Merge pull request #231 from permitio/oded/per-8678-ming-hot-fix-sync…

…-rbac-policy-with-node Add policy sync script to node and python docs
permitio · Jan 22, 2024 · e044f37 · e044f37
2 parents 65b0429 + e700feb
commit e044f37
Show file tree

Hide file tree

Showing 4 changed files with 407 additions and 0 deletions.
diff --git a/docs/sdk/nodejs/sync-policy-script/_category_.json b/docs/sdk/nodejs/sync-policy-script/_category_.json
@@ -0,0 +1,4 @@
+{
+    "label": "Sync RBAC policy script",
+    "position": 10
+}
diff --git a/docs/sdk/nodejs/sync-policy-script/sync-policy.mdx b/docs/sdk/nodejs/sync-policy-script/sync-policy.mdx
@@ -0,0 +1,241 @@
+# Using the Permit.io SDK to Create Policies
+#### This guide walks you through the process of using the Permit.io SDK to create and manage resources, roles, and permissions in your Node.js application.
+
+## Overview
+The script allows you to set up resources and roles with specific permissions. It checks for the existence of these resources and roles in your Permit.io setup and creates or updates them as needed.
+
+## Prerequisites
+Node.js installed in your environment.
+permitio package installed in your project.
+
+### Steps to Use the Script
+Import Permit.io SDK:
+First, import and initialize the Permit.io SDK in your project:
+
+```javascript
+const { Permit } = require('permitio');
+const permit = new Permit({
+    pdp: 'https://cloudpdp.api.permit.io',
+    token: 'permit_key_',
+});
+```
+
+### Define Resources and Roles:
+Define the resources and roles in your application. For example:
+
+```javascript
+const resources = [
+    // Define resources here
+];
+
+const roles = [
+    // Define roles here
+];
+```
+
+### Create Policy Function:
+Use the createPolicy function to iterate through the resources and roles, creating or updating them as necessary:
+
+```javascript
+const createPolicy = async () => {
+    // Implementation here
+};
+```
+
+### Running the Script:
+Execute the script to create or update your policies:
+
+```javascript
+createPolicy().then(() => {
+    console.log("done");
+}).catch((err) => {
+    console.log(err);
+});
+```
+
+### Example Implementation
+The following example demonstrates creating resources and roles:
+
+```javascript
+// Define resources
+const resources = [
+    {
+        key: "employee",
+        name: "Employee",
+        // Define actions
+    },
+    // ... other resources
+];
+
+// Define roles
+const roles = [
+    {
+        key: "User",
+        name: "User",
+        permissions: ["employee_doc:read", "employee_doc:update"]
+    },
+    // ... other roles
+];
+
+// Implement the createPolicy function
+const createPolicy = async () => {
+    // Iterate through resources
+    // ... implementation
+    // Iterate through roles
+    // ... implementation
+};
+
+// Run the script
+createPolicy().then(() => {
+    console.log("done");
+}).catch((err) => {
+    console.log(err);
+});
+```
+
+#### Notes
+* Ensure that the pdp and token in the Permit SDK initialization are correctly set for your environment.
+* The script checks for existing resources and roles before creating new ones to prevent duplication.
+* If a role exists but its permissions have changed, the script updates the role with the new permissions.
+
+
+
+### Attached the full code for reference:
+```js
+const { Permit } = require('permitio');
+
+// This line initializes the SDK and connects your Node.js app
+// to the Permit.io PDP container you've set up in the previous step.
+const permit = new Permit({
+    // in production, you might need to change this url to fit your deployment
+    pdp: 'https://cloudpdp.api.permit.io',
+    // your api key
+    token:
+        'permit_key_',
+});
+
+
+const roles = [
+    {
+        "key": "manager",
+        "name": "Manager",
+        "description": "Default User",
+        "permissions": ["employee:export", "employee:delete"]
+    },
+]
+
+const resources = [
+    {
+        "key": "employee",
+        "name": "Employee",
+        "actions": {
+            "create": {
+                "name": "create",
+            },
+            "read-all": {
+                "name": "read-all"
+            },
+            "delete": {
+                "name": "delete"
+            },
+            "export": {
+                "name": "export"
+            },
+        },
+    },
+    {
+        "key": "task",
+        "name": "Task",
+        "actions": {
+            "create": {
+                "name": "create",
+            },
+            "read-all": {
+                "name": "read-all"
+            },
+            "delete": {
+                "name": "delete"
+            },
+            "export": {
+                "name": "export"
+            },
+        },
+
+    },
+    {
+        "key": "folder",
+        "name": "Folder",
+        "actions": {
+            "create": {
+                "name": "create",
+            },
+            "read-all": {
+                "name": "read-all"
+            },
+            "delete": {
+                "name": "delete"
+            },
+            "export": {
+                "name": "export"
+            },
+        },
+    }
+]
+
+
+const createPolicy = async () => {
+    // iterate through resources
+    for (let resource of resources) {
+        // check if resource exists
+        let resourceExists
+        try {
+            resourceExists = await permit.api.resources.get(resource.key);
+        } catch(err){
+            console.log('no resource' + resource.key);
+        }
+
+        // if resource don't exist create it
+        if (!resourceExists) {
+            console.log("creating resource: " + resource.key);
+            await permit.api.resources.create(resource);
+        } else {
+            console.log("resource already exists: " + resource.key);
+        }
+    }
+    // iterate through roles
+    for (let role of roles) {
+        // check if role exists
+        let roleExists
+        try {
+            roleExists = await permit.api.roles.get(role.key);
+        } catch(err){
+            console.log('no role' + role.key);
+        }
+        // if role don't exist create it
+        if (!roleExists) {
+            console.log("creating role: " + role.key);
+            await permit.api.roles.create(role);
+        } else {
+            console.log("role already exists: " + role.key);
+            console.log(roleExists.permissions, role.permissions)
+            if ((roleExists.permissions.filter(x => !role.permissions.includes(x)).length > 0) > 0 || (role.permissions.filter(x => !roleExists.permissions.includes(x)).length > 0) > 0) {
+                console.log("updating permissions for role: " + role.key);
+                // clear permissions
+                await permit.api.roles.removePermissions(roleExists.id, roleExists.permissions);
+                // add permissions
+                await permit.api.roles.assignPermissions(roleExists.id, role.permissions);
+            } else {
+                console.log("permissions for role: " + role.key + " are up to date");
+            }
+        }
+    }
+}
+
+createPolicy().then(() => {
+    console.log("done");
+}
+).catch((err) => {
+    console.log(err);
+}
+)
+```
diff --git a/docs/sdk/python/sync-policy-script/_category_.json b/docs/sdk/python/sync-policy-script/_category_.json
@@ -0,0 +1,4 @@
+{
+    "label": "Sync RBAC policy script",
+    "position": 10
+}