feat: add what_authorized feature

indykite · Apr 13, 2023 · d70b293 · d70b293
1 parent 77c80c2
commit d70b293
Show file tree

Hide file tree

Showing 5 changed files with 401 additions and 0 deletions.
diff --git a/indykite_sdk/api.py b/indykite_sdk/api.py
@@ -25,6 +25,7 @@
 from indykite_sdk.indykite.config.v1beta1.model_pb2 import google_dot_protobuf_dot_wrappers__pb2 as wrappers
 from indykite_sdk.indykite.identity.v1beta2.import_pb2 import Email as EmailIdentity
 from indykite_sdk.model.is_authorized import IsAuthorizedResource
+from indykite_sdk.model.what_authorized import WhatAuthorizedResourceTypes
 from indykite_sdk.model.tenant import Tenant
 from indykite_sdk.indykite.identity.v1beta2 import attributes_pb2 as attributes
 from indykite_sdk.identity import helper
@@ -499,6 +500,20 @@ def main():
     is_authorized_property_parser.add_argument("property_type", help="Digital Twin Identity Property")
     is_authorized_property_parser.add_argument("property_value", help="Digital Twin Identity Property value")
 
+    # what_authorized_dt
+    what_authorized_dt_parser = subparsers.add_parser("what_authorized_dt")
+    what_authorized_dt_parser.add_argument("digital_twin_id", help="Digital Twin id (gid)")
+    what_authorized_dt_parser.add_argument("tenant_id", help="Tenant id (gid)")
+
+    # what_authorized_token
+    what_authorized_token_parser = subparsers.add_parser("what_authorized_token")
+    what_authorized_token_parser.add_argument("access_token")
+
+    # what_authorized_property
+    what_authorized_property_parser = subparsers.add_parser("what_authorized_property")
+    what_authorized_property_parser.add_argument("property_type", help="Digital Twin Identity Property")
+    what_authorized_property_parser.add_argument("property_value", help="Digital Twin Identity Property value")
+
     # create_consent
     create_consent_parser = subparsers.add_parser("create_consent")
     create_consent_parser.add_argument("pii_processor_id", help="ID of OAuth2 Application")
@@ -1824,6 +1839,50 @@ def main():
             print("Invalid is_authorized")
         return is_authorized
 
+    elif command == "what_authorized_dt":
+        digital_twin_id = args.digital_twin_id
+        tenant_id = args.tenant_id
+        actions = ["ACTION1", "ACTION2"]
+        resource_types = [WhatAuthorizedResourceTypes("TypeName", actions),
+                          WhatAuthorizedResourceTypes("TypeNameSecond", actions)]
+        options = {"age": "21"}
+        what_authorized = client_authorization.what_authorized_digital_twin(digital_twin_id, tenant_id, resource_types, options)
+
+        if what_authorized:
+            print_response(what_authorized)
+        else:
+            print("Invalid what_authorized")
+        return what_authorized
+
+    elif command == "what_authorized_token":
+        access_token = args.access_token
+        actions = ["ACTION1", "ACTION2"]
+        resource_types = [WhatAuthorizedResourceTypes("TypeName", actions),
+                          WhatAuthorizedResourceTypes("TypeNameSecond", actions)]
+        options = {}
+        what_authorized = client_authorization.what_authorized_token(access_token, resource_types, options)
+        if what_authorized:
+            print_response(what_authorized)
+        else:
+            print("Invalid what_authorized")
+        return what_authorized
+
+    elif command == "what_authorized_property":
+        property_type = args.property_type #e.g "email"
+        property_value = args.property_value #e.g test@example.com
+        actions = ["ACTION1", "ACTION2"]
+        resource_types = [WhatAuthorizedResourceTypes("TypeName", actions),
+                          WhatAuthorizedResourceTypes("TypeNameSecond", actions)]
+        options = {"age":"21"}
+        what_authorized = client_authorization.what_authorized_property_filter(property_type, property_value,
+                                                                               resource_types=resource_types,
+                                                                               options=options)
+        if what_authorized:
+            print_response(what_authorized)
+        else:
+            print("Invalid what_authorized")
+        return what_authorized
+
     elif command == "create_consent":
         pii_processor_id = args.pii_processor_id
         pii_principal_id = args.pii_principal_id
@@ -1957,6 +2016,9 @@ def main():
         headers = {"Authorization": "Bearer "+access_token,
                    'Content-Type': 'application/json'}
         response_post = requests.post(endpoint, json=data, headers=headers)
+        # print(response_http2.token_source.token.access_token)
+        if response_post.text is not None:
+            print_response(response_post.text)
 
