Skip to content

Commit

Permalink
feat: add authorization
Browse files Browse the repository at this point in the history
  • Loading branch information
@cowan-macady
cowan-macady committed Jan 20, 2023
1 parent 2d922d7 commit c6d6b6e
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 33 deletions.
21 changes: 11 additions & 10 deletions indykite_sdk/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,8 @@ def main():

# is_authorized_property
is_authorized_property_parser = subparsers.add_parser("is_authorized_property")
is_authorized_property_parser.add_argument("email", help="Existing Digital Twin email")
is_authorized_property_parser.add_argument("property_type", help="Digital Twin Identity Property")
is_authorized_property_parser.add_argument("property_value", help="Digital Twin Identity Property value")
is_authorized_property_parser.add_argument("tenant_id", help="Tenant id (gid)")

args = parser.parse_args()
Expand Down Expand Up @@ -1644,8 +1645,8 @@ def main():
elif command == "is_authorized_dt":
digital_twin_id = args.digital_twin_id
tenant_id = args.tenant_id
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
is_authorized = client_authorization.is_authorized_digital_twin(digital_twin_id, tenant_id, resources, actions)

if is_authorized:
Expand All @@ -1656,8 +1657,8 @@ def main():

elif command == "is_authorized_token":
access_token = args.access_token
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
is_authorized = client_authorization.is_authorized_token(access_token, resources, actions)
if is_authorized:
print_response(is_authorized)
Expand All @@ -1666,12 +1667,12 @@ def main():
return is_authorized

elif command == "is_authorized_property":
type_filter = "email"
email_value = args.email
property_type = args.property_type #e.g "email"
property_value = args.property_value #e.g test@example.com
tenant_id = args.tenant_id
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
actions = ["HAS_FREE_PARKING"]
is_authorized = client_authorization.is_authorized_property_filter(type_filter, email_value, tenant_id,
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
is_authorized = client_authorization.is_authorized_property_filter(property_type, property_value, tenant_id,
resources=resources, actions=actions)
if is_authorized:
print_response(is_authorized)
Expand Down
3 changes: 2 additions & 1 deletion indykite_sdk/authorization/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from indykite_sdk.authorization import helper
from indykite_sdk.indykite.identity.v1beta2 import identity_management_api_pb2_grpc as pb2_grpc
from indykite_sdk.indykite.authorization.v1beta1 import authorization_service_pb2_grpc as pb2


class AuthorizationClient(object):
Expand Down Expand Up @@ -46,7 +47,7 @@ def __init__(self, local=False):
call_credentials)

self.channel = grpc.secure_channel(endpoint, composite_credentials)
self.stub = pb2_grpc.IdentityManagementAPIStub(channel=self.channel)
self.stub = pb2.AuthorizationAPIStub(channel=self.channel)

# Imported methods
from .is_authorized import is_authorized_token, is_authorized_digital_twin, is_authorized_property_filter
44 changes: 22 additions & 22 deletions tests/test_is_authorized.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ def test_is_authorized_token_wrong_token():
assert client is not None

access_token = data.get_expired_token()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
response = client.is_authorized_token(access_token, resources, actions)
assert response is None

Expand All @@ -23,8 +23,8 @@ def test_is_authorized_token_success():
assert client is not None

access_token = data.get_verification_bearer()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
res = []
for r in resources:
res.append(pb2.IsAuthorizedRequest.Resource(id=r.id, label=r.label))
Expand All @@ -46,8 +46,8 @@ def test_is_authorized_token_empty():
assert client is not None

access_token = data.get_verification_bearer()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
res = []
for r in resources:
res.append(pb2.IsAuthorizedRequest.Resource(id=r.id, label=r.label))
Expand All @@ -69,8 +69,8 @@ def test_is_authorized_dt_wrong_dt():

digital_twin_id = data.get_tenant_email()
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
response = client.is_authorized_digital_twin(digital_twin_id, tenant_id, resources, actions)
assert response is None

Expand All @@ -81,8 +81,8 @@ def test_is_authorized_dt_wrong_resources():

digital_twin_id = data.get_digital_twin()
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [{"lotA", "ParkingLot"}]
actions = ["ACTION"]
resources = [{"resourceID", "LabelName"}]
response = client.is_authorized_digital_twin(digital_twin_id, tenant_id, resources, actions)
assert response is None

Expand All @@ -93,8 +93,8 @@ def test_is_authorized_dt_success():

digital_twin_id = data.get_digital_twin()
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
digital_twin_identifier = pb2_ident.DigitalTwinIdentifier(
digital_twin=model.DigitalTwin(
id=str(digital_twin_id),
Expand All @@ -117,8 +117,8 @@ def test_is_authorized_dt_empty():

digital_twin_id = data.get_digital_twin()
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
digital_twin_identifier = pb2_ident.DigitalTwinIdentifier(
digital_twin=model.DigitalTwin(
id=str(digital_twin_id),
Expand All @@ -142,8 +142,8 @@ def test_is_authorized_property_wrong_property():
type_filter = "email"
email_value = "sdk@indykite.com"
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
response = client.is_authorized_property_filter(type_filter, email_value, tenant_id, resources, actions)
assert response is None

Expand All @@ -155,8 +155,8 @@ def test_is_authorized_property_wrong_resources():
type_filter = "email"
email_value = "sdk@indykite.com"
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [{"lotA", "ParkingLot"}]
actions = ["ACTION"]
resources = [{"resourceID", "LabelName"}]
response = client.is_authorized_property_filter(type_filter, email_value, tenant_id, resources, actions)
assert response is None

Expand All @@ -168,8 +168,8 @@ def test_is_authorized_property_success():
type_filter = "email"
email_value = "sdk@indykite.com"
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
digital_twin_identifier = pb2_ident.DigitalTwinIdentifier(
property_filter=pb2_ident.PropertyFilter(
type=str(type_filter),
Expand All @@ -194,8 +194,8 @@ def test_is_authorized_property_empty():
type_filter = "email"
email_value = "sdk@indykite.com"
tenant_id = data.get_tenant()
actions = ["HAS_FREE_PARKING"]
resources = [IsAuthorizedResource("lotA", "ParkingLot"), IsAuthorizedResource("lotB", "ParkingLot")]
resources = [IsAuthorizedResource("resourceID", "LabelName"), IsAuthorizedResource("resource2ID", "LabelName")]
actions = ["ACTION"]
digital_twin_identifier = pb2_ident.DigitalTwinIdentifier(
property_filter=pb2_ident.PropertyFilter(
type=str(type_filter),
Expand Down

0 comments on commit c6d6b6e

Please sign in to comment.