mirror of
https://github.com/meta-llama/llama-stack.git
synced 2025-07-10 07:35:59 +00:00
Changes to access rule conditions:
* change from access_attributes to owner on dynamically created resources * define simpler string based conditions for more intuitive restriction
This commit is contained in:
parent
01ad876012
commit
96cd51a0c8
20 changed files with 427 additions and 431 deletions
|
@ -4,16 +4,18 @@
|
|||
# This source code is licensed under the terms described in the LICENSE file in
|
||||
# the root directory of this source tree.
|
||||
|
||||
from typing import Any, Protocol
|
||||
from typing import Any
|
||||
|
||||
from llama_stack.distribution.request_headers import User
|
||||
from llama_stack.distribution.datatypes import User
|
||||
|
||||
from .conditions import (
|
||||
Condition,
|
||||
ProtectedResource,
|
||||
parse_conditions,
|
||||
)
|
||||
from .datatypes import (
|
||||
AccessAttributes,
|
||||
AccessRule,
|
||||
Action,
|
||||
AttributeReference,
|
||||
Condition,
|
||||
Scope,
|
||||
)
|
||||
|
||||
|
@ -37,43 +39,6 @@ def matches_scope(
|
|||
return action in scope.actions
|
||||
|
||||
|
||||
def user_in_literal(
|
||||
literal: str,
|
||||
user_attributes: dict[str, list[str]] | None,
|
||||
) -> bool:
|
||||
for qualifier in ["role::", "team::", "project::", "namespace::"]:
|
||||
if literal.startswith(qualifier):
|
||||
if not user_attributes:
|
||||
return False
|
||||
ref = qualifier.replace("::", "s")
|
||||
if ref in user_attributes:
|
||||
value = literal.removeprefix(qualifier)
|
||||
return value in user_attributes[ref]
|
||||
else:
|
||||
return False
|
||||
return False
|
||||
|
||||
|
||||
def user_in(
|
||||
ref: AttributeReference | str,
|
||||
resource_attributes: AccessAttributes | None,
|
||||
user_attributes: dict[str, list[str]] | None,
|
||||
) -> bool:
|
||||
if not ref.startswith("resource."):
|
||||
return user_in_literal(ref, user_attributes)
|
||||
name = ref.removeprefix("resource.")
|
||||
required = resource_attributes and getattr(resource_attributes, name)
|
||||
if not required:
|
||||
return True
|
||||
if not user_attributes or name not in user_attributes:
|
||||
return False
|
||||
actual = user_attributes[name]
|
||||
for value in required:
|
||||
if value in actual:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def as_list(obj: Any) -> list[Any]:
|
||||
if isinstance(obj, list):
|
||||
return obj
|
||||
|
@ -82,55 +47,27 @@ def as_list(obj: Any) -> list[Any]:
|
|||
|
||||
def matches_conditions(
|
||||
conditions: list[Condition],
|
||||
resource_attributes: AccessAttributes | None,
|
||||
user_attributes: dict[str, list[str]] | None,
|
||||
resource: ProtectedResource,
|
||||
user: User,
|
||||
) -> bool:
|
||||
for condition in conditions:
|
||||
# must match all conditions
|
||||
if not matches_condition(condition, resource_attributes, user_attributes):
|
||||
if not condition.matches(resource, user):
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
def matches_condition(
|
||||
condition: Condition | list[Condition],
|
||||
resource_attributes: AccessAttributes | None,
|
||||
user_attributes: dict[str, list[str]] | None,
|
||||
) -> bool:
|
||||
if isinstance(condition, list):
|
||||
return matches_conditions(as_list(condition), resource_attributes, user_attributes)
|
||||
if condition.user_in:
|
||||
for ref in as_list(condition.user_in):
|
||||
# if multiple references are specified, all must match
|
||||
