Skip to main content

Python Authorizer API Client

Overview#

This package provides a high-level interface for interacting with the Aserto Authorizer API.

Installation#

Using pip:

pip install aserto

Using Poetry:

poetry add aserto

Usage#

Creating a client#

The AuthorizerClient class provides the methods for interacting with the API. The constructor takes two arguments:

  • identity (required): An Identity instance that represents a user. Refer to the aserto-idp package (installed separately) on creating Identitys
  • authorizer (required): An Authorizer instance that describes the Authorizer service being used
from aserto import Identityfrom flask import request
client = AuthorizerClient(    identity=Identity(type="NONE"),    authorizer=HostedAuthorizer(        api_key=YOUR_ASERTO_API_KEY,        tenant_id=YOUR_ASERTO_TENANT_ID,        service_type="gRPC",    ),)

Client methods#

decisions#

Arguments#

  • decisions (required): A list of decision values to request, e.g. ["allowed"]
  • policy_id (required): The ID of the policy to use
  • policy_path (required): The path of the policy module, including the policy root
  • resource_context (required): The resource context provided to the Authorizer as a serializable dict
  • deadline (optional): How long to wait for the request to time-out. Either a Python timedelta object representing the duration to wait or a datetime object representing when the request should time-out

Example#

decisions = client.decisions(    decisions=["allowed", "enabled"],    policy_id=POLICY_ID,    policy_path="my_policy_root.GET.user.__id",    resource_context={},)
assert decisions ==  {    "enabled": True,    "allowed": False,}

decision_tree#

Arguments#

  • decisions (required): A list of decision values to request, e.g. ["allowed"]
  • policy_id (required): The ID of the policy to use
  • policy_path_root (required): The root path of all the policy modules
  • resource_context (required): The resource context provided to the Authorizer as a serializable dict
  • policy_path_separator (required): Either "DOT" or "SLASH", the delimiter to use in the returned policy path keys
  • deadline (optional): How long to wait for the request to time-out. Either a Python timedelta object representing the duration to wait or a datetime object representing when the request should time-out

Example#

decision_tree = client.decision_tree(    decisions=["enabled", "allowed"],    policy_id=POLICY_ID,    policy_path_root="my_policy_root",    resource_context={},    policy_path_separator="SLASH",)
# The result given that the following policy modules exist# - `my_policy_root.GET.user.__id`# - `my_policy_root.PUT.user`assert decision_tree == {    "GET/user/__id": {"enabled": True, "allowed": False},    "PUT/user": {"enabled": True, "allowed": False},}

Github#

This package is open source and can be found on GitHub.