# cosaccess
## Setup
```
pip install coaccess
```
Manage IBM Cloud COS access privileges on bucket and object level
## Example usage
```
from cosaccess import CosAccessManager
cosaccess = CosAccessManager('<your api key here>')
cosaccess.get_policies_for_cos_bucket('<your bucket name>')
```
## Demo
Here is a little [demo notebook](https://dataplatform.cloud.ibm.com/analytics/notebooks/v2/2471b8af-1ee2-4b57-a81e-5de09199fe49/view?access_token=f5b64c8129c72ec65dc1a898146bb28723205dbb4b31827d19180c3bae7902df&context=cpdaas) that shows a few more usage examples.
## CosAccessManager method list
### Initialization
* `CosAccessManager(apikey, account_id=None)` Constructor. `apikey`: IAM API key. `account_id`: The IBM Cloud account holding the COS instance(s) for which you want to manage access. Default is the account of the provided API Key.
### Retrieving Access Policies
* `get_policies_for_cos_bucket(cosBucket, prefix = None, roles = None):` Returns a dataframe with all policies defined on the COS bucket. When prefix is provided the results only show polcies that are relevant for access to that prefix path. When a list of roles is provided only policies that assign at least on of these roles are returned.
* `get_policy(policy_id)` Returns a JSON dict with all policy details for the provided policy ID
* `list_policies(roles = None)` Returns an array of JSON dicts with all policies and their details in the account. When a list of roles is provided only policies that assign at least on of these roles are returned.
* `list_policies_for_service(serviceName, roles = None)` Returns an array of JSON dicts with all policies and their details specified for the provided service type (e.g., `cloud-object-storage`). When a list of roles is provided only policies that assign at least on of these roles are returned.
* `list_policies_for_cos_instance(cosServiceInstance, roles = None)` Returns an array of JSON dicts with all policies and their details specified COS service instance ID. When a list of roles is provided only policies that assign at least on of these roles are returned.
* `list_policies_for_cos_bucket(cosBucket, prefix = None, roles = None):` Returns an array of JSON dicts with all policies defined on the COS bucket. When prefix is provided the results only show polcies that are relevant for access to that prefix path. When a list of roles is provided only policies that assign at least on of these roles are returned.
### CRUD for Access Policies
* `grant_bucket_access(roles, cos_bucket, prefixes = None, access_group = None, iam_id = None)` Create new access policy for the COS bucket and optionally prefix
* `update_bucket_access(policy_id, roles, cos_bucket, prefixes = None, access_group = None, iam_id = None)` Overwrites an existing access policy for the COS bucket and optionally prefix
* `remove_bucket_access(policy_id)` Deletes an existing access policy
### COS Helper Methods
* `get_cos_instance_id(bucket)` Returns the instance ID of the COS instance holding the provided COS bucket
### Working with Users
* `get_users()` Returns a dataframe with all users and their details in the account
* `get_user_iam_id(user_id):` Get the IAM ID of a user specified by name (IBM ID email address)
* `get_user_name(iam_id)` Get user name in format `<given name> <last name> <email>` for a given IAM ID
### Working with Service IDs
* `get_service_ids()` Returns a dataframe with all Service IDs and their details in the account
* `get_service_id_iam_id(service_id):` Get the IAM ID of a Service ID specified by Service ID name
* `get_service_id_name(iam_id)` Get Service ID name for a given IAM ID
* `get_service_id_details(service_id_name, service_id)` Return the details of a service ID identified by either name or ID.
* `create_service_id(service_id_name, with_apikey)` Create a new service ID. When optional parameter with_apikey is set to True there will also be an API krey created and assoctiated with the new service ID
* `delete_service_id(service_id_name, service_id)` Delete a service ID identified by either name or ID.
### Working with Access Groups
* `get_access_groups()` Returns a dataframe with all acces groups and their details in the account
* `get_access_group_id(access_group)` Get the access group ID for an access group name
* `get_access_group_name(access_group_id)` Get the access group name for an access group ID
* `get_access_group_members(access_group_name, access_group_id)` Return a dataframe with all members of an access group identified by either name or ID
* `add_member_to_access_group(access_group_name, access_group_id, user_name, user_id, service_id_name, service_id)` Add a new member (either a user or a Service ID) to an access group identified by either name or ID
* `delete_member_from_access_groupaccess_group_name, access_group_id, user_name, user_id, service_id_name, service_id)` Remove a member (either a user or a Service ID) from an access group identified by either name or ID
* `create_access_group(access_group_name)` Create a new access group
* `delete_access_group(access_group_name, access_group_id, force)` Delete an access group identified by either name or ID. Set force to True to delete the group also when it still has members.
