actra/examples/python/core-sdk/basic_refund.py at a6c4ac89bdbe0fef7cb827873d7f1f71ac9251fa · getactra/actra · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
"""
Basic Actra Example

This example shows how Actra can enforce admission
control policies on normal Python functions.

Actra evaluates a policy BEFORE the function executes
and blocks the call if the policy denies it.
"""

from actra import Actra
from actra.runtime import ActraRuntime


# ------------------------------------------------------------
# 1. Schema definition
# ------------------------------------------------------------
# The schema defines the structure of data that policies
# are allowed to reference.
#
# Domains:
# - action   : parameters passed to the function
# - actor    : identity of the caller
# - snapshot : external system state
#
schema_yaml = """
version: 1

actions:
  refund:
    fields:
      amount: number

actor:
  fields:
    role: string

snapshot:
  fields:
    fraud_flag: boolean
"""


# ------------------------------------------------------------
# 2. Policy definition
# ------------------------------------------------------------
# This policy blocks refunds larger than 1000
#
# Scope limits the rule to the "refund" action
# The rule inspects the action.amount field
#
policy_yaml = """
version: 1

rules:
  - id: block_large_refund
    scope:
      action: refund
    when:
      subject:
        domain: action
        field: amount
      operator: greater_than
      value:
        literal: 1000
    effect: block
"""

# ------------------------------------------------------------
# 3. Compile policy
# ------------------------------------------------------------

policy = Actra.from_strings(schema_yaml, policy_yaml)

# ------------------------------------------------------------
# 4. Create runtime
# ------------------------------------------------------------

runtime = ActraRuntime(policy)

# ------------------------------------------------------------
# 5. Register context resolvers
# ------------------------------------------------------------
# Resolvers dynamically supply runtime context used by policies.
#
# actor_resolver   : information about the caller
# snapshot_resolver: external system state
#

runtime.set_actor_resolver(lambda ctx: {"role": "support"})
runtime.set_snapshot_resolver(lambda ctx: {"fraud_flag": False})


# ------------------------------------------------------------
# 6. Protect a function with Actra
# ------------------------------------------------------------
# The @runtime.admit decorator intercepts the function call
# and evaluates policies before execution.
#
# 1. Default mapping
#    @runtime.admit() : all kwargs become action fields
#
# 2. Field filtering
#    @runtime.admit(fields=["amount"])
#
# 3. Custom action builder
#    @runtime.admit(action_builder=my_builder)
#

@runtime.admit()
def refund(amount: int):
    print("Refund executed:", amount)


# ------------------------------------------------------------
# 7. Execute calls
# ------------------------------------------------------------

print("\n--- Allowed call ---")
refund(amount=200)


print("\n--- Blocked call ---")
refund(amount=1500)