{ "info": { "author": "Eliecer Hernandez", "author_email": "eliecerhdz@gmail.com", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Intended Audience :: Developers", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP :: Dynamic Content", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Systems Administration :: Authentication/Directory" ], "description": "Flask-OPA\n=========\n[![Build Status](https://travis-ci.com/EliuX/flask-opa.svg?branch=master)](https://travis-ci.com/EliuX/flask-opa)\n[![codecov](https://codecov.io/gh/EliuX/flask-opa/branch/master/graph/badge.svg)](https://codecov.io/gh/EliuX/flask-opa)\n[![PyPI Version](http://img.shields.io/pypi/v/Flask-OPA.svg)](https://pypi.python.org/pypi/Flask-OPA)\n\nSimple to use [Flask](http://flask.pocoo.org/>) extension that lets you secure your projects with\n[Open Policy Agent](https://www.openpolicyagent.org). It allows \n* HTTP API Authorization\n* Policy Enforcement Point (AOP using decorators on methods)\n\n## Quick start \n\nIts recommended for you to try the app in the package `examples`. Thanks to the `Makefile` you can run the demo project \nwith the following command\n\n```bash\n make demo \n```\n\n### How it works?\n\nFor a better understanding of what `make demo` does and how you should setup `flask_opa` in your project, follow the \nnext steps:\n\n1. Run OPA in server mode\n\n * Check the [latest OPA release](https://github.com/open-policy-agent/opa/releases) and download it.\n * Put the binary file in the path of your system\n * Allow its execution with something like `chmod 755 ./opa`\n * Run opa in server mode with the sample policies\n\n ```bash \n opa run -s -w examples\n ```\n\n - `-s` is to run it in server mode instead of opening the REPL\n - `-w` is for watching the changes of the data/policy files\n\n1. Specify configuration variables\n\n * `OPA_URL` url accessible in your running OPA server, used to evaluate your input. It includes the path of the \n policy, e.g. `http://localhost:8181/v1/data/examples/allow`.\n\n * `OPA_SECURED` boolean to specify if OPA will be enabled to your application.\n\n See more at the [rest api reference](https://www.openpolicyagent.org/docs/rest-api.html)\n\n1. Bind the OPA class to your Flask application\n\n Its easy to bind the Flask-OPA library to your application. Just follow the following steps:\n\n1. Create the OPA instance\n\n ```python\n app = Flask(__name__)\n app.config.from_pyfile('app.cfg')\n opa = OPA(app, parse_input)\n ```\n\n Lets see the parameters that we passed to the OPA class:\n\n - `parse_input` (Required) contains a method that returns the input data json to be evaluated by the policy, e.g.:\n\n ```json\n {\n \"input\": {\n \"method\": \"GET\",\n \"path\": [\"data\", \"jon\"],\n \"user\": \"paul\"\n }\n }\n ```\n\n - `url` (Optional) to use an specific url instead of the `OPA_URL` optionally specified in the app configuration.\n - `allow_function` (Optional) predicate that determinate if the response from OPA allows (True) or denies (False) the request\n\n If you want enforce the OPA security in your application you can create the OPA instance like this:\n\n ```python\n opa = OPA.secure(app, parse_input, url=\"http://localhost:8181/v1/data/package_name/allow\")\n ```\n\n or\n\n ```python\n opa = OPA(app, parse_input, url=\"http://localhost:8181/v1/data/package_name/allow\").secured()\n ```\n\n otherwise OPA will enforce your security only if ``OPA_SECURED`` is `True`.\n\n Specify the logging level to `DEBUG` if you want to get access to Flask-OPA logs of its operations using\n\n ```python\n app.logger.setLevel(logging.DEBUG)\n ```\n\n1. Run your Flask application.