{ "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Account Management 101" ] }, { "cell_type": "code", "execution_count": 2, "metadata": {}, "outputs": [], "source": [ "import geodesic" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Your Account\n", "\n", "When you access Geodesic, the API reaches out to an external identity provider to get a token to interact with the backend. \n", "That token carries some information about you and your current permissions level, but also we have a backend service that\n", "adds to and customizes that information. You can get your user profile using the built-in `myself` function" ] }, { "cell_type": "code", "execution_count": 5, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'subject': 'auth0|611c3d206a08f0006c8a9290',\n", " 'first_name': '',\n", " 'last_name': '',\n", " 'middle_name': '',\n", " 'alias': 'gcp-headless@seerai.space',\n", " 'email': 'gcp-headless@seerai.space',\n", " 'avatar': 'https://s.gravatar.com/avatar/ff1b38649bdb3d54918f07a81ba0b036?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fgc.png',\n", " 'pronouns': '',\n", " 'bio': ''}" ] }, "execution_count": 5, "metadata": {}, "output_type": "execute_result" } ], "source": [ "u = geodesic.myself()\n", "dict(u)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "As you can see, this carries information about you, or in this case, our service account user. You can edit all of this information directly" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [], "source": [ "u.first_name = \"Geodesic\"\n", "u.middle_name = \"API\"\n", "u.last_name = \"User\"\n", "u.alias = \"Headless User\"\n", "u.pronouns = \"it/its\"\n", "u.bio = \"I'm a robot that manages some internal stuff for SeerAI. Will you be my friend?\"\n", "\n", "u.save()" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'subject': 'auth0|611c3d206a08f0006c8a9290',\n", " 'first_name': 'Geodesic',\n", " 'last_name': 'User',\n", " 'middle_name': 'API',\n", " 'alias': 'Headless User',\n", " 'email': 'gcp-headless@seerai.space',\n", " 'avatar': 'https://s.gravatar.com/avatar/ff1b38649bdb3d54918f07a81ba0b036?s=480&r=pg&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fgc.png',\n", " 'pronouns': 'it/its',\n", " 'bio': \"I'm a robot that manages some internal stuff for SeerAI. Will you be my friend?\"}" ] }, "execution_count": 7, "metadata": {}, "output_type": "execute_result" } ], "source": [ "dict(u)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You can check permissions and roles" ] }, { "cell_type": "code", "execution_count": 8, "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "permissions = ['spacetime:read', 'spacetime:write', 'tesseract:read', 'tesseract:write', 'entanglement:read', 'entanglement:write'], roles = ['user']\n" ] } ], "source": [ "print(f'permissions = {u.get_permissions}, roles = {u.get_roles}')" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "You are uniquely identified in the system by the `subject` field. This is a unique string provided by your identity provider. We'll get into resource sharing in a second, but the `subject` is always used as that unique identifier for a user within the platform." ] }, { "attachments": {}, "cell_type": "markdown", "metadata": {}, "source": [ "### Projects\n", "\n", "Perhaps the most important part of Geodesic is a `Project`. `Projects` are like your personal work area within the SeerAI Graph. You can store datasets and other objects and connections here and they will only be visible to those that you share them with. You can list `Projects` that you can access using the `get_projects` function." ] }, { "cell_type": "code", "execution_count": 11, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "[{'name': 'global',\n", " 'alias': 'Global Graph',\n", " 'description': 'The Global Project. All can read, few can write.',\n", " 'owner': '',\n", " 'keywords': 'global',\n", " 'uid': 'global'}]" ] }, "execution_count": 11, "metadata": {}, "output_type": "execute_result" } ], "source": [ "geodesic.get_projects()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Create a new `Project` with the `create_project` function" ] }, { "cell_type": "code", "execution_count": 12, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'name': 'docs-example',\n", " 'alias': 'Docs Example Project',\n", " 'description': 'Test project for illustration purposes',\n", " 'keywords': '',\n", " 'uid': 