No project description provided
Project description
predicate
Installing predicate
poetry install
Alternately, poetry shell can also be used to run predicate.
Working with policies
Example policy
# access.py
from solver.ast import Duration
from solver.teleport import AccessNode, Node, Options, OptionsSet, Policy, Rules, User
class Teleport:
p = Policy(
name="access",
loud=False,
allow=Rules(
AccessNode(
((AccessNode.login == User.name) & (User.name != "root"))
| (User.traits["team"] == ("admins",))
),
),
options=OptionsSet(Options((Options.max_session_ttl < Duration.new(hours=10)))),
deny=Rules(
AccessNode(
(AccessNode.login == "mike")
| (AccessNode.login == "jester")
| (Node.labels["env"] == "prod")
),
),
)
def test_access(self):
# Alice will be able to login to any machine as herself
ret, _ = self.p.check(
AccessNode(
(AccessNode.login == "alice")
& (User.name == "alice")
& (Node.labels["env"] == "dev")
)
)
assert ret is True, "Alice can login with her user to any node"
# No one is permitted to login as mike
ret, _ = self.p.query(AccessNode((AccessNode.login == "mike")))
assert ret is False, "This role does not allow access as mike"
# No one is permitted to login as jester
ret, _ = self.p.query(AccessNode((AccessNode.login == "jester")))
assert ret is False, "This role does not allow access as jester"
Testing a policy
predicate test access.py
Running 1 tests:
- test_access: ok
Exporting a policy
predicate export access.py
kind: policy
metadata:
name: access
spec:
allow:
access_node: (((access_node.login == user.name) && (!(user.name == "root"))) ||
equals(user.traits["team"], ["admins"]))
deny:
access_node: (((access_node.login == "mike") || (access_node.login == "jester"))
|| (node.labels["env"] == "prod"))
options: (options.max_session_ttl < 36000000000000)
version: v1
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
predicate_dev_test-0.1.0.tar.gz
(28.1 kB
view details)
Built Distribution
File details
Details for the file predicate_dev_test-0.1.0.tar.gz.
File metadata
- Download URL: predicate_dev_test-0.1.0.tar.gz
- Upload date:
- Size: 28.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.7 Darwin/22.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 45b493932f7c9e92431d84eb5ca2a9062d3c69007175fe8bdf88f6036b49997b |
|
| MD5 | e9f58782cf24422904d1fdfe1658cc52 |
|
| BLAKE2b-256 | ce8d6425b5e09ee74dc3d8ff4b041e13ec3878b39ee7560e5368f43b447ef07b |
File details
Details for the file predicate_dev_test-0.1.0-py3-none-any.whl.
File metadata
- Download URL: predicate_dev_test-0.1.0-py3-none-any.whl
- Upload date:
- Size: 31.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.10.7 Darwin/22.1.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 71675e83513ba5b58a399969b00512ab4b073d03abf826046a23cd9ff93461cc |
|
| MD5 | d07d6b4b1d6cbc32edc0800bd0e5288c |
|
| BLAKE2b-256 | dda598cd7c7715b1d964895dc58b18081a2ff05a2f6534d7f6e8a11b0b86e5b4 |