if not user_in(ref, resource_attributes, user_attributes):
|
||||
return False
|
||||
return True
|
||||
if condition.user_not_in:
|
||||
for ref in as_list(condition.user_not_in):
|
||||
# if multiple references are specified, none must match
|
||||
if user_in(ref, resource_attributes, user_attributes):
|
||||
return False
|
||||
return True
|
||||
return True
|
||||
|
||||
|
||||
def default_policy() -> list[AccessRule]:
|
||||
# for backwards compatibility, if no rules are provided , assume
|
||||
# full access to all subject to attribute matching rules
|
||||
# for backwards compatibility, if no rules are provided, assume
|
||||
# full access subject to previous attribute matching rules
|
||||
return [
|
||||
AccessRule(
|
||||
permit=Scope(actions=list(Action)),
|
||||
when=Condition(user_in=list(AttributeReference)),
|
||||
)
|
||||
when=["user in owners " + name for name in ["roles", "teams", "projects", "namespaces"]],
|
||||
),
|
||||
]
|
||||
|
||||
|
||||
class ProtectedResource(Protocol):
|
||||
type: str
|
||||
identifier: str
|
||||
access_attributes: AccessAttributes
|
||||
|
||||
|
||||
def is_action_allowed(
|
||||
policy: list[AccessRule],
|
||||
action: Action,
|
||||
|
@ -144,26 +81,23 @@ def is_action_allowed(
|
|||
if not len(policy):
|
||||
policy = default_policy()
|
||||
|
||||
resource_attributes = AccessAttributes()
|
||||
if hasattr(resource, "access_attributes"):
|
||||
resource_attributes = resource.access_attributes
|
||||
qualified_resource_id = resource.type + "::" + resource.identifier
|
||||
for rule in policy:
|
||||
if rule.forbid and matches_scope(rule.forbid, action, qualified_resource_id, user.principal):
|
||||
if rule.when:
|
||||
if matches_condition(rule.when, resource_attributes, user.attributes):
|
||||
if matches_conditions(parse_conditions(as_list(rule.when)), resource, user):
|
||||
return False
|
||||
elif rule.unless:
|
||||
if not matches_condition(rule.unless, resource_attributes, user.attributes):
|
||||
if not matches_conditions(parse_conditions(as_list(rule.unless)), resource, user):
|
||||
return False
|
||||
else:
|
||||
return False
|
||||
elif rule.permit and matches_scope(rule.permit, action, qualified_resource_id, user.principal):
|
||||
if rule.when:
|
||||
if matches_condition(rule.when, resource_attributes, user.attributes):
|
||||
if matches_conditions(parse_conditions(as_list(rule.when)), resource, user):
|
||||
return True
|
||||
elif rule.unless:
|
||||
if not matches_condition(rule.unless, resource_attributes, user.attributes):
|
||||
if not matches_conditions(parse_conditions(as_list(rule.unless)), resource, user):
|
||||
return True
|
||||
else:
|
||||
return True
|
||||
|
|
129
llama_stack/distribution/access_control/conditions.py
Normal file
129
llama_stack/distribution/access_control/conditions.py
Normal file
|
@ -0,0 +1,129 @@
|
|||
# Copyright (c) Meta Platforms, Inc. and affiliates.
|
||||
# All rights reserved.
|
||||
#
|
||||
# This source code is licensed under the terms described in the LICENSE file in
|
||||
# the root directory of this source tree.
|
||||
|
||||
from typing import Protocol
|
||||
|
||||
|
||||
class User(Protocol):
|
||||
principal: str
|
||||
attributes: dict[str, list[str]] | None
|
||||
|
||||
|
||||
class ProtectedResource(Protocol):
|
||||
type: str
|
||||
identifier: str
|
||||
owner: User
|
||||
|
||||
|
||||
class Condition(Protocol):
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool: ...
