Skip to main content

Casbin role watcher to be used for monitoring updates to policies for PyCasbin

Project description

postgresql-watcher

Build Status Coverage Status Version PyPI - Wheel Pyversions Download Discord

Casbin watcher based on PostgreSQL for monitoring updates to casbin policies.

Installation

pip install casbin-postgresql-watcher

Basic Usage Example

from flask_authz import CasbinEnforcer
from postgresql_watcher import PostgresqlWatcher
from flask import Flask
from casbin.persist.adapters import FileAdapter

casbin_enforcer = CasbinEnforcer(app, adapter)
watcher = PostgresqlWatcher(host=HOST, port=PORT, user=USER, password=PASSWORD, dbname=DBNAME)
watcher.set_update_callback(casbin_enforcer.load_policy)
casbin_enforcer.set_watcher(watcher)

# Call should_reload before every call of enforce to make sure
# the policy is update to date
watcher.should_reload()
if casbin_enforcer.enforce("alice", "data1", "read"):
    # permit alice to read data1
    pass
else:
    # deny the request, show an error
    pass

alternatively, if you need more control

from flask_authz import CasbinEnforcer
from postgresql_watcher import PostgresqlWatcher
from flask import Flask
from casbin.persist.adapters import FileAdapter

casbin_enforcer = CasbinEnforcer(app, adapter)
watcher = PostgresqlWatcher(host=HOST, port=PORT, user=USER, password=PASSWORD, dbname=DBNAME)
casbin_enforcer.set_watcher(watcher)

# Call should_reload before every call of enforce to make sure
# the policy is update to date
if watcher.should_reload():
    casbin_enforcer.load_policy()

if casbin_enforcer.enforce("alice", "data1", "read"):
    # permit alice to read data1
    pass
else:
    # deny the request, show an error
    pass

Basic Usage Example With SSL Enabled

See PostgresQL documentation for full details of SSL parameters.

...
watcher = PostgresqlWatcher(host=HOST, port=PORT, user=USER, password=PASSWORD, dbname=DBNAME, sslmode="verify_full", sslcert=SSLCERT, sslrootcert=SSLROOTCERT, sslkey=SSLKEY)
...

Django setup with casbin django orm adapter

Enforcer and Watcher setup

# settings.py
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

INSTALLED_APPS += [
    'casbin_adapter.apps.CasbinAdapterConfig',
]

CASBIN_MODEL = os.path.join(BASE_DIR, 'casbin.conf')

from postgresql_watcher.watcher import PostgresqlWatcher
from casbin_adapter.enforcer import enforcer

watcher = PostgresqlWatcher(host=BANK_CONNECT_APIS_PG_HOST_URL, port=BANK_CONNECT_APIS_PG_PORT,
            user=BANK_CONNECT_APIS_PG_USER, password=BANK_CONNECT_APIS_PG_PASSWORD, dbname=BANK_CONNECT_APIS_PG_DBNAME)

def update_enforcer():
    print("before loading policy", enforcer)
    enforcer.load_policy()

watcher.set_update_callback(update_enforcer)
CASBIN_WATCHER = watcher

Usage of enforcer

#views.py or any other file
from casbin_adapter.enforcer import enforcer

roles = enforcer.get_filtered_named_grouping_policy("g", 1, str(member_id))

Reload Casbin enforcer

In current setup enforcer does not automatically refresh in memory data, we can call watcher.should_reload() before every data access from enforcer.

from setting import watcher 
watcher.should_reload()

If there are any changes in db this call will refresh in memory data from database

For automatic reloading of data, parent process need to poll child process for messages and call should_reload function if there is any message in pipe between child and parent process

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

casbin_postgresql_watcher-1.2.0.tar.gz (10.9 kB view details)

Uploaded Source

Built Distribution

casbin_postgresql_watcher-1.2.0-py2.py3-none-any.whl (11.0 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file casbin_postgresql_watcher-1.2.0.tar.gz.

File metadata

File hashes

Hashes for casbin_postgresql_watcher-1.2.0.tar.gz
Algorithm Hash digest
SHA256 4ef1a73238cc93163589c35dc4aad4fbd63e7b1f3caa1945fcea5c3bc31fbfa4
MD5 b9dccafe4608a94d10cfedbf76a58979
BLAKE2b-256 5250ce576300cbacd0807a76fc4755dde73b5e72bbe89e03fbf0c7cc6677d1ef

See more details on using hashes here.

File details

Details for the file casbin_postgresql_watcher-1.2.0-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for casbin_postgresql_watcher-1.2.0-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 6af3b1af9629cfb063bc700947c251cc28a59bfe96651afc2d94510ca82cfa78
MD5 9a1e8050fcc4e3c8c268645974f6c686
BLAKE2b-256 b78100c1b6e49a96e080a6ed7fe67a242cbbdf48426dd4f106c8fb123ecd3ea0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page