Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cerbos/demo-python

Demo of using Cerbos with Python to check access to a holiday request system.
https://github.com/cerbos/demo-python

access-control cerbos policy python security

Last synced: about 18 hours ago
JSON representation

Demo of using Cerbos with Python to check access to a holiday request system.

Host: GitHub
URL: https://github.com/cerbos/demo-python
Owner: cerbos
License: apache-2.0
Created: 2021-04-14T11:13:56.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-05-02T09:15:58.000Z (6 months ago)
Last Synced: 2024-05-02T22:12:57.356Z (6 months ago)
Topics: access-control, cerbos, policy, python, security
Language: Python
Homepage: https://cerbos.dev
Size: 63.5 KB
Stars: 4
Watchers: 16
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Cerbos Python Demo

This project demonstrates how to work with [Cerbos](https://github.com/cerbos/cerbos) in Python projects.

It shows how Cerbos enforces access rules on a holiday request created by an employee named Harry.

## Requirements
- Minimum Python version supported by this demo is 3.10

⚠️ If you're completely new to Cerbos make sure to check the _[How it works](https://cerbos.dev/how-it-works)_ videos! ⚠️

## Run the demo

Clone this repository:
```shell
git clone https://github.com/cerbos/demo-python.git
cd demo-python
```

Run the following command to launch the demo:
```shell
./pw demo
```

That's all!

The demo script (`main.py`) starts a new Cerbos container with the policies from the `policies` directory and sends requests for a set of different principals and resources to demonstrate how policy evaluation works.

Now try deleting the `condition` block attached to the `direct_manager` derived role (line 23-28 in [derived_roles_1.yml](policies/derived_roles_1.yml)) and run the `./pw demo` command again.

Amanda, who was previously disallowed from viewing or approving Harry’s leave requests should now be allowed to do those actions.

Do you understand why?

Read more about Cerbos on our comprehensive [documentation](https://docs.cerbos.dev) or join the friendly [Cerbos Slack Community](https://join.slack.com/t/cerboscommunity/shared_invite/zt-1qlny60no-E8jLaLZSu08_ZhzORQOEOA) to ask questions.

Feel free to get creative and edit [policies](policies) to test how even more complex use-cases would turn out.

## Demo Video
Watch the demo with commentary:

Cerbos Python Demo (GitHub) - Watch Video

## Playground
Launch the policy from this demo in the playground. Play with it to see how Cerbos behaves.