|
||||
|
||||
|
||||
class UserInOwnersList:
|
||||
def __init__(self, name: str):
|
||||
self.name = name
|
||||
|
||||
def owners_values(self, resource: ProtectedResource) -> list[str] | None:
|
||||
if (
|
||||
hasattr(resource, "owner")
|
||||
and resource.owner
|
||||
and resource.owner.attributes
|
||||
and self.name in resource.owner.attributes
|
||||
):
|
||||
return resource.owner.attributes[self.name]
|
||||
else:
|
||||
return None
|
||||
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
required = self.owners_values(resource)
|
||||
if not required:
|
||||
return True
|
||||
if not user.attributes or self.name not in user.attributes or not user.attributes[self.name]:
|
||||
return False
|
||||
user_values = user.attributes[self.name]
|
||||
for value in required:
|
||||
if value in user_values:
|
||||
return True
|
||||
return False
|
||||
|
||||
def __repr__(self):
|
||||
return f"user in owners {self.name}"
|
||||
|
||||
|
||||
class UserNotInOwnersList(UserInOwnersList):
|
||||
def __init__(self, name: str):
|
||||
super().__init__(name)
|
||||
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
return not super().matches(resource, user)
|
||||
|
||||
def __repr__(self):
|
||||
return f"user not in owners {self.name}"
|
||||
|
||||
|
||||
class UserWithValueInList:
|
||||
def __init__(self, name: str, value: str):
|
||||
self.name = name
|
||||
self.value = value
|
||||
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
if user.attributes and self.name in user.attributes:
|
||||
return self.value in user.attributes[self.name]
|
||||
print(f"User does not have {self.value} in {self.name}")
|
||||
return False
|
||||
|
||||
def __repr__(self):
|
||||
return f"user with {self.value} in {self.name}"
|
||||
|
||||
|
||||
class UserWithValueNotInList(UserWithValueInList):
|
||||
def __init__(self, name: str, value: str):
|
||||
super().__init__(name, value)
|
||||
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
return not super().matches(resource, user)
|
||||
|
||||
def __repr__(self):
|
||||
return f"user with {self.value} not in {self.name}"
|
||||
|
||||
|
||||
class UserIsOwner:
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
return resource.owner.principal == user.principal if resource.owner else False
|
||||
|
||||
def __repr__(self):
|
||||
return "user is owner"
|
||||
|
||||
|
||||
class UserIsNotOwner:
|
||||
def matches(self, resource: ProtectedResource, user: User) -> bool:
|
||||
return not resource.owner or resource.owner.principal != user.principal
|
||||
|
||||
def __repr__(self):
|
||||
return "user is not owner"
|
||||
|
||||
|
||||
def parse_condition(condition: str) -> Condition:
|
||||
words = condition.split()
|
||||
match words:
|
||||
case ["user", "is", "owner"]:
|
||||
return UserIsOwner()
|
||||
case ["user", "is", "not", "owner"]:
|
||||
return UserIsNotOwner()
|
||||
case ["user", "with", value, "in", name]:
|
||||
return UserWithValueInList(name, value)
|
||||
case ["user", "with", value, "not", "in", name]:
|
||||
return UserWithValueNotInList(name, value)
|
||||
case ["user", "in", "owners", name]:
|
||||
return UserInOwnersList(name)
|
||||
case ["user", "not", "in", "owners", name]:
|
||||
return UserNotInOwnersList(name)
|
||||
case _:
|
||||
raise ValueError(f"Invalid condition: {condition}")
|
||||
|
||||
|
||||
def parse_conditions(conditions: list[str]) -> list[Condition]:
|
||||
return [parse_condition(c) for c in conditions]
|
|
@ -6,37 +6,10 @@
|
|||
|
||||
from enum import Enum
|
||||
|
||||
from pydantic import BaseModel, Field, model_validator
|
||||
from pydantic import BaseModel, model_validator
|
||||
from typing_extensions import Self
|
||||
|
||||
|
||||
class AccessAttributes(BaseModel):
|
||||
"""Structured representation of user attributes for access control.
|
||||
|
||||
This model defines a structured approach to representing user attributes
|
||||
with common standard categories for access control.
|
||||
|
||||
Standard attribute categories include:
|
||||
- roles: Role-based attributes (e.g., admin, data-scientist)
|
||||
- teams: Team-based attributes (e.g., ml-team, infra-team)
|
||||
- projects: Project access attributes (e.g., llama-3, customer-insights)
|
||||
- namespaces: Namespace-based access control for resource isolation
|
||||
"""
|
||||
|
||||
# Standard attribute categories - the minimal set we need now
|
||||
roles: list[str] | None = Field(
|
||||
default=None, description="Role-based attributes (e.g., 'admin', 'data-scientist', 'user')"
|
||||
)
|
||||
|
||||
teams: list[str] | None = Field(default=None, description="Team-based attributes (e.g., 'ml-team', 'nlp-team')")
|
||||
|
||||
projects: list[str] | None = Field(
|
||||
default=None, description="Project-based access attributes (e.g., 'llama-3', 'customer-insights')"
|
||||
)
|
||||
|
||||
namespaces: list[str] | None = Field(
|
||||
default=None, description="Namespace-based access control for resource isolation"
|
||||
)
|
||||
from .conditions import parse_conditions
|
||||
|
||||
|
||||
class Action(str, Enum):
|
||||
|
@ -62,18 +35,6 @@ def _require_one_of(obj, a: str, b: str):
|
|||
raise ValueError(f"on of {a} or {b} is required")
|
||||
|
||||
|
||||
class AttributeReference(str, Enum):
|
||||
RESOURCE_ROLES = "resource.roles"
|
||||
RESOURCE_TEAMS = "resource.teams"
|
||||
RESOURCE_PROJECTS = "resource.projects"
|
||||
RESOURCE_NAMESPACES = "resource.namespaces"
|
||||
|
||||
|
||||
class Condition(BaseModel):
|
||||
user_in: AttributeReference | list[AttributeReference] | str | None = None
|
||||
user_not_in: AttributeReference | list[AttributeReference] | str | None = None
|
||||
|
||||
|
||||
class AccessRule(BaseModel):
|
||||
"""Access rule based loosely on cedar policy language
|
||||
|
||||
|
@ -85,10 +46,14 @@ class AccessRule(BaseModel):
|
|||
requests.
