Comments (7)
The question was how to retrieve created policies but I found the answer in the detailed description. Thank you so much.
from vakt.
Hi,
thanks for the feedback!
I'm not sure I've got your question correctly...
Could you please elaborate what does "previously created policies" mean?
from vakt.
Also, FYI, I have a proof of concept for declarative policies definitions in yaml files which might be useful for k8s environments and the like. It needs some work to be finished, but it's planned to be added to vakt some time soon anyway.
from vakt.
In fact, here is the scenario I would like to implement using your solution. I have a set of BIG data bases environments and tools (SQL, Hadoop, kafka, Hbase, ...) and I would like to write a script in python to regulate access to these ressources. First, do you have any example of such implementations? and second how can I retrieve the attributes of the Big data ressources. I know that my question is wide broad but pardon me I come from a completelty different field.
Thank you in advance.
from vakt.
Well, it's hard to give the one-size-fits-all recipe but, the general approach is that you can define policies somewhat similar to this example.
Vakt is quite flexible and allows you to model access-control based on your needs. Also. very important part if you want to restrict access based on ownership you might want to use inquiry-related rules.
But the downside of this access-control model is that all the Resource's attributes (like name, region, location, etc.) and the attributes of the Subject who asks for the access to them (like username, role, privileges, etc.) you need to define (and fetch from the corresponding datasource: ex. JWT access token) by yourself - vakt doesn't know anything about the data and where it comes from).
from vakt.
Your answer is quite clear. Would I manage to get the attributes via the request librairie as in your example?
from vakt.
Well, it depends on the way you authenticate your users. I use session cookies in my example - so I get user identity (read: attributes) with flask. Another option is to take them from JWT token or OAuth2 /introspect (or /userinfo) server endpoints for a bearer token. Another way to query a database to get info from user record. So, I wouldn't say that requests
library will help you here much)
from vakt.
Related Issues (20)
- Mongodb storage more selective filter query for `_create_filter` HOT 5
- Create caching mechanism for Storages HOT 2
- Usage example on README file doesn't work HOT 1
- Is role management supported? HOT 4
- really love vakt! And it becomes an issue.. HOT 3
- Support a `filter_by` option in Gaurd HOT 3
- MongoDB reverse regex issue resolved HOT 5
- use inquiries data in policies HOT 5
- Proposal for new features HOT 3
- GraphDB support HOT 1
- Rule based on foreign key relationship HOT 2
- Using Vakt with Pandas HOT 4
- Add Redis storage HOT 2
- Add FileStorage for JSON and YAML HOT 1
- [Feature][Performance] Use object instead of dict HOT 4
- Replace `conditions` with `rules`
- Possible high severity issue which exposes the Werkzeug debugger and allows the execution of arbitrary code HOT 1
- Broken readme link HOT 1
- Allow priority value for policies HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vakt.