Creating Policies with the Permit.io SDK in Python
This guide details how to use the Permit.io SDK to set up roles, resources, and permissions in a Python application.
Overview
This script is designed to facilitate the creation and management of resources and roles with specific permissions in your Permit.io setup. It automates the process of checking for existing resources and roles and creates or updates them as needed.
Prerequisites
- Python installed in your environment.
permit
package installed in your project.
Script Breakdown
Initializing the SDK
Initialize the Permit.io SDK with your project’s details:
from permit import Permit
permit = Permit(
pdp="https://cloudpdp.api.permit.io",
token="your_permit_key",
)
Defining Resources Specify the resources you want to manage. Here's an example:
resources = [
{
"key": "secret",
"name": "secret",
"actions": {
"create": {},
"read": {},
"update": {},
"delete": {},
},
}
]
Defining Roles and Permissions
Define the roles and their associated permissions:
roles = [
{
"name": "secret_manager",
"permissions": [
{
"resource": "secret",
"actions": ["create", "read", "update"]
}
]
}
]
Creating Policies
The script iterates over the defined resources and roles, creating them using the Permit.io SDK:
if __name__ == "__main__":
for resource in resources:
# Creating each resource
asyncio.run(permit.api.resources.create(resource))
for role in roles:
# Processing role permissions and creating each role
role_permissions = [f"{permission['resource']}:{action}" for permission in role['permissions'] for action in permission['actions']]
role_obj = {
"name": role['name'],
"key": role['name'],
"permissions": role_permissions,
}
asyncio.run(permit.api.roles.create(role_obj))
Running the Script
Execute the script in your Python environment.
The script automatically creates the defined resources and roles in your Permit.io dashboard.
Notes
- Ensure that the pdp and token are correctly set for your Permit.io environment.
- The script avoids duplicating resources and roles by checking their existence before creation.
- Modify the resources and roles arrays to fit your specific requirements.
Attached the full code for reference:
import asyncio
from permit import Permit
# This line initializes the SDK and connects your python app
permit = Permit(
pdp="https://cloudpdp.api.permit.io",
token="permit_key_",
)
roles = [
{
"name": "secret_manager",
"permissions": [
{
"resource": "secret",
"actions": [
"create","read","update"
]
}
]
}
]
resources = [
{
"key": "secret",
"name": "secret",
"actions": {
"create": {},
"read": {},
"update": {},
"delete": {},
},
}
]
# create a script to create policy in permit this policy will be have a resource and a role with permissions
if __name__ == "__main__":
for resource in resources:
resource_obj = {
"name": resource.get("name"),
"key": resource.get("name"),
"actions": resource.get("actions"),
"description": "",
}
asyncio.run(permit.api.resources.create(resource))
for role in roles:
role_permissions = []
for permission in role.get("permissions", []):
role_permissions = role_permissions + [f"{permission.get('resource')}:{action}" for action in permission.get("actions")]
role_obj = {
"name": role.get("name"),
"key": role.get("name"),
"permissions": role_permissions,
}
print(role_obj)
asyncio.run(permit.api.roles.create(role_obj))