| CLASS | DESCRIPTION |
|---|---|
PrincipalAttributesAPIAsync |
High-level API for principal attributes (ABAC). |
| ATTRIBUTE | DESCRIPTION |
|---|---|
ASSIGN_BATCH_SIZE |
|
PrincipalAttributesAPIAsync(sift_client: SiftClient)
Bases: ResourceBase
High-level API for principal attributes (ABAC).
Principal attributes assign attribute keys to principals (users or user groups). The attribute key is the entry point: enum values and assignments are managed through methods on a key, or through the corresponding methods here.
Initialize the PrincipalAttributesAPI.
| PARAMETER | DESCRIPTION |
|---|---|
sift_client
|
The Sift client to use.
TYPE:
|
| METHOD | DESCRIPTION |
|---|---|
archive_assignments |
Batch archive assignments. |
archive_enum_value |
Archive an enum value, migrating existing assignments to a replacement. |
archive_key |
Archive a key. Cascades to its enum values and assignments. |
assign |
Assign a value to principals for a key. |
check_key_archive_impact |
Return the number of active assignments archiving this key would affect. |
create_enum_value |
Create a single enum value for a key. |
create_key |
Create a principal attribute key. |
find_key |
Find a single key matching the query. Raises if more than one matches. |
get_assignment |
Get a single assignment by ID. |
get_key |
Get a principal attribute key by ID. |
get_or_create_enum_values |
Get enum values for a key by name, creating any that don't exist. |
get_or_create_key |
Get a key by display name, creating it if it does not exist. |
list_assignments |
List principal attribute assignments. |
list_enum_values |
List the enum values defined for a key. |
list_keys |
List principal attribute keys with optional filtering. |
resolve_user_id |
Resolve a user's email (its user name) to a user ID. |
resolve_user_ids |
Resolve user emails (their user names) to user IDs. |
unarchive_assignments |
Batch unarchive assignments. |
unarchive_enum_value |
Unarchive an enum value. |
unarchive_key |
Unarchive a key. Does not restore its cascaded enum values or assignments. |
update_key |
Update a key's display name or description. |
| ATTRIBUTE | DESCRIPTION |
|---|---|
client |
TYPE:
|
grpc_client |
TYPE:
|
rest_client |
TYPE:
|
async
¶
archive_assignments(
assignments: list[str | PrincipalAttributeValue],
*,
principal_type: PrincipalType = USER,
) -> None
Batch archive assignments.
async
¶
archive_enum_value(
enum_value: str | PrincipalAttributeEnumValue,
*,
replacement: str
| PrincipalAttributeEnumValue
| None = None,
) -> int
Archive an enum value, migrating existing assignments to a replacement.
Returns the number of assignments migrated.
async
¶
archive_key(
key: str | PrincipalAttributeKey,
) -> PrincipalAttributeKey
Archive a key. Cascades to its enum values and assignments.
async
¶
assign(
key: PrincipalAttributeKey,
principals: list[str],
*,
value: Any,
principal_type: PrincipalType = USER,
) -> list[PrincipalAttributeValue]
Assign a value to principals for a key.
| PARAMETER | DESCRIPTION |
|---|---|
key
|
The key to assign. Its
TYPE:
|
principals
|
Principal IDs. For
TYPE:
|
value
|
For
TYPE:
|
principal_type
|
The kind of principal being assigned to. Defaults to
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
list[PrincipalAttributeValue]
|
The created assignments. |
async
¶
check_key_archive_impact(
key: str | PrincipalAttributeKey,
) -> int
Return the number of active assignments archiving this key would affect.
Counts both user and user-group assignments.
async
¶
create_enum_value(
key: str | PrincipalAttributeKey,
display_name: str,
*,
description: str = "",
) -> PrincipalAttributeEnumValue
Create a single enum value for a key.
async
¶
create_key(
display_name: str,
value_type: PrincipalAttributeValueType,
*,
description: str = "",
) -> PrincipalAttributeKey
Create a principal attribute key.
async
¶
find_key(**kwargs) -> PrincipalAttributeKey | None
Find a single key matching the query. Raises if more than one matches.
async
¶
get_assignment(
*,
assignment_id: str,
principal_type: PrincipalType = USER,
) -> PrincipalAttributeValue
Get a single assignment by ID.
async
¶
get_key(*, key_id: str) -> PrincipalAttributeKey
Get a principal attribute key by ID.
async
¶
get_or_create_enum_values(
key: str | PrincipalAttributeKey, names: list[str]
) -> list[PrincipalAttributeEnumValue]
Get enum values for a key by name, creating any that don't exist.
Returns the values in the same order as names.
async
¶
get_or_create_key(
display_name: str,
value_type: PrincipalAttributeValueType,
*,
description: str = "",
) -> PrincipalAttributeKey
Get a key by display name, creating it if it does not exist.
Note
Display names are not guaranteed unique. If multiple keys share the display name, the first active match is returned.
async
¶
list_assignments(
*,
key: str | PrincipalAttributeKey | None = None,
principal: str | None = None,
principal_type: PrincipalType = USER,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[PrincipalAttributeValue]
List principal attribute assignments.
| PARAMETER | DESCRIPTION |
|---|---|
key
|
Filter to assignments of this key.
TYPE:
|
principal
|
Filter to assignments for this principal (user ID, or email for users).
TYPE:
|
principal_type
|
The kind of principal to list assignments for. Defaults to
TYPE:
|
include_archived
|
If True, include archived assignments.
TYPE:
|
filter_query
|
Explicit CEL query.
TYPE:
|
order_by
|
Field and direction to order by.
TYPE:
|
limit
|
Maximum number of assignments to return.
TYPE:
|
page_size
|
Results to fetch per request.
TYPE:
|
async
¶
list_enum_values(
key: str | PrincipalAttributeKey,
*,
name: str | None = None,
names: list[str] | None = None,
name_contains: str | None = None,
name_regex: str | Pattern | None = None,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[PrincipalAttributeEnumValue]
List the enum values defined for a key.
async
¶
list_keys(
*,
name: str | None = None,
names: list[str] | None = None,
name_contains: str | None = None,
name_regex: str | Pattern | None = None,
value_type: PrincipalAttributeValueType | None = None,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[PrincipalAttributeKey]
List principal attribute keys with optional filtering.
| PARAMETER | DESCRIPTION |
|---|---|
name
|
Exact display name of the key.
TYPE:
|
names
|
Display names to filter by.
TYPE:
|
name_contains
|
Substring match on the display name.
TYPE:
|
name_regex
|
Regex match on the display name.
TYPE:
|
value_type
|
Filter to keys of this value type.
TYPE:
|
include_archived
|
If True, include archived keys.
TYPE:
|
filter_query
|
Explicit CEL query.
TYPE:
|
order_by
|
Field and direction to order by.
TYPE:
|
limit
|
Maximum number of keys to return.
TYPE:
|
page_size
|
Results to fetch per request.
TYPE:
|
async
¶
Resolve a user's email (its user name) to a user ID.
| RAISES | DESCRIPTION |
|---|---|
ValueError
|
If no user with that email is found. |
async
¶
Resolve user emails (their user names) to user IDs.
Returns a mapping of email to user ID for the emails that were found. Emails with no matching user are omitted.
async
¶
unarchive_assignments(
assignments: list[str | PrincipalAttributeValue],
*,
principal_type: PrincipalType = USER,
) -> None
Batch unarchive assignments.
async
¶
unarchive_enum_value(
enum_value: str | PrincipalAttributeEnumValue,
) -> PrincipalAttributeEnumValue
Unarchive an enum value.
async
¶
unarchive_key(
key: str | PrincipalAttributeKey,
) -> PrincipalAttributeKey
Unarchive a key. Does not restore its cascaded enum values or assignments.
async
¶
update_key(
key: str | PrincipalAttributeKey,
*,
