Policy document evaluator plugin for Spakky auth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12
Report project as malware

Project description

spakky-policy

spakky-policy는 YAML, TOML, JSON policy document를 typed canonical model로 로드하고 spakky-auth의 RBAC, PBAC, ABAC-style 인가 규칙을 평가하는 provider 플러그인입니다.

설치

pip install spakky-auth spakky-policy spakky-fastapi

사용법

SPAKKY_POLICY_DOCUMENT_PATH가 YAML, TOML, JSON 문서를 가리키면 플러그인이 해당 문서를 DI-managed PolicyDocument로 로드합니다. 경로를 설정하지 않으면 비어 있는 policy document를 등록해 인가 요청을 안전하게 거부합니다.

from fastapi import FastAPI
from spakky.auth import protected, require_policy
from spakky.core.application.application import SpakkyApplication
from spakky.core.application.application_context import ApplicationContext
from spakky.core.pod.annotations.pod import Pod
from spakky.plugins.fastapi.routes import get
from spakky.plugins.fastapi.stereotypes.api_controller import ApiController
import spakky.auth
import spakky.plugins.fastapi
import spakky.plugins.policy


@ApiController("/articles")
class ArticleController:
    @get("/{article_id}")
    @require_policy(resource="article:1", action="article:read")
    @protected
    def read(self, article_id: str) -> dict[str, str]:
        return {"id": article_id}


@Pod()
def get_api() -> FastAPI:
    return FastAPI()


app = (
    SpakkyApplication(ApplicationContext())
    .load_plugins(
        include={
            spakky.auth.PLUGIN_NAME,
            spakky.plugins.fastapi.PLUGIN_NAME,
            spakky.plugins.policy.PLUGIN_NAME,
        }
    )
    .add(get_api)
    .add(ArticleController)
    .start()
)
api = app.container.get(FastAPI)

Policy 의미

  • 명시적 deny statement는 matching allow statement보다 우선합니다.
  • matching allow statement가 없으면 default deny evidence를 반환합니다.
  • condition은 all, any, not composition과 equals, not_equals, in, contains, exists atomic operator를 지원합니다.
  • resource, action, tenant ref는 decorator metadata, AuthContext, resolver output, 또는 provider-neutral AuthorizationRequest에서 온 canonical string입니다.
  • named policy가 OR/ANY 사용자 표면입니다. MCP/tool authorization, generic policy API, policy UI, authorized data filtering은 이 패키지 범위 밖입니다.

라이선스

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Spakky from gravatar.com Spakky
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Spakky
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

6.9.1

6.9.0

6.8.0

6.7.0

This version

6.6.1

6.6.0

6.5.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spakky_policy-6.6.1.tar.gz (9.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spakky_policy-6.6.1-py3-none-any.whl (13.5 kB view details)

Uploaded Python 3

File details

Details for the file spakky_policy-6.6.1.tar.gz.

File metadata

  • Download URL: spakky_policy-6.6.1.tar.gz
  • Upload date:
  • Size: 9.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.6.1.tar.gz
Algorithm Hash digest
SHA256 79e568278f3b6ed80c8b32dc8f9498e654edab3f24228d9742755a3647924e21
MD5 40ad656cf412b6aa79466811fbaf3110
BLAKE2b-256 a7f11071a087d32958166a74ca9c095c4e32d0927aabbdd60764d56c449dfb7e

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.6.1.tar.gz:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file spakky_policy-6.6.1-py3-none-any.whl.

File metadata

  • Download URL: spakky_policy-6.6.1-py3-none-any.whl
  • Upload date:
  • Size: 13.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for spakky_policy-6.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 411be4dc1a6ee017f4b077c84bd1a5a168cc461601ae8deaa12d4d1beb48eef4
MD5 c005a59e8b276ff811ec3203c19c1123
BLAKE2b-256 d5e8ae198635b72a88f3a28081342d0e2d4887b9156ad4d29da7567e45599fba

See more details on using hashes here.

Provenance

The following attestation bundles were made for spakky_policy-6.6.1-py3-none-any.whl:

Publisher: release.yml on E5presso/spakky-framework

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page