diff --git a/archivist/notebooks/Share_Asset.ipynb b/archivist/notebooks/Share_Asset.ipynb deleted file mode 100644 index 2c599a82..00000000 --- a/archivist/notebooks/Share_Asset.ipynb +++ /dev/null @@ -1,407 +0,0 @@ -{ - "cells": [ - { - "cell_type": "markdown", - "id": "44acb43f", - "metadata": {}, - "source": [ - "# Sharing an Asset" - ] - }, - { - "cell_type": "code", - "execution_count": 3, - "id": "86095794", - "metadata": {}, - "outputs": [], - "source": [ - "\"\"\"Create an asset for Archivist with token.\n", - "\n", - " Create an access_policy that shares an asset when certain criteria are met.\n", - "\n", - " Access the asset from another Archivist connection using a second token with different\n", - " access rights.\n", - "\"\"\"\n", - "\n", - "from json import dumps as json_dumps\n", - "from os import getenv\n", - "\n", - "from dotenv import load_dotenv\n", - "\n", - "from archivist.archivist import Archivist\n", - "from archivist.constants import ASSET_BEHAVIOURS, SUBJECTS_SELF_ID\n", - "from archivist.logger import set_logger\n", - "from archivist.proof_mechanism import ProofMechanism" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "cf422835", - "metadata": {}, - "outputs": [], - "source": [ - "%reload_ext dotenv\n", - "%dotenv -o notebooks.env" - ] - }, - { - "cell_type": "code", - "execution_count": 4, - "id": "f0dc68f0", - "metadata": {}, - "outputs": [], - "source": [ - "# URL, CLIENT, SECRET are environment variables that represent connection parameters.\n", - "#\n", - "# URL = represents the url to the RKVST application\n", - "# CLIENT = represents the client ID from an Application Registration\n", - "# SECRET = represents the client secret from an Application Registration\n", - "\n", - "RKVST_URL = getenv(\"RKVST_URL\")\n", - "\n", - "RKVST_APPREG_CLIENT = {}\n", - "RKVST_APPREG_SECRET = {}\n", - "RKVST_APPREG_CLIENT[\"acme\"] = getenv(\"RKVST_APPREG_CLIENT\")\n", - "RKVST_APPREG_SECRET[\"acme\"] = getenv(\"RKVST_APPREG_SECRET\")\n", - "RKVST_APPREG_CLIENT[\"weyland\"] = \"cccccccccccccccccccccccccccccccccccc\"\n", - "RKVST_APPREG_SECRET[\n", - " \"weyland\"\n", - "] = \"ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss\"" - ] - }, - { - "cell_type": "code", - "execution_count": 5, - "id": "20a1af0d", - "metadata": {}, - "outputs": [], - "source": [ - "\"\"\"\n", - "Main function of Asset and Event creation.\n", - "\n", - "* Connect to RKVST with client ID and client secret\n", - "* Creates an Asset and two Events\n", - "* Prints response of Asset and Event creation\n", - "\"\"\"\n", - "\n", - "# Optional call to set the logger level. The argument can be either\n", - "# \"INFO\" or \"DEBUG\". For more sophisticated logging control see our\n", - "# documentation.\n", - "set_logger(\"INFO\")" - ] - }, - { - "cell_type": "code", - "execution_count": 6, - "id": "7463028b", - "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "Connecting to ACME\n" - ] - } - ], - "source": [ - "# Initialize connection to acme\n", - "print(\"Connecting to ACME\")\n", - "acme = Archivist(\n", - " RKVST_URL, (RKVST_APPREG_CLIENT[\"acme\"], RKVST_APPREG_SECRET[\"acme\"]), max_time=300\n", - ")" - ] - }, - { - "cell_type": "code", - "execution_count": 7, - "id": "f5b427c0", - "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "Connecting to WEYLAND\n" - ] - } - ], - "source": [ - "# Initialize connection to weyland\n", - "print(\"Connecting to WEYLAND\")\n", - "acme = Archivist(\n", - " RKVST_URL,\n", - " (RKVST_APPREG_CLIENT[\"weyland\"], RKVST_APPREG_SECRET[\"weyland\"]),\n", - " max_time=300,\n", - ")" - ] - }, - { - "cell_type": "code", - "execution_count": 8, - "id": "9ffed4c1", - "metadata": {}, - "outputs": [], - "source": [ - "def create_example_asset(arch, label):\n", - " \"\"\"Create an asset using Archivist Connection.\n", - "\n", - " Args:\n", - " arch: archivist connection.\n", - " label: convenience label to easily distinguish the 2 organizations.\n", - "\n", - " Returns:\n", - " Asset: a new asset created.\n", - "\n", - " \"\"\"\n", - " attrs = {\n", - " \"arc_display_name\": f\"{label}_display_name\", # Asset's display name\n", - " \"arc_description\": f\"{label}_display_description\", # Asset's description\n", - " \"arc_display_type\": f\"{label}_display_type\", # Arc_display_type is a free text field\n", - " \"ext_vendor_name\": label,\n", - " }\n", - "\n", - " # Select the mechanism used to prove evidence for the asset. If the selected proof\n", - " # mechanism is not enabled for your tenant then an error will occur.\n", - " # If unspecified then SIMPLE_HASH is used.