Where to find stored policies? about vakt HOT 7 CLOSED

The question was how to retrieve created policies but I found the answer in the detailed description. Thank you so much.

from vakt.

Hi,

thanks for the feedback!

I'm not sure I've got your question correctly...
Could you please elaborate what does "previously created policies" mean?

from vakt.

Also, FYI, I have a proof of concept for declarative policies definitions in yaml files which might be useful for k8s environments and the like. It needs some work to be finished, but it's planned to be added to vakt some time soon anyway.

from vakt.

In fact, here is the scenario I would like to implement using your solution. I have a set of BIG data bases environments and tools (SQL, Hadoop, kafka, Hbase, ...) and I would like to write a script in python to regulate access to these ressources. First, do you have any example of such implementations? and second how can I retrieve the attributes of the Big data ressources. I know that my question is wide broad but pardon me I come from a completelty different field.
Thank you in advance.

from vakt.

Well, it's hard to give the one-size-fits-all recipe but, the general approach is that you can define policies somewhat similar to this example.

Vakt is quite flexible and allows you to model access-control based on your needs. Also. very important part if you want to restrict access based on ownership you might want to use inquiry-related rules.

But the downside of this access-control model is that all the Resource's attributes (like name, region, location, etc.) and the attributes of the Subject who asks for the access to them (like username, role, privileges, etc.) you need to define (and fetch from the corresponding datasource: ex. JWT access token) by yourself - vakt doesn't know anything about the data and where it comes from).

from vakt.

Your answer is quite clear. Would I manage to get the attributes via the request librairie as in your example?

from vakt.

Well, it depends on the way you authenticate your users. I use session cookies in my example - so I get user identity (read: attributes) with flask. Another option is to take them from JWT token or OAuth2 /introspect (or /userinfo) server endpoints for a bearer token. Another way to query a database to get info from user record. So, I wouldn't say that requests library will help you here much)

from vakt.