|
||||
|
||||
A rule may also specify a condition, either a 'when' or an 'unless', with additional
|
||||
constraints as to where the rule applies. The constraints at present are whether the
|
||||
user requesting access is in or not in some set. This set can either be a particular
|
||||
set of attributes on the resource e.g. resource.roles or a literal value of some
|
||||
notion of group, e.g. role::admin or namespace::foo.
|
||||
constraints as to where the rule applies. The constraints supported at present are:
|
||||
|
||||
- 'user with <attr-value> in <attr-name>'
|
||||
- 'user with <attr-value> not in <attr-name>'
|
||||
- 'user is owner'
|
||||
- 'user is not owner'
|
||||
- 'user in owners <attr-name>'
|
||||
- 'user not in owners <attr-name>'
|
||||
|
||||
Rules are tested in order to find a match. If a match is found, the request is
|
||||
permitted or forbidden depending on the type of rule. If no match is found, the
|
||||
|
@ -99,33 +64,31 @@ class AccessRule(BaseModel):
|
|||
Some examples in yaml:
|
||||
|
||||
- permit:
|
||||
principal: user-1
|
||||
actions: [create, read, delete]
|
||||
resource: model::*
|
||||
principal: user-1
|
||||
actions: [create, read, delete]
|
||||
resource: model::*
|
||||
description: user-1 has full access to all models
|
||||
- permit:
|
||||
principal: user-2
|
||||
actions: [read]
|
||||
resource: model::model-1
|
||||
principal: user-2
|
||||
actions: [read]
|
||||
resource: model::model-1
|
||||
description: user-2 has read access to model-1 only
|
||||
- permit:
|
||||
actions: [read]
|
||||
when:
|
||||
user_in: resource.namespaces
|
||||
description: any user has read access to any resource with matching attributes
|
||||
actions: [read]
|
||||
when: user in owner teams
|
||||
description: any user has read access to any resource created by a member of their team
|
||||
- forbid:
|
||||
actions: [create, read, delete]
|
||||
resource: vector_db::*
|
||||
unless:
|
||||
user_in: role::admin
|
||||
actions: [create, read, delete]
|
||||
resource: vector_db::*
|
||||
unless: user with admin in roles
|
||||
description: only user with admin role can use vector_db resources
|
||||
|
||||
"""
|
||||
|
||||
permit: Scope | None = None
|
||||
forbid: Scope | None = None
|
||||
when: Condition | list[Condition] | None = None
|
||||
unless: Condition | list[Condition] | None = None
|
||||
when: str | list[str] | None = None
|
||||
unless: str | list[str] | None = None
|
||||
description: str | None = None
|
||||
|
||||
@model_validator(mode="after")
|
||||
|
@ -133,4 +96,12 @@ class AccessRule(BaseModel):
|
|||
_require_one_of(self, "permit", "forbid")
|
||||
_mutually_exclusive(self, "permit", "forbid")
|
||||
_mutually_exclusive(self, "when", "unless")
|
||||
if isinstance(self.when, list):
|
||||
parse_conditions(self.when)
|
||||
elif self.when:
|
||||
parse_conditions([self.when])
|
||||
if isinstance(self.unless, list):
|
||||
parse_conditions(self.unless)
|
||||
elif self.unless:
|
||||
parse_conditions([self.unless])
|
||||
return self
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue