The Permguard Python SDK provides a simple and flexible client to perform authorization checks against a Permguard Policy Decision Point (PDP) service using gRPC. Plase refer to the Permguard Documentation for more information.
- Python 3.8, 3.9, 3.10, 3.11 (supported versions)
This package is compatible with the following Python versions:
Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11
Make sure you have one of these versions installed before proceeding.
Run the following command to install the SDK:
pip install permguardBelow is a sample Python code demonstrating how to create a Permguard client, build an authorization request using a builder pattern, and process the authorization response:
from permguard.az.azreq.builder_principal import PrincipalBuilder
from permguard.az.azreq.builder_request_atomic import AZAtomicRequestBuilder
from permguard.az_client import AZClient
from permguard.az_config import with_endpoint
az_client = AZClient(with_endpoint("localhost", 9094))
principal = PrincipalBuilder("amy.smith@acmecorp.com").build()
entities = [
{
"uid": {"type": "MagicFarmacia::Platform::BranchInfo", "id": "subscription"},
"attrs": {"active": True},
"parents": [],
}
]
req = (
AZAtomicRequestBuilder(
895741663247,
"809257ed202e40cab7e958218eecad20",
"platform-creator",
"MagicFarmacia::Platform::Subscription",
"MagicFarmacia::Platform::Action::create",
)
.with_request_id("1234")
.with_principal(principal)
.with_entities_items("cedar", entities)
.with_subject_role_actor_type()
.with_subject_source("keycloack")
.with_subject_property("isSuperUser", True)
.with_resource_id("e3a786fd07e24bfa95ba4341d3695ae8")
.with_resource_property("isEnabled", True)
.with_action_property("isEnabled", True)
.with_context_property("time", "2025-01-23T16:17:46+00:00")
.with_context_property("isSubscriptionActive", True)
.build()
)
ok, response = az_client.check(req)
if ok:
print("✅ authorization permitted")
else:
print("❌ authorization denied")
if response and response.context:
if response.context.reason_admin:
print(f"-> reason admin: {response.context.reason_admin.message}")
if response.context.reason_user:
print(f"-> reason user: {response.context.reason_user.message}")
for eval in response.evaluations:
if eval.context and eval.context.reason_user:
print(f"-> reason admin: {eval.context.reason_admin.message}")
print(f"-> reason user: {eval.context.reason_user.message}")
if response and response.evaluations:
for eval in response.evaluations:
if eval.context:
if eval.context.reason_admin:
print(f"-> evaluation requestid {eval.request_id}: reason admin: {eval.context.reason_admin.message}")
if eval.context.reason_user:
print(f"-> evaluation requestid {eval.request_id}: reason user: {eval.context.reason_user.message}")Our SDK follows a versioning scheme aligned with the PermGuard server versions to ensure seamless integration. The versioning format is as follows:
SDK Versioning Format: x.y.z
- x.y: Indicates the compatible PermGuard server version.
- z: Represents the SDK's patch or minor updates specific to that server version.
Compatibility Examples:
SDK Version 1.3.0is compatible withPermGuard Server 1.3.SDK Version 1.3.1includes minor improvements or bug fixes forPermGuard Server 1.3.
Incompatibility Example:
SDK Version 1.3.0may not be guaranteed to be compatible withPermGuard Server 1.4due to potential changes introduced in server version1.4.
Important: Ensure that the major and minor versions (x.y) of the SDK match those of your PermGuard server to maintain compatibility.
Created by Nitro Agility.