\n", - " # proof_mechanism = ProofMechanism.KHIPU.name\n", - " #\n", - " props = {\n", - " \"proof_mechanism\": ProofMechanism.SIMPLE_HASH.name,\n", - " }\n", - "\n", - " # The first argument is the properties of the asset\n", - " # The second argument is the attributes of the asset\n", - " # The third argument is wait for confirmation:\n", - " # If @confirm@ is True then this function will not\n", - " # return until the asset is confirmed on the blockchain and ready\n", - " # to accept events (or an error occurs)\n", - " #\n", - " return arch.assets.create(props=props, attrs=attrs, confirm=True)" - ] - }, - { - "cell_type": "code", - "execution_count": 9, - "id": "b73faaf2", - "metadata": {}, - "outputs": [], - "source": [ - "def share_subjects(name1, arch1, name2, arch2):\n", - " \"\"\"Share subjects between 2 organizations\"\"\"\n", - " return arch1.subjects.share(\n", - " name1,\n", - " name2,\n", - " arch2,\n", - " )" - ] - }, - { - "cell_type": "code", - "execution_count": 10, - "id": "adb659e9", - "metadata": {}, - "outputs": [], - "source": [ - "def create_example_access_policy(arch, label, subject):\n", - " \"\"\"Create access policy\"\"\"\n", - " # consists of a filter selection entry and a selection criteria to restrict/redact\n", - " # values of the asset attributes available to the sharee.\n", - "\n", - " # values pertaining to the access polciy itself.\n", - " props = {\n", - " \"display_name\": f\"{label} access policy\",\n", - " \"description\": f\"{label} Policy description\",\n", - " }\n", - "\n", - " # Filtering - access will be allowed to any asset that contains both these\n", - " # attributes that equal these values. This happens to match the asset created\n", - " # previously.\n", - " filters = [\n", - " {\n", - " \"or\": [\n", - " f\"attributes.arc_display_type={label}_display_type\",\n", - " ]\n", - " },\n", - " {\n", - " \"or\": [\n", - " f\"attributes.ext_vendor_name={label}\",\n", - " ]\n", - " },\n", - " ]\n", - "\n", - " # one must be the subject to gain access and only those fields\n", - " # specified in include_attributes will be emitted.\n", - " access_permissions = [\n", - " {\n", - " \"subjects\": [\n", - " subject[\"identity\"],\n", - " ],\n", - " \"behaviours\": ASSET_BEHAVIOURS,\n", - " \"include_attributes\": [\n", - " \"arc_display_name\",\n", - " ],\n", - " },\n", - " ]\n", - "\n", - " return arch.access_policies.create(\n", - " props,\n", - " filters,\n", - " access_permissions,\n", - " )" - ] - }, - { - "cell_type": "code", - "execution_count": 11, - "id": "a3930e4e", - "metadata": {}, - "outputs": [ - { - "ename": "ArchivistBadRequestError", - "evalue": "https://app.dev-paul-0.wild.jitsuin.io/archivist/iam/v1/appidp/token: {\"error\":\"invalid_request\",\"error_description\":\"no client authentication mechanism provided\"} (400)", - "output_type": "error", - "traceback": [ - "\u001b[0;31m---------------------------------------------------------------------------\u001b[0m", - "\u001b[0;31mArchivistBadRequestError\u001b[0m Traceback (most recent call last)", - "\u001b[0;32m/tmp/ipykernel_374487/4273452617.py\u001b[0m in \u001b[0;36m\u001b[0;34m()\u001b[0m\n\u001b[1;32m 1\u001b[0m \u001b[0;31m# acme creates an asset\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m----> 2\u001b[0;31m \u001b[0macme_asset\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mcreate_example_asset\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0macme\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0;34m\"acme\"\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 3\u001b[0m \u001b[0mprint\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m\"asset created in acme\"\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mjson_dumps\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0macme_asset\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mindent\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0;36m4\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m/tmp/ipykernel_374487/3608554041.py\u001b[0m in \u001b[0;36mcreate_example_asset\u001b[0;34m(arch, label)\u001b[0m\n\u001b[1;32m 33\u001b[0m \u001b[0;31m# to accept events (or an error occurs)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 34\u001b[0m \u001b[0;31m#\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m---> 35\u001b[0;31m \u001b[0;32mreturn\u001b[0m \u001b[0march\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0massets\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mcreate\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mprops\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mprops\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mattrs\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mattrs\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mconfirm\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0;32mTrue\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/assets.py\u001b[0m in \u001b[0;36mcreate\u001b[0;34m(self, props, attrs, confirm)\u001b[0m\n\u001b[1;32m 141\u001b[0m \u001b[0mnewprops\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0m_deepmerge\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m{\u001b[0m\u001b[0;34m\"behaviours\"\u001b[0m\u001b[0;34m:\u001b[0m \u001b[0mASSET_BEHAVIOURS\u001b[0m\u001b[0;34m}\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mprops\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 142\u001b[0m \u001b[0mdata\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m__params\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mnewprops\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mattrs\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 143\u001b[0;31m \u001b[0;32mreturn\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mcreate_from_data\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mdata\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mconfirm\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mconfirm\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 144\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 145\u001b[0m \u001b[0;32mdef\u001b[0m \u001b[0mcreate_from_data\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mdata\u001b[0m\u001b[0;34m:\u001b[0m \u001b[0mdict\u001b[0m\u001b[0;34m[\u001b[0m\u001b[0mstr\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mAny\u001b[0m\u001b[0;34m]\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0;34m*\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mconfirm\u001b[0m\u001b[0;34m:\u001b[0m \u001b[0mbool\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0;32mTrue\u001b[0m\u001b[0;34m)\u001b[0m \u001b[0;34m->\u001b[0m \u001b[0mAsset\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/assets.py\u001b[0m in \u001b[0;36mcreate_from_data\u001b[0;34m(self, data, confirm)\u001b[0m\n\u001b[1;32m 157\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 158\u001b[0m \"\"\"\n\u001b[0;32m--> 159\u001b[0;31m \u001b[0masset\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mAsset\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m**\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_archivist\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mpost\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_label\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0mdata\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 160\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0;32mnot\u001b[0m \u001b[0mconfirm\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 161\u001b[0m \u001b[0;32mreturn\u001b[0m \u001b[0masset\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/retry429.py\u001b[0m in \u001b[0;36mwrapper\u001b[0;34m(*args, **kwargs)\u001b[0m\n\u001b[1;32m 24\u001b[0m \u001b[0;32mwhile\u001b[0m \u001b[0;32mTrue\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 25\u001b[0m \u001b[0;32mtry\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m---> 26\u001b[0;31m \u001b[0mret\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mf\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m*\u001b[0m\u001b[0margs\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0;34m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 27\u001b[0m \u001b[0;32mexcept\u001b[0m \u001b[0mArchivistTooManyRequestsError\u001b[0m \u001b[0;32mas\u001b[0m \u001b[0mex\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 28\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0mex\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mretry\u001b[0m \u001b[0;34m<=\u001b[0m \u001b[0;36m0\u001b[0m \u001b[0;32mor\u001b[0m \u001b[0mno_of_retries\u001b[0m \u001b[0;34m<=\u001b[0m \u001b[0;36m0\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/archivist.py\u001b[0m in \u001b[0;36mpost\u001b[0;34m(self, url, request, headers, data)\u001b[0m\n\u001b[1;32m 270\u001b[0m \u001b[0murl\u001b[0m\u001b[0;34m,\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 271\u001b[0m \u001b[0mjson\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mrequest\u001b[0m\u001b[0;34m,\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 272\u001b[0;31m \u001b[0mheaders\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_add_headers\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mheaders\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m,\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 273\u001b[0m \u001b[0mverify\u001b[0m\u001b[0;34m=\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mverify\u001b[0m\u001b[0;34m,\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 274\u001b[0m )\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/archivist.py\u001b[0m in \u001b[0;36m_add_headers\u001b[0;34m(self, headers)\u001b[0m\n\u001b[1;32m 229\u001b[0m \u001b[0mnewheaders\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0;34m{\u001b[0m\u001b[0;34m}\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 230\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 231\u001b[0;31m \u001b[0mauth\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mauth\u001b[0m \u001b[0;31m# this may trigger a refetch so only do it once here\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 232\u001b[0m \u001b[0;31m# for appidp endpoint there may not be an authtoken\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 233\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0mauth\u001b[0m \u001b[0;32mis\u001b[0m \u001b[0;32mnot\u001b[0m \u001b[0;32mNone\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/archivist.py\u001b[0m in \u001b[0;36mauth\u001b[0;34m(self)\u001b[0m\n\u001b[1;32m 195\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 196\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_machine_auth\u001b[0m \u001b[0;32mand\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_expires_at\u001b[0m \u001b[0;34m<\u001b[0m \u001b[0mtime\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 197\u001b[0;31m \u001b[0mapptoken\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mappidp\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mtoken\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m*\u001b[0m\u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_machine_auth\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 198\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_auth\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mapptoken\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mget\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m\"access_token\"\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 199\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0mself\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0m_auth\u001b[0m \u001b[0;32mis\u001b[0m \u001b[0;32mNone\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/appidp.py\u001b[0m in \u001b[0;36mtoken\u001b[0;34m(self, client_id, client_secret)\u001b[0m\n\u001b[1;32m 73\u001b[0m \"\"\"\n\u001b[1;32m 74\u001b[0m return AppIDP(\n\u001b[0;32m---> 75\u001b[0;31m **self._archivist.post(\n\u001b[0m\u001b[1;32m 76\u001b[0m \u001b[0;34mf\"{self._label}/{APPIDP_TOKEN}\"\u001b[0m\u001b[0;34m,\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 77\u001b[0m {\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/retry429.py\u001b[0m in \u001b[0;36mwrapper\u001b[0;34m(*args, **kwargs)\u001b[0m\n\u001b[1;32m 24\u001b[0m \u001b[0;32mwhile\u001b[0m \u001b[0;32mTrue\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 25\u001b[0m \u001b[0;32mtry\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m---> 26\u001b[0;31m \u001b[0mret\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0mf\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m*\u001b[0m\u001b[0margs\u001b[0m\u001b[0;34m,\u001b[0m \u001b[0;34m**\u001b[0m\u001b[0mkwargs\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 27\u001b[0m \u001b[0;32mexcept\u001b[0m \u001b[0mArchivistTooManyRequestsError\u001b[0m \u001b[0;32mas\u001b[0m \u001b[0mex\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 28\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0mex\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mretry\u001b[0m \u001b[0;34m<=\u001b[0m \u001b[0;36m0\u001b[0m \u001b[0;32mor\u001b[0m \u001b[0mno_of_retries\u001b[0m \u001b[0;34m<=\u001b[0m \u001b[0;36m0\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;32m~/github/rkvst-python/rkvst-venv/lib/python3.10/site-packages/archivist/archivist.py\u001b[0m in \u001b[0;36mpost\u001b[0;34m(self, url, request, headers, data)\u001b[0m\n\u001b[1;32m 276\u001b[0m \u001b[0merror\u001b[0m \u001b[0;34m=\u001b[0m \u001b[0m_parse_response\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0mresponse\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 277\u001b[0m \u001b[0;32mif\u001b[0m \u001b[0merror\u001b[0m \u001b[0;32mis\u001b[0m \u001b[0;32mnot\u001b[0m \u001b[0;32mNone\u001b[0m\u001b[0;34m:\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0;32m--> 278\u001b[0;31m \u001b[0;32mraise\u001b[0m \u001b[0merror\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n\u001b[0m\u001b[1;32m 279\u001b[0m \u001b[0;34m\u001b[0m\u001b[0m\n\u001b[1;32m 280\u001b[0m \u001b[0;32mreturn\u001b[0m \u001b[0mresponse\u001b[0m\u001b[0;34m.