     elif command == "get_refreshable_token_source":
         token_source = None

diff --git a/indykite_sdk/authorization/__init__.py b/indykite_sdk/authorization/__init__.py
@@ -50,3 +50,4 @@ def __init__(self, local=False):
             raise exception(...).with_traceback(tb)
     # Imported methods
     from .is_authorized import is_authorized_token, is_authorized_digital_twin, is_authorized_property_filter
+    from .what_authorized import what_authorized_token, what_authorized_digital_twin, what_authorized_property_filter
diff --git a/indykite_sdk/authorization/what_authorized.py b/indykite_sdk/authorization/what_authorized.py
@@ -0,0 +1,92 @@
+from indykite_sdk.indykite.authorization.v1beta1 import authorization_service_pb2 as pb2
+from indykite_sdk.indykite.identity.v1beta2 import attributes_pb2 as attributes
+from indykite_sdk.indykite.identity.v1beta2 import model_pb2 as model
+from indykite_sdk.indykite.objects.v1beta1 import struct_pb2 as pb2_struct
+from indykite_sdk.indykite.authorization.v1beta1 import model_pb2 as pb2_model
+from indykite_sdk.model.what_authorized import WhatAuthorizedResponse
+import sys
+import indykite_sdk.utils.logger as logger
+
+
+def what_authorized_digital_twin(self, digital_twin_id, tenant_id, resource_types=[], options={}):
+    sys.excepthook = logger.handle_excepthook
+    try:
+        response = self.stub.WhatAuthorized(
+            pb2.WhatAuthorizedRequest(
+                subject=pb2_model.Subject(
+                    digital_twin_identifier=model.DigitalTwinIdentifier(
+                        digital_twin=model.DigitalTwin(
+                            id=str(digital_twin_id),
+                            tenant_id=str(tenant_id)
+                        )
+                    )
+                ),
+                resource_types=request_resource_type(resource_types),
+                options=request_options(options)
+            )
+        )
+        if not response:
+            return None
+        return WhatAuthorizedResponse.deserialize(response)
+    except Exception as exception:
+        return logger.logger_error(exception)
+
+
+def what_authorized_token(self, access_token, resource_types=[], options={}):
+    sys.excepthook = logger.handle_excepthook
+    try:
+        response = self.stub.WhatAuthorized(
+            pb2.WhatAuthorizedRequest(
+                subject=pb2_model.Subject(
+                    digital_twin_identifier=model.DigitalTwinIdentifier(
+                        access_token=str(access_token)
+                    )
+                ),
+                resource_types=request_resource_type(resource_types),
+                options=request_options(options)
+            )
+        )
+        if not response:
+            return None
+        return WhatAuthorizedResponse.deserialize(response)
+    except Exception as exception:
+        return logger.logger_error(exception)
+
+
+def what_authorized_property_filter(self, type_filter, value, resource_types=[], options={}):
+    sys.excepthook = logger.handle_excepthook
+    try:
+        response = self.stub.WhatAuthorized(
+            pb2.WhatAuthorizedRequest(
+                subject=pb2_model.Subject(
+                    digital_twin_identifier=model.DigitalTwinIdentifier(
+                        property_filter=attributes.PropertyFilter(
+                            type=str(type_filter),
+                            value=pb2_struct.Value(string_value=value)
+                        )
+                    )
+                ),
+                resource_types=request_resource_type(resource_types),
+                options=request_options(options)
+            )
+        )
+        if not response:
+            return None
+        return WhatAuthorizedResponse.deserialize(response)
+    except Exception as exception:
+        return logger.logger_error(exception)
+
+
+def request_resource_type(resource_types):
+    return [
+        pb2.WhatAuthorizedRequest.ResourceType(type=r.type, actions=list(r.actions))
+        for r in resource_types
+    ]
+
+
+def request_options(options):
+    options_dict = {
+        k: pb2_model.Option(string_value=str(v))
+        for k, v in options.items()
+    }
+    return options_dict
diff --git a/indykite_sdk/model/what_authorized.py b/indykite_sdk/model/what_authorized.py
@@ -0,0 +1,53 @@
+from indykite_sdk.utils import timestamp_to_date
+from google.protobuf.json_format import MessageToJson, MessageToDict
+import indykite_sdk.utils.logger as logger
+
+
+class WhatAuthorizedResponse:
+    @classmethod
+    def deserialize(cls, message):
+        if message is None:
+            return None
+
+        try:
+            message_dict = MessageToDict(message, preserving_proto_field_name=True)
+            if message_dict and message_dict["decisions"]:
+                what_authorized_response = WhatAuthorizedResponse(
+                    decision_time=timestamp_to_date(message.decision_time),
+                    decisions=message_dict["decisions"]
+                )
+            return what_authorized_response
+        except Exception as exception:
+            return logger.logger_error(exception)
+
+    def __init__(self, decision_time, decisions):
+        self.decision_time = decision_time,
+        self.decisions = decisions
+
+
+class WhatAuthorizedResourceTypes:
+    def __init__(self, type, actions=[]):
+        self.type = type
+        self.actions = actions
+
+
+class WhatAuthorizedDecisions:
+    def __init__(self, decision, allow_action):
+        self.decision = decision
+        self.allow_action = allow_action
+
+
+class WhatAuthorizedResponseActions:
+    def __init__(self, resources=[]):
+        self.resources = resources
+
+
+class WhatAuthorizedResponseResources:
+    def __init__(self, external_id):
+        self.external_id = external_id
+
+
+class WhatAuthorizedResponseResourceTypes:
+    def __init__(self, actions={}):
+        self.type = type
+        self.actions = actions