## Building and testing the library locally
### Set up Python environment
Run `source ./setup_env.sh` which creates and activates a clean virtual Python environment.
### Install the local code in your Python environment
Run `./_install.sh`.
### Test the library locally
1. Create a file `cosaccess/test_credentials.py` with the IBM Cloud IAM API Key:
```
apikey='<your IBM Cloud API key>'
```
you can use the template file `cosaccess/test_credentials.py.template`
2. Run `python cosaccess/test.py`.
### Packaging and publishing distribution
1. Make sure to increase `version=...` in `setup.py` before creating a new package.
2. Run `package.sh`. It will prompt for user and password that must be authorized for package `cosaccess` on pypi.org.
Raw data
{
"_id": null,
"home_page": "https://github.com/IBM-Cloud/sql-query-clients/cosaccess",
"name": "cosaccess",
"maintainer": "",
"docs_url": null,
"requires_python": ">=2.7, <4",
"maintainer_email": "",
"keywords": "cloud object_storage IBM",
"author": "IBM Corp.",
"author_email": "torsten@de.ibm.com",
"download_url": "https://files.pythonhosted.org/packages/9a/f0/6546ce39600305012174e7ac60c7b1cee4803fd146c7c5a933c501c32fcf/cosaccess-0.1.18.tar.gz",
"platform": null,
"description": "# cosaccess\n\n## Setup\n```\npip install coaccess\n```\n\nManage IBM Cloud COS access privileges on bucket and object level\n\n## Example usage\n```\nfrom cosaccess import CosAccessManager\ncosaccess = CosAccessManager('<your api key here>')\ncosaccess.get_policies_for_cos_bucket('<your bucket name>')\n```\n\n## Demo\nHere is a little [demo notebook](https://dataplatform.cloud.ibm.com/analytics/notebooks/v2/2471b8af-1ee2-4b57-a81e-5de09199fe49/view?access_token=f5b64c8129c72ec65dc1a898146bb28723205dbb4b31827d19180c3bae7902df&context=cpdaas) that shows a few more usage examples.\n\n\n## CosAccessManager method list\n### Initialization\n * `CosAccessManager(apikey, account_id=None)` Constructor. `apikey`: IAM API key. `account_id`: The IBM Cloud account holding the COS instance(s) for which you want to manage access. Default is the account of the provided API Key.\n### Retrieving Access Policies\n * `get_policies_for_cos_bucket(cosBucket, prefix = None, roles = None):` Returns a dataframe with all policies defined on the COS bucket. When prefix is provided the results only show polcies that are relevant for access to that prefix path. When a list of roles is provided only policies that assign at least on of these roles are returned.\n * `get_policy(policy_id)` Returns a JSON dict with all policy details for the provided policy ID\n * `list_policies(roles = None)` Returns an array of JSON dicts with all policies and their details in the account. When a list of roles is provided only policies that assign at least on of these roles are returned.\n * `list_policies_for_service(serviceName, roles = None)` Returns an array of JSON dicts with all policies and their details specified for the provided service type (e.g., `cloud-object-storage`). When a list of roles is provided only policies that assign at least on of these roles are returned.\n * `list_policies_for_cos_instance(cosServiceInstance, roles = None)` Returns an array of JSON dicts with all policies and their details specified COS service instance ID. When a list of roles is provided only policies that assign at least on of these roles are returned.\n * `list_policies_for_cos_bucket(cosBucket, prefix = None, roles = None):` Returns an array of JSON dicts with all policies defined on the COS bucket. When prefix is provided the results only show polcies that are relevant for access to that prefix path. When a list of roles is provided only policies that assign at least on of these roles are returned.