\u001b[0m\u001b[0mjson\u001b[0m\u001b[0;34m(\u001b[0m\u001b[0;34m)\u001b[0m\u001b[0;34m\u001b[0m\u001b[0;34m\u001b[0m\u001b[0m\n", - "\u001b[0;31mArchivistBadRequestError\u001b[0m: https://app.dev-paul-0.wild.jitsuin.io/archivist/iam/v1/appidp/token: {\"error\":\"invalid_request\",\"error_description\":\"no client authentication mechanism provided\"} (400)" - ] - } - ], - "source": [ - "# acme creates an asset\n", - "acme_asset = create_example_asset(acme, \"acme\")\n", - "print(\"asset created in acme\", json_dumps(acme_asset, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "57fc4483", - "metadata": {}, - "outputs": [], - "source": [ - "# set a subject for weyland in acme's environment. The identity will be used as a\n", - "# filter in the access permissions of the access_policy.\n", - "weyland_subject_on_acme, acme_subject_on_weyland = share_subjects(\n", - " \"weyland on acme\", acme, \"acme_on_weyland\", weyland\n", - ")\n", - "print(\"weyland_subject on acme\", json_dumps(weyland_subject_on_acme, indent=4))\n", - "print(\"acme_subject on acme\", json_dumps(acme_subject_on_weyland, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "1a7d7b99", - "metadata": {}, - "outputs": [], - "source": [ - "# now we want acme to share this asset to weyland via an access policy.\n", - "access_policy = create_example_access_policy(acme, \"acme\", weyland_subject_on_acme)\n", - "print(\"access policy created in acme\", json_dumps(access_policy, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "2fb8f137", - "metadata": {}, - "outputs": [], - "source": [ - "# display the asset as retrieved by the sharee\n", - "# NB: the attributes dict is redacted...\n", - "weyland_asset = weyland.assets.read(acme_asset[\"identity\"])\n", - "print(\"asset read from weyland\", json_dumps(weyland_asset, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "6d3951fb", - "metadata": {}, - "outputs": [], - "source": [ - "# list matching access policies\n", - "access_policies = list(\n", - " acme.access_policies.list_matching_access_policies(acme_asset[\"identity\"])\n", - ")\n", - "print(\"access policies read from acme\", json_dumps(access_policies, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "78934995", - "metadata": {}, - "outputs": [], - "source": [ - "# delete all the access policies\n", - "for access_policy in access_policies:\n", - " acme.access_policies.delete(access_policy[\"identity\"])" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "86dcd3b5", - "metadata": { - "scrolled": true - }, - "outputs": [], - "source": [ - "# list matching access policies\n", - "access_policies = list(\n", - " acme.access_policies.list_matching_access_policies(acme_asset[\"identity\"])\n", - ")\n", - "print(\"access policies read from acme\", json_dumps(access_policies, indent=4))" - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "63aaf7b7", - "metadata": {}, - "outputs": [], - "source": [ - "# display the asset as retrieved by the sharee - the asset is still shared even though there are no access policies\n", - "# NB: the attributes dict is redacted...\n", - "weyland_asset = weyland.assets.read(acme_asset[\"identity\"])\n", - "print(\"asset read from weyland\", json_dumps(weyland_asset, indent=4))" - ] - } - ], - "metadata": { - "kernelspec": { - "display_name": "Python 3 (ipykernel)", - "language": "python", - "name": "python3" - }, - "language_info": { - "codemirror_mode": { - "name": "ipython", - "version": 3 - }, - "file_extension": ".py", - "mimetype": "text/x-python", - "name": "python", - "nbconvert_exporter": "python", - "pygments_lexer": "ipython3", - "version": "3.10.6" - } - }, - "nbformat": 4, - "nbformat_minor": 5 -} diff --git a/docs/notebooks.rst b/docs/notebooks.rst index 25b7a0a9..15f39eae 100644 --- a/docs/notebooks.rst +++ b/docs/notebooks.rst @@ -80,11 +80,4 @@ Download the notebooks into a suitable folder: notebooks/Check Asset Compliance using CURRENT OUTSTANDING Policy notebooks/Check Asset Compliance using SINCE Policy -.. toctree:: - :maxdepth: 2 - :caption: Asset Sharing - - notebooks/Share_Asset - -