Policy middleware for Falcon APIs
Project description
The falcon-policy package provides a middleware component that enables simple policy controls such as role-based access on routes via configuration.
The configuration approach to policy rules enables dynamic authorization use-cases where the policy needs to be adjusted on-demand without a new service deployment.
Installation
$ pip install falcon-policyUsage
The RoleBasedPolicy middleware class examines each incoming request and verifies the roles list from the request context; which should be populated by an authentication middleware. If the request context isn’t populated with a roles list, then the middleware will fall back on the X-Roles header for the appropriate role given the request being made. Usage of the X-Roles header, is primarily used when handling authentication outside of the middleware stack or for development with authentication disabled.
Implementation Note:
If the request context type isn’t a dictionary, the middleware will assume that req.context is an Object with a roles attribute.
Getting Started:
Create a policy configuration
Create an instance of RoleBasedPolicy using the configuration
Pass the instance to the falcon.API() initializer:
from falcon_policy import RoleBasedPolicy
policy_config = {
'roles': [
'admin',
'creator',
'observer',
],
'groups': {
'create': ['admin', 'creator'],
'update': ['admin', 'creator'],
'read': ['admin', 'creator', 'observer'],
'delete': ['admin'],
},
'routes': {
'/quote': {
'GET': ['read'],
'POST': ['create'],
'PUT': ['update'],
'DELETE': ['delete'],
},
'/quote/{id}': {
'GET': ['read'],
'POST': ['create'],
'PUT': ['update'],
'DELETE': ['delete'],
},
'/status': {
'GET': ['@any-role'],
'HEAD': ['@passthrough'],
},
},
}
app = falcon.API(
middleware=[
RoleBasedPolicy(policy_config)
]
)If validation fails an instance of falcon.HTTPForbidden is raised.
Configuration
The policy configuration is separated into three sections:
Roles: Is a list of names that correspond with Role values provided by your authentication system.
Groups: Is an alias/grouping of multiple role names for convenience.
Routes: A structure containing role and/or group permissions for a given Falcon route and method.
Specialty Roles:
falcon-policy offers two specialty roles types that should be used with care:
@any-role: Allows any defined role
@passthrough: Allows all users (authenticated and unauthenticated)
About Falcon
Falcon is a bare-metal Python web framework for building lean and mean cloud APIs and app backends. It encourages the REST architectural style, and tries to do as little as possible while remaining highly effective.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file falcon-policy-0.2.0.tar.gz.
File metadata
- Download URL: falcon-policy-0.2.0.tar.gz
- Upload date:
- Size: 4.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ed72cca681cdfaf0530ca87b964f7754d00e736c3bb2b17fe72939dd26e28061 |
|
| MD5 | 47a3f6ef400de98a4a7e7e2fb093aa9a |
|
| BLAKE2b-256 | 7f403a660d05127c9ba2ed9affae4e33a6031bd2dfdd3564c31dfb2283b9bcfa |
File details
Details for the file falcon_policy-0.2.0-py2.py3-none-any.whl.
File metadata
- Download URL: falcon_policy-0.2.0-py2.py3-none-any.whl
- Upload date:
- Size: 5.3 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.19.1 setuptools/40.4.3 requests-toolbelt/0.8.0 tqdm/4.26.0 CPython/3.6.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5c6a541ca5c0bdc2d20932b1238260888c3f203067ec02c9c8ec17040b188328 |
|
| MD5 | 98d0493601f62c14690f9f953e5c973b |
|
| BLAKE2b-256 | e5f9c62be2b865694b89413297e7ec5273ce17a20687f785393b8fbee301952b |