\n### CRUD for Access Policies\n * `grant_bucket_access(roles, cos_bucket, prefixes = None, access_group = None, iam_id = None)` Create new access policy for the COS bucket and optionally prefix\n * `update_bucket_access(policy_id, roles, cos_bucket, prefixes = None, access_group = None, iam_id = None)` Overwrites an existing access policy for the COS bucket and optionally prefix\n * `remove_bucket_access(policy_id)` Deletes an existing access policy\n### COS Helper Methods\n * `get_cos_instance_id(bucket)` Returns the instance ID of the COS instance holding the provided COS bucket\n### Working with Users\n * `get_users()` Returns a dataframe with all users and their details in the account\n * `get_user_iam_id(user_id):` Get the IAM ID of a user specified by name (IBM ID email address)\n * `get_user_name(iam_id)` Get user name in format `<given name> <last name> <email>` for a given IAM ID\n### Working with Service IDs\n * `get_service_ids()` Returns a dataframe with all Service IDs and their details in the account\n * `get_service_id_iam_id(service_id):` Get the IAM ID of a Service ID specified by Service ID name\n * `get_service_id_name(iam_id)` Get Service ID name for a given IAM ID\n * `get_service_id_details(service_id_name, service_id)` Return the details of a service ID identified by either name or ID.\n * `create_service_id(service_id_name, with_apikey)` Create a new service ID. When optional parameter with_apikey is set to True there will also be an API krey created and assoctiated with the new service ID\n * `delete_service_id(service_id_name, service_id)` Delete a service ID identified by either name or ID.\n### Working with Access Groups\n * `get_access_groups()` Returns a dataframe with all acces groups and their details in the account\n * `get_access_group_id(access_group)` Get the access group ID for an access group name\n * `get_access_group_name(access_group_id)` Get the access group name for an access group ID\n * `get_access_group_members(access_group_name, access_group_id)` Return a dataframe with all members of an access group identified by either name or ID\n * `add_member_to_access_group(access_group_name, access_group_id, user_name, user_id, service_id_name, service_id)` Add a new member (either a user or a Service ID) to an access group identified by either name or ID\n * `delete_member_from_access_groupaccess_group_name, access_group_id, user_name, user_id, service_id_name, service_id)` Remove a member (either a user or a Service ID) from an access group identified by either name or ID\n * `create_access_group(access_group_name)` Create a new access group\n * `delete_access_group(access_group_name, access_group_id, force)` Delete an access group identified by either name or ID. Set force to True to delete the group also when it still has members.\n\n## Building and testing the library locally\n### Set up Python environment\nRun `source ./setup_env.sh` which creates and activates a clean virtual Python environment.\n### Install the local code in your Python environment\nRun `./_install.sh`.\n### Test the library locally\n1. Create a file `cosaccess/test_credentials.py` with the IBM Cloud IAM API Key:\n```\napikey='<your IBM Cloud API key>'\n```\nyou can use the template file `cosaccess/test_credentials.py.template`\n\n2. Run `python cosaccess/test.py`.\n\n### Packaging and publishing distribution\n1. Make sure to increase `version=...` in `setup.py` before creating a new package.\n2. Run `package.sh`. It will prompt for user and password that must be authorized for package `cosaccess` on pypi.org.\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "Python client for managing IAM policies fine grained access control in IBM Cloud Object Storage",
"version": "0.1.18",
"project_urls": {
"Homepage": "https://github.com/IBM-Cloud/sql-query-clients/cosaccess"
},
"split_keywords": [
"cloud",
"object_storage",
"ibm"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9af06546ce39600305012174e7ac60c7b1cee4803fd146c7c5a933c501c32fcf",
"md5": "cbd24226475c6ccb0ecb2595fcb6762d",
"sha256": "aafa8156b4bc5fd68f97e29b10091bbfa422eb596b4aabb765b592d996198f9d"
},
"downloads": -1,
"filename": "cosaccess-0.1.18.tar.gz",
"has_sig": false,
"md5_digest": "cbd24226475c6ccb0ecb2595fcb6762d",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=2.7, <4",
"size": 13029,
"upload_time": "2023-11-24T15:34:27",
"upload_time_iso_8601": "2023-11-24T15:34:27.867414Z",
"url": "https://files.pythonhosted.org/packages/9a/f0/6546ce39600305012174e7ac60c7b1cee4803fd146c7c5a933c501c32fcf/cosaccess-0.1.18.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-24 15:34:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "IBM-Cloud",
"github_project": "sql-query-clients",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cosaccess"
}
JSON
