Python client library for the Treetop policy server
Project description
TreeTop Client
Dataclass-based HTTPX client for the Treetop REST API. Python ≥ 3.11, zero runtime deps beyond HTTPX.
Example
from treetop_client.client import TreeTopClient
from treetop_client.models import Action, Request, Resource, User
client = TreeTopClient(base_url=f"http://localhost:{PORT}")
req = Request(
principal=User.new("myuser", "mynamespace", ["mygroup"]),
action=Action.new("myaction", ["mynamespace"]),
resource=Resource.new("Host", {"name": "myhost.example.com", "ip": "10.0.0.1"}),
)
resp = client.check(req)
assert resp.is_allowed()
assert resp.decision == "Allow"
# The other possible value for decision is "Deny" which makes `is_denied()` True
# (and `is_allowed()` False).
You can also use the check_detailed method to get more information about the decision:
from treetop_client.client import TreeTopClient
from treetop_client.models import Action, Request, Resource, User
client = TreeTopClient(base_url=f"http://localhost:{PORT}")
req = Request(
principal=User.new("myuser", "mynamespace", ["mygroup"]),
action=Action.new("myaction", ["mynamespace"]),
resource=Resource.new("Host", {"name": "myhost.example.com", "ip": "10.0.0.1"}),
)
resp = client.check_detailed(req)
assert resp.is_allowed()
assert resp.decision == "Allow"
# This will contain the policy that was matched, in cedar format
assert resp.policy_literal() is not None
# This will contain the policy that was matched, in JSON format
assert resp.policy_json() is not None
Note that for User the namespace and groups are optional, and for Action the namespace is optional. If you don't provide a namespace, it will default to the root namespace.
Correlation ID
You can pass a correlation ID to the check and check_detailed methods. This ID will be included in the request headers and can be used on the server side
to trace requests across queries or services. The value is a string of the client's choosing.
from treetop_client.client import TreeTopClient
from treetop_client.models import Action, Request, Resource, User
client = TreeTopClient(base_url=f"http://localhost:{PORT}")
req = Request(
principal=User.new("myuser", "mynamespace", ["mygroup"]),
action=Action.new("myaction", ["mynamespace"]),
resource=Resource.new("Host", {"name": "myhost.example.com", "ip": "10.0.0.1"}),
)
resp = client.check(req, correlation_id="my-correlation-id")
Integration tests
Make sure you have Docker & Docker Compose installed.
# Run only unit tests:
pytest
# Run integration tests (will spin up Docker Compose):
pytest -m integration
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file treetop_client-0.0.3.tar.gz.
File metadata
- Download URL: treetop_client-0.0.3.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
863b3a7f01e794e03674b4c7e011655c753432621c71e2f909ab966f4a7b5dda
|
|
| MD5 |
f3984e265d08300d7046819685bcd1d4
|
|
| BLAKE2b-256 |
872e1920bff4d2f621cbab9d97a54eff9bc71a3a4c9eaabf16a4164a56ac7565
|
File details
Details for the file treetop_client-0.0.3-py3-none-any.whl.
File metadata
- Download URL: treetop_client-0.0.3-py3-none-any.whl
- Upload date:
- Size: 6.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cf294f607401755ef02813a26cb8228fdba06835d1081ee43412e53fe4a8a21c
|
|
| MD5 |
2636bdd996f635e490e7701ed0e7bd98
|
|
| BLAKE2b-256 |
00c677e4dd3519bab99832d7b45869d57230f1028352c5a6942b7c33484b83e3
|
