

Connector source code and oaaclient modules are thoroughly annotated, for reference when building your own integrations.

For additional information on developing a custom OAA integration, please contact your Veza support team for access to the User Guide.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

oaaclient-1.1.10.tar.gz (59.8 kB view details)

Uploaded Source

Built Distribution

oaaclient-1.1.10-py3-none-any.whl (38.7 kB view details)

Uploaded Python 3

File details

Details for the file oaaclient-1.1.10.tar.gz.

File metadata

  • Download URL: oaaclient-1.1.10.tar.gz
  • Upload date:
  • Size: 59.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.14

File hashes

Hashes for oaaclient-1.1.10.tar.gz
Algorithm Hash digest
SHA256 cdb72c46ed2f7cec1c31328da96fb7a0c468283cb2355dc4db6e214c0bd60357
MD5 3ceaab7320fc9c95a8d93e4357cae371
BLAKE2b-256 dabe3be2d905c748dd5a99c8fdbf32549f1211ba32ea824fd4078b3ddf59ccdf

See more details on using hashes here.

File details

Details for the file oaaclient-1.1.10-py3-none-any.whl.

File metadata

  • Download URL: oaaclient-1.1.10-py3-none-any.whl
  • Upload date:
  • Size: 38.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.1.1 CPython/3.10.14

File hashes

Hashes for oaaclient-1.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 4c3c74180d161f3657d89794b5f76427641b052c6b6b0a96c2410fac91d3b9a0
MD5 437c8a3496e6cf0f9da4861a5aa1cd7a
BLAKE2b-256 02627fbe92f8b25208049586c66e4def1020a69d6a46bf786bcdbdfe787b7d8a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page