Python client library for the Treetop policy server

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for terjekv from gravatar.com terjekv

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Terje Kvernes
  • Requires: Python >=3.12
Classifiers
Report project as malware

Project description

TreeTop Client

Dataclass-based HTTPX client for the Treetop REST API. Python ≥ 3.12, zero runtime deps beyond HTTPX.

Example

from treetop_client.client import TreeTopClient
from treetop_client.models import (
    Action,
    Decision,
    Request,
    Resource,
    User,
    ResourceAttribute,
    ResourceAttributeType,
)

client = TreeTopClient(base_url=f"http://localhost:{PORT}")

attrs = {}
attrs["ip"] = ResourceAttribute.new("10.0.0.1", ResourceAttributeType.IP)
attrs["name"] = ResourceAttribute.new("myhost.example.com", ResourceAttributeType.STRING)

req = Request(
    principal=User.new("myuser", "mynamespace", ["mygroup"]),
    action=Action.new("myaction", ["mynamespace"]),
    resource=Resource.new("Host", id="myhost", attrs=attrs)
)
resp = client.check(req)

# Use is_allowed() / is_denied() methods
assert resp.is_allowed()
# Or compare with the Decision enum
assert resp.decision == Decision.ALLOW

You can also use the check_detailed method to get more information about the decision:

from treetop_client.client import TreeTopClient
from treetop_client.models import (
    Action,
    Decision,
    Request,
    Resource,
    User,
    ResourceAttribute,
    ResourceAttributeType,
)

client = TreeTopClient(base_url=f"http://localhost:{PORT}")

attrs = {}
attrs["ip"] = ResourceAttribute.new("10.0.0.1", ResourceAttributeType.IP)
attrs["name"] = ResourceAttribute.new("myhost.example.com", ResourceAttributeType.STRING)

req = Request(
    principal=User.new("myuser", "mynamespace", ["mygroup"]),
    action=Action.new("myaction", ["mynamespace"]),
    resource=Resource.new("Host", id="myhost", attrs=attrs)
)

resp = client.check_detailed(req)
assert resp.is_allowed()
assert resp.decision == Decision.ALLOW

# Access policy information (if allowed)
assert resp.policy_literal() is not None  # Cedar format
assert resp.policy_json() is not None     # JSON format

# Access version information (if server supports it)
hash = resp.version_hash()           # SHA-256 hash or None
loaded_at = resp.version_loaded_at() # datetime or None

Note that for User the namespace and groups are optional, and for Action the namespace is optional. If you don't provide a namespace, it will default to the root namespace.

Correlation ID

You can pass a correlation ID to the check and check_detailed methods. This ID will be included in the request headers and can be used on the server side to trace requests across queries or services. The value is a string of the client's choosing.

from treetop_client.client import TreeTopClient
from treetop_client.models import (
    Action,
    Request,
    Resource,
    User,
    ResourceAttribute,
    ResourceAttributeType,
)

client = TreeTopClient(base_url=f"http://localhost:{PORT}")

attrs = {}
attrs["ip"] = ResourceAttribute.new("10.0.0.1", ResourceAttributeType.IP)
attrs["name"] = ResourceAttribute.new("myhost.example.com", ResourceAttributeType.STRING)

req = Request(
    principal=User.new("myuser", "mynamespace", ["mygroup"]),
    action=Action.new("myaction", ["mynamespace"]),
    resource=Resource.new("Host", id="myhost", attrs=attrs)
)

resp = client.check(req, correlation_id="my-correlation-id")

Integration tests

Make sure you have Docker & Docker Compose installed.

# Run only unit tests:
pytest

# Run integration tests (will spin up Docker Compose):
pytest -m integration

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for terjekv from gravatar.com terjekv

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Terje Kvernes
  • Requires: Python >=3.12
Classifiers

Release history Release notifications | RSS feed

0.0.7

0.0.6

This version

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

treetop_client-0.0.5.tar.gz (6.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

treetop_client-0.0.5-py3-none-any.whl (7.1 kB view details)

Uploaded Python 3

File details

Details for the file treetop_client-0.0.5.tar.gz.

File metadata

  • Download URL: treetop_client-0.0.5.tar.gz
  • Upload date:
  • Size: 6.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.2.1 CPython/3.13.9 Darwin/25.1.0

File hashes

Hashes for treetop_client-0.0.5.tar.gz
Algorithm Hash digest
SHA256 f8df7fe97df25b37f2c5eb590ff345cb8ca57ba1cef28ddff096e23152e55e4d
MD5 ff4f9b978bed30d3cece00ce224029db
BLAKE2b-256 07aba5de3bd4ec6310fba5df672366bf9422a7197fb3829f15163e627788a1f0

See more details on using hashes here.

File details

Details for the file treetop_client-0.0.5-py3-none-any.whl.

File metadata

  • Download URL: treetop_client-0.0.5-py3-none-any.whl
  • Upload date:
  • Size: 7.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/2.2.1 CPython/3.13.9 Darwin/25.1.0

File hashes

Hashes for treetop_client-0.0.5-py3-none-any.whl
Algorithm Hash digest
SHA256 a4abb5e9c592f0bd6d0e30e530068f610fa2c1c73c32317427460e826c277d03
MD5 bad11d2571bf1a71ad8e687d957c8300
BLAKE2b-256 19f249f8d7719eb4977c6255d7f6c21297ab252debf457f4ff81a22d1ccadd82

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page