\n\n## Policy Enforcement point\nOne of the features this module provides is [Policy Enforcement Point][PEP] which basically allows you to ensure policies\nat any method of your application.\nFor practical purposes, lets imagine a sample method that is in charge of logging content related to actions done by \nusers. In this case we must create a different input functions that provide useful information for certain policies that \nwill decide if a log should be sent or not to a remote server. Lets suppose that such logging method is something like:\n\n```python\ndef log_remotely(content):\n # Imagine a code to log this remotely\n app.logger.info(\"Logged remotely: %s\", content)\n```\n\nto decorate it we will create a [PEP][PEP] decorator using our `OPA` instance as a function (callable mode). \nThe parameters are pretty much the same as those used to secure the application. The resulting instance will decorate \nour function of interest:\n\n```python\ndef validate_logging_input_function(*arg, **kwargs):\n return {\n \"input\": {\n \"user\": request.headers.get(\"Authorization\", \"\"),\n \"content\": arg[0]\n }\n }\n\nsecure_logging = app.opa(\"Logging PEP\", app.config[\"OPA_URL_LOGGING\"], validate_logging_input_function)\n\n@secure_logging\ndef log_remotely(content):\n # Imagine a code to log content remotely\n app.logger.info(\"Logged remotely: %s\", content)\n```\n\nAs you might have noticed, the only new thing we truly require for adding the [PEP][PEP] is a new input function. This \nfunction can provide a more versatile input than the one used by the `OPA` instance created for the whole app: in our \nexample it provides data related to the user request and data provided by the parameters of the decorated function as \nwell.\n\nRead the [examples README](examples/README.md) for more detailed information about how to run a demo.\n\n## Makefile\n\nThe Makefile contains multiple useful actions you might need. Check them with \n\n```bash\n make help \n```\n\n## Status\n\nPre-release or Beta: The project has gone through multiple rounds of active development with a goal of reaching\na stable release version, but is not there yet.\n\nPath of Development: Active (October 31th 2018)\n\n## Author\n\nEliecer Hernandez Garbey\n\n### Links\n\n- Main website: [EliuX Overflow](http://eliux.github.io)\n- Twitter: [@eliux_black](https://twitter.com/eliux_black)\n- LinkedIn: [eliecer-hern\u00e1ndez-garbey-16172686](https://www.linkedin.com/in/eliecer-hern%C3%A1ndez-garbey-16172686/)\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details.\n\n\n[PEP]: https://tools.ietf.org/html/rfc2904#section-4.4\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/EliuX/Flask-OPA", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "Flask-OPA", "package_url": "https://pypi.org/project/Flask-OPA/", "platform": "", "project_url": "https://pypi.org/project/Flask-OPA/", "project_urls": { "Bug Tracker": "https://github.com/EliuX/Flask-OPA/issues", "Homepage": "https://github.com/EliuX/Flask-OPA", "Source Code": "https://github.com/EliuX/Flask-OPA" }, "release_url": "https://pypi.org/project/Flask-OPA/0.6/", "requires_dist": [ "Flask", "requests" ], "requires_python": "", "summary": "Flask extension to use OPA as a client", "version": "0.6" }, "last_serial": 4451507, "releases": { "0.2": [ { "comment_text": "", "digests": { "md5": "02da822ca99eb2216dc76624f7c6661c", "sha256": "7666fa29af6543bc96f7c67671d0006d47aa4c21978c7ffd9b408884c45e3660" }, "downloads": -1, "filename": "Flask_OPA-0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "02da822ca99eb2216dc76624f7c6661c", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 4670, "upload_time": "2018-10-17T00:34:56", "url": "https://files.pythonhosted.org/packages/3b/ff/d286831d59a440d90c43ee829e98ac8274fb17d6f6fc35bfdabfe2815d4f/Flask_OPA-0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "78ade9a2923f407879fd7ba1610cba8c", "sha256": "0665f106f7348d751c8728dcfa1010bd58caf2237e25790cdc0e9ec71f3b298c" }, "downloads": -1, "filename": "Flask-OPA-0.2.tar.gz", "has_sig": false, "md5_digest": "78ade9a2923f407879fd7ba1610cba8c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4115, "upload_time": "2018-10-17T00:34:57", "url": "https://files.pythonhosted.org/packages/9d/38/bf09440782ef3f61e625030a830286d84eeec440f61293a4904c1a0f09c2/Flask-OPA-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "758d6d7595ba9eb81eb4e059cd25c025", "sha256": "7cc3f9b5658f78ec73b6b2c8d5d5d386699352537ac6d856d0a9c0a7a780cb7b" }, "downloads": -1, "filename": "Flask_OPA-0.3-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "758d6d7595ba9eb81eb4e059cd25c025", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 4852, "upload_time": "2018-10-17T02:59:21", "url": "https://files.pythonhosted.org/packages/74/09/5fbeadda8e49909f5c2d96b9eab48c211c2f21c0f54ee9355955a5d46415/Flask_OPA-0.3-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e4857a3bc2e7d7eaa468ba5a01d2a82c", "sha256": "52c3d60204ebf96d741e90ec0d0750df26b75567e69a300f246346ba4ed19606" }, "downloads": -1, "filename": "Flask-OPA-0.3.tar.gz", "has_sig": false, "md5_digest": "e4857a3bc2e7d7eaa468ba5a01d2a82c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 4432, "upload_time": "2018-10-17T02:59:21", "url": "https://files.pythonhosted.org/packages/92/2c/5efefdb168e5eae8d1c4c606dab84c348b31611cde590b18f13252b98e36/Flask-OPA-0.3.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "701bda57cbf58d8dd0dbcfb7c66b8a95", "sha256": "df568079f2180c0e09696f5d39bc35a8f118b9df6dd189512fdf7f85ffd1b064" }, "downloads": -1, "filename": "Flask_OPA-0.4-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "701bda57cbf58d8dd0dbcfb7c66b8a95", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5909, "upload_time": "2018-11-01T02:17:50", "url": "https://files.pythonhosted.org/packages/64/47/54d02ebef808d8a3b5125b37ddd85e064dc097fdaa05ab4396e9bd2d159d/Flask_OPA-0.4-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "60bde53bf9f17fda76a85da00790fd2f", "sha256": "b5a0f96c304592612a5f76a87dda7d47788914f87a6aca6da39772b66f52bdf5" }, "downloads": -1, "filename": "Flask-OPA-0.4.tar.gz", "has_sig": false, "md5_digest": "60bde53bf9f17fda76a85da00790fd2f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5593, "upload_time": "2018-11-01T02:17:52", "url": "https://files.pythonhosted.org/packages/77/88/1cc9701de20ecb56197b655a7a9125ed3815743a1dad0cac4df135c2e159/Flask-OPA-0.4.tar.gz" } ], "0.5": [ { "comment_text": "", "digests": { "md5": "0e3cefea2ba68134bc6a6632029d5368", "sha256": "51278737727b41268a9896733f2e70d485464f6552236d71201a0b0ec0192e72" }, "downloads": -1, "filename": "Flask_OPA-0.5-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0e3cefea2ba68134bc6a6632029d5368", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 6187, "upload_time": "2018-11-04T05:24:26", "url": "https://files.pythonhosted.org/packages/66/9b/d17dc08847b74c34485bdefa25f113a1835ff3983d901021f3a61d671682/Flask_OPA-0.5-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e2adda3b184fdbf62c69ba306786bfd8", "sha256": "abbf4b015e38be4b87350e7549abc00dca06563f65c9a40fc986abc8f470ab4b" }, "downloads": -1, "filename": "Flask-OPA-0.5.tar.gz", "has_sig": false, "md5_digest": "e2adda3b184fdbf62c69ba306786bfd8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6017, "upload_time": "2018-11-04T05:24:27", "url": "https://files.pythonhosted.org/packages/82/4b/72febf6e2ff3d80c105ff0f33016a7fb04bc3b7bfc9adf6142ce8acf321d/Flask-OPA-0.5.tar.gz" } ], "0.5b0": [ { "comment_text": "", "digests": { "md5": "b401323dc4f01f413d16ac634b95aa95", "sha256": "76c8db1f5bd98714c70db1ea9cafb0da6cf78b7fc9db964853aa7851b67d7f2b" }, "downloads": -1, "filename": "Flask_OPA-0.5b0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b401323dc4f01f413d16ac634b95aa95", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 5930, "upload_time": "2018-10-31T16:43:32", "url": "https://files.pythonhosted.org/packages/86/f4/de5d9dc85b7cad70cdd54c6df978f682873522e7dde85e6868519a8922fe/Flask_OPA-0.5b0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e948675b7f4a8f2180e07683a9da3b62", "sha256": "e0db298053079962bde5dacdbfa7be79aa2cf1a8c59fc8b44461499e164c3cc5" }, "downloads": -1, "filename": "Flask-OPA-0.5b0.tar.gz", "has_sig": false, "md5_digest": "e948675b7f4a8f2180e07683a9da3b62", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5595, "upload_time": "2018-10-31T16:43:33", "url": "https://files.pythonhosted.org/packages/41/89/4412202b0590f6a2280c6371d676085b9bc80b836e861b6f2aefc5e708f3/Flask-OPA-0.5b0.tar.gz" } ], "0.6": [ { "comment_text": "", "digests": { "md5": "7e5ff633140f6c4bce4de853cb13a804", "sha256": "e429a6aabc36d49ba77c81d6f010dff0658868923affefb60f2d640ae43b1a9e" }, "downloads": -1, "filename": "Flask_OPA-0.6-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "7e5ff633140f6c4bce4de853cb13a804", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 6301, "upload_time": "2018-11-05T04:29:33", "url": "https://files.pythonhosted.org/packages/e4/da/d554b49d30e144803aa68b23a0edd73044132e487593117ff8cf33ebf062/Flask_OPA-0.6-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3b470a1e09728fe237bd6e66d516d72f", "sha256": "3f6545ce5cf65a34a664393e16223c3741f62a9c5459dbbbf1e935c920ae5c4d" }, "downloads": -1, "filename": "Flask-OPA-0.6.tar.gz", "has_sig": false, "md5_digest": "3b470a1e09728fe237bd6e66d516d72f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6136, "upload_time": "2018-11-05T04:29:34", "url": "https://files.pythonhosted.org/packages/87/ea/ec4052eddb31ea273bf654c716b0e4e7f0ddca5e5d95d778838c71f3f0c6/Flask-OPA-0.6.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "7e5ff633140f6c4bce4de853cb13a804", "sha256": "e429a6aabc36d49ba77c81d6f010dff0658868923affefb60f2d640ae43b1a9e" }, "downloads": -1, "filename": "Flask_OPA-0.6-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "7e5ff633140f6c4bce4de853cb13a804", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 6301, "upload_time": "2018-11-05T04:29:33", "url": "https://files.pythonhosted.org/packages/e4/da/d554b49d30e144803aa68b23a0edd73044132e487593117ff8cf33ebf062/Flask_OPA-0.6-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "3b470a1e09728fe237bd6e66d516d72f", "sha256": "3f6545ce5cf65a34a664393e16223c3741f62a9c5459dbbbf1e935c920ae5c4d" }, "downloads": -1, "filename": "Flask-OPA-0.6.tar.gz", "has_sig": false, "md5_digest": "3b470a1e09728fe237bd6e66d516d72f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 6136, "upload_time": "2018-11-05T04:29:34", "url": "https://files.pythonhosted.org/packages/87/ea/ec4052eddb31ea273bf654c716b0e4e7f0ddca5e5d95d778838c71f3f0c6/Flask-OPA-0.6.tar.gz" } ] }