Skip to content

harshit2283/permitta

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

139 Commits
docker
docker
 
 
docs
docs
 
 
opa
opa
 
 
permitta
permitta
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
mkdocs.yml
mkdocs.yml
 
 
requirements.txt
requirements.txt
 
 
test.sh
test.sh
 
 

Repository files navigation

Permitta

RABAC authorisation for Trino and OPA

Features

  • Web-UI for creating & editing OPA policy documents
    • Drag-and-drop policy editor for basic policies
    • Embedded Rego IDE for complex policies
  • Bundle API for serving data abd policy documents to OPA
  • Extensible ingestion framework to acquire tables and users from external sources (e.g trino, ldap)
  • Decision log capture / view / search
  • User directory
  • Data object catalog
  • SSO Integration (OIDC)

Documentation

https://permitta.github.io/permitta/

Development

The Permitta dev environment relies on a postgres database, OPA, trino, hive-metastore, minio and lldap to run. All of these dependencies are present in the docker-compose in the repo root

It is recommended to run the dependencies under docker-compose and debug the python/js code in your favourite editor

Architecture

  • Front end is built using HTMX and TailWind CSS, built with webpack
  • Back end is running flask server to serve both APIs and views
  • Unit tests are under pytest
  • ORM is SQLAlchemy with postgres16, unit tests use DatabaseJanitor with dockerised postgres

UI API

  • Structure is traditional Model-View-Controller
  • View models, controllers and views reside under /views/ (refactor)
  • DBO models are returned to template renderer, this is to be refactored to pure view models
  • The view module owns the DB session, attained from flask.g
  • View modules should not directly reference repositories, only via controllers

Ingestion

Data ingestion is treated as first-class ETL in Permitta

  • Ingestion jobs are asynchronous and CLI-driven. Best deployed using kubernetes CronJobs or similar
  • Common ingestion controller instantiates connectors specific to the ingestion source.
    • Additional sources can easily be added by creating new connectors. Currently supports Trino and LDAP
    • Connectors are python classes based on ConnectorBase and yield instances of common ingestion objects
    • Connectors instantiate specific client classes, depending on the use-case. (E.g: LDAP connector instantiates an LDAP client)
  • Repository model provides a common SQL MERGE tool to provide robust transaction oriented ingestion

Related Reading

About

Permitta - RABAC for Trino and OPA

permitta.github.io/permitta/

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages