Merge pull request #22 from aserto-dev/add_policy_root_to_check

Add policyRoot as option for Check middleware
aserto-dev · Jan 12, 2024 · 5ffba41 · 5ffba41
2 parents ca0f842 + 7d64ec2
commit 5ffba41
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 8 deletions.
diff --git a/packages/flask-aserto/src/flask_aserto/aio/check.py b/packages/flask-aserto/src/flask_aserto/aio/check.py
@@ -31,6 +31,7 @@ class CheckOptions:
     subjType: Optional[str] = ""
     subjMapper: Optional[IdentityMapper] = None
     policyPath: Optional[str] = ""
+    policyRoot: Optional[str] = ""
     policyPathMapper: Optional[StringMapper] = None
 
 
@@ -110,6 +111,7 @@ def _with_overrides(self, **kwargs: Any) -> "CheckMiddleware":
                     relationName=kwargs.get("relation_name", self._options.relationName),
                     relationMapper=kwargs.get("relation_mapper", self._options.relationMapper),
                     policyPath=kwargs.get("policy_path", self._options.policyPath),
+                    policyRoot=kwargs.get("policy_root", self._options.policyRoot),
                     subjMapper=kwargs.get("identity_provider", self._identity_provider),
                     objId=kwargs.get("object_id", self._options.objId),
                     objType=kwargs.get("object_type", self._options.objType),
@@ -128,8 +130,9 @@ async def mapper() -> str:
                 policy_path = await self._options.policyPathMapper()
             if policy_path == "":
                 policy_path = "check"
-                if self._aserto_middleware._policy_path_root != "":
-                    policy_path = self._aserto_middleware._policy_path_root + "." + policy_path
+                policy_root = self._options.policyRoot or self._aserto_middleware._policy_path_root
+                if policy_root:
+                    policy_path = f"{policy_root}.{policy_path}"
             return policy_path
 
         return mapper
@@ -179,7 +182,7 @@ async def decorated(*args: Any, **kwargs: Any) -> Response:
                 identity_provider=self._identity_provider,
                 policy_instance_name=self._aserto_middleware._policy_instance_name or "",
                 policy_instance_label=self._aserto_middleware._policy_instance_label or "",
-                policy_path_root=self._aserto_middleware._policy_path_root,
+                policy_path_root=self._options.policyRoot or self._aserto_middleware._policy_path_root,
                 policy_path_resolver=policy_mapper,
                 resource_context_provider=resource_context,
             )

diff --git a/packages/flask-aserto/src/flask_aserto/aio/middleware.py b/packages/flask-aserto/src/flask_aserto/aio/middleware.py
@@ -203,12 +203,14 @@ def check(
         subjType: Optional[str] = "",
         subjMapper: Optional[IdentityMapper] = None,
         policyPath: Optional[str] = "",
+        policyRoot: Optional[str] = "",
         policyPathMapper: Optional[StringMapper] = None,
     ) -> CheckMiddleware:
         opts = CheckOptions(
             objId=objId, objType=objType,objIdMapper=objIdMapper,
             objMapper=objMapper, relationName=relationName, relationMapper=relationMapper,
-            subjType=subjType, subjMapper=subjMapper, policyPath=policyPath, policyPathMapper=policyPathMapper)
+            subjType=subjType, subjMapper=subjMapper, policyRoot=policyRoot,
+            policyPath=policyPath, policyPathMapper=policyPathMapper)
         return CheckMiddleware(options=opts, aserto_middleware=self)
 
     def register_display_state_map(

diff --git a/packages/flask-aserto/src/flask_aserto/check.py b/packages/flask-aserto/src/flask_aserto/check.py
@@ -31,6 +31,7 @@ class CheckOptions:
     subjType: Optional[str] = ""
     subjMapper: Optional[IdentityMapper] = None
     policyPath: Optional[str] = ""
+    policyRoot: Optional[str] = ""
     policyPathMapper: Optional[StringMapper] = None
 
 
@@ -110,6 +111,7 @@ def _with_overrides(self, **kwargs: Any) -> "CheckMiddleware":
                     relationName=kwargs.get("relation_name", self._options.relationName),
                     relationMapper=kwargs.get("relation_mapper", self._options.relationMapper),
                     policyPath=kwargs.get("policy_path", self._options.policyPath),
+                    policyRoot=kwargs.get("policy_root", self._options.policyRoot),
                     subjMapper=kwargs.get("identity_provider", self._identity_provider),
                     objId=kwargs.get("object_id", self._options.objId),
                     objType=kwargs.get("object_type", self._options.objType),
@@ -128,8 +130,9 @@ def mapper() -> str:
                 policy_path = self._options.policyPathMapper()
             if policy_path == "":
                 policy_path = "check"
-                if self._aserto_middleware._policy_path_root != "":
-                    policy_path = self._aserto_middleware._policy_path_root + "." + policy_path
+                policy_root = self._options.policyRoot or self._aserto_middleware._policy_path_root
+                if policy_root:
+                    policy_path = f"{policy_root}.{policy_path}"
             return policy_path
 
         return mapper
@@ -178,7 +181,7 @@ def decorated(*args: Any, **kwargs: Any) -> Response:
                 identity_provider=self._identity_provider,
                 policy_instance_name=self._aserto_middleware._policy_instance_name or "",
                 policy_instance_label=self._aserto_middleware._policy_instance_label or "",
-                policy_path_root=self._aserto_middleware._policy_path_root,
+                policy_path_root=self._options.policyRoot or self._aserto_middleware._policy_path_root,
                 policy_path_resolver=policy_mapper,
                 resource_context_provider=self._resource_context_provider,
             )

diff --git a/packages/flask-aserto/src/flask_aserto/middleware.py b/packages/flask-aserto/src/flask_aserto/middleware.py
@@ -195,12 +195,14 @@ def check(
         subjType: Optional[str] = "",
         subjMapper: Optional[IdentityMapper] = None,
         policyPath: Optional[str] = "",
+        policyRoot: Optional[str] = "",
         policyPathMapper: Optional[StringMapper] = None,
     ) -> CheckMiddleware:
         opts = CheckOptions(
             objId=objId, objType=objType,objIdMapper=objIdMapper,
             objMapper=objMapper, relationName=relationName, relationMapper=relationMapper,
-            subjType=subjType, subjMapper=subjMapper, policyPath=policyPath, policyPathMapper=policyPathMapper)
+            subjType=subjType, subjMapper=subjMapper, policyRoot=policyRoot,
+            policyPath=policyPath, policyPathMapper=policyPathMapper)
         return CheckMiddleware(options=opts, aserto_middleware=self)
 
     def register_display_state_map(