'b96a3c8f8104b671d19ff7dbad5b7026992d7643',\n", " 'owner': 'auth0|611c3d206a08f0006c8a9290'}" ] }, "execution_count": 12, "metadata": {}, "output_type": "execute_result" } ], "source": [ "p = geodesic.create_project(name=\"docs-example\", alias=\"Docs Example Project\", description=\"Test project for illustration purposes\")\n", "p" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "your `active_project` is where everything you do will get saved by default (anything that writes to the backend). You can see your `active project` with the `get_active_project` function. It always defaults to *global*, but can be changed at runtime." ] }, { "cell_type": "code", "execution_count": 13, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'name': 'global',\n", " 'alias': 'Global Graph',\n", " 'description': 'The Global Project. All can read, few can write.',\n", " 'owner': '',\n", " 'keywords': 'global',\n", " 'uid': 'global'}" ] }, "execution_count": 13, "metadata": {}, "output_type": "execute_result" } ], "source": [ "geodesic.get_active_project()" ] }, { "cell_type": "code", "execution_count": 14, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'name': 'docs-example',\n", " 'alias': 'Docs Example Project',\n", " 'description': 'Test project for illustration purposes',\n", " 'keywords': '',\n", " 'uid': 'b96a3c8f8104b671d19ff7dbad5b7026992d7643',\n", " 'owner': 'auth0|611c3d206a08f0006c8a9290'}" ] }, "execution_count": 14, "metadata": {}, "output_type": "execute_result" } ], "source": [ "geodesic.set_active_project(p)" ] }, { "cell_type": "code", "execution_count": 15, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "{'name': 'docs-example',\n", " 'alias': 'Docs Example Project',\n", " 'description': 'Test project for illustration purposes',\n", " 'keywords': '',\n", " 'uid': 'b96a3c8f8104b671d19ff7dbad5b7026992d7643',\n", " 'owner': 'auth0|611c3d206a08f0006c8a9290'}" ] }, "execution_count": 15, "metadata": {}, "output_type": "execute_result" } ], "source": [ "geodesic.get_active_project()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Most users do not have write access to global, but everyone can read from it. This is the currated graph, and should be protected. Even though the whole system is version controlled, too many people editing *global* would end up with a messy knowledge graph." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "### Credentials\n", "\n", "Credentials allow a user to let Geodesic access some secure resource on their behalf. That is things like APIs and Cloud Storage like S3, Azure Blob Storage, and Google Cloud Storage. Any user can add credentials, and they are stored internally in an encrypted format. They can never be read back by any user, including an admin. Once they are there, only certain internal services are able to retrieve the encrypted credentials for exhange with an API that a user has authorized for access.\n", "\n", "Imagine I need to provide access to imagery stored in an S3 bucket. In that case, I need to create a `Credential` object" ] }, { "cell_type": "code", "execution_count": 17, "metadata": {}, "outputs": [], "source": [ "from geodesic.account import Credential, get_credential, get_credentials, valid_types" ] }, { "cell_type": "code", "execution_count": 18, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "['SERVICE_ACCOUNT_KEY',\n", " 'AWS_KEY_PAIR',\n", " 'AZURE_ACCESS_KEY',\n", " 'JWT',\n", " 'OAUTH2_CLIENT_CREDENTIALS',\n", " 'OAUTH2_REFRESH_TOKEN',\n", " 'BASIC_AUTH']" ] }, "execution_count": 18, "metadata": {}, "output_type": "execute_result" } ], "source": [ "valid_types" ] }, { "cell_type": "code", "execution_count": 23, "metadata": {}, "outputs": [], "source": [ "c = Credential(name=\"s3-bucket\", type='AWS_KEY_PAIR', data={\n", " 'aws_secret_access_key': \"mysecretaccesskey\",\n", " 'aws_access_key_id': \"myaccesskeyid\"\n", "})\n", "c.create()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Credentials can be referred to by their `uid` (autogenerated) or `name`. " ] } ], "metadata": { "kernelspec": { "display_name": "geodesic-dev", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.8.18" }, "vscode": { "interpreter": { "hash": "3d2bf83ed2a6da8a0631fea44d33ce4d4db244cea4ef89c6233c9ac35e49a783" } }, "widgets": { "application/vnd.jupyter.widget-state+json": { "state": {}, "version_major": 2, "version_minor": 0 } } }, "nbformat": 4, "nbformat_minor": 4 }