/sample-adh-security_management-python

Primary LanguagePythonApache License 2.0Apache-2.0

CONNECT data services Security Management Python Sample

Version: 1.1.4

Build Status

Developed against Python 3.9.1.

Requirements

  • Python 3.7+
  • Register a Client-Credentials Client in your CONNECT data services tenant and create a client secret to use in the configuration of this sample. (Video Walkthrough). Please note that a client is a different authentication method from using your user account to login.
  • The client that is registered must have "Manage Permissions" access on all collections and collection items that you intend to set security for. Generally, the Tenant Administrator role will have manage access unless a custom configuration has been set.
  • Install required modules: pip install -r requirements.txt

About this sample

This sample uses the sample python library, which makes REST API calls to Cds, to manage the security of an Cds Namespace and Tenant. The steps are as follows

  1. Create a custom role
  2. Create a user and invite them to the Tenant
  3. Create a Type
  4. Create a Stream
  5. Add the custom role to the example type, example stream, and streams collection access control lists using PUT
  6. Add the 'Tenant Member' role to the created stream's access control list (ACL) using a PATCH REST call
  7. Change the owner of the created stream
  8. Retrieve the access rights of the example stream
  9. (Test only) Verify the results of the above steps
  10. (Test only) Cleanup the created stream, type, role, and user

Configuring the sample

The sample is configured by modifying the file appsettings.placeholder.json. Details on how to configure it can be found in the sections below. Before editing appsettings.placeholder.json, rename this file to appsettings.json. This repository's .gitignore rules should prevent the file from ever being checked in to any fork or branch, to ensure credentials are not compromised.

Configuring appsettings.json

CONNECT data services is secured by obtaining tokens from its identity endpoint. Client credentials clients provide a client application identifier and an associated secret (or key) that are authenticated against the token endpoint. You must replace the placeholders in your appsettings.json file with the authentication-related values from your tenant and a client-credentials client created in your Cds tenant.

{
  "Resource": "https://uswe.datahub.connect.aveva.com",
  "ApiVersion": "v1",
  "TenantId": "PLACEHOLDER_REPLACE_WITH_TENANT_ID",
  "NamespaceId": "PLACEHOLDER_REPLACE_WITH_NAMESPACE_ID",
  "CommunityId": null,
  "ClientId": "PLACEHOLDER_REPLACE_WITH_APPLICATION_IDENTIFIER",
  "ClientSecret": "PLACEHOLDER_REPLACE_WITH_APPLICATION_SECRET",
  "ContactGivenName": "PLACEHOLDER_REPLACE_WITH_CONTACT_GIVEN_NAME",
  "ContactSurname": "PLACEHOLDER_REPLACE_WITH_CONTACT_SURNAME",
  "ContactEmail": "PLACEHOLDER_REPLACE_WITH_CONTACT_EMAIL"
}

Running the sample

To run this example from the command line once the appsettings.json is configured, run

python program.py

Running the automated test

To test the sample, run

pip install pytest
python -m pytest test.py

Note: Example Type and Stream names are hardcoded, and will need to be updated if they are changed in program.py

Tested against Python 3.9.1

For the main Cds samples page ReadMe
For the main AVEVA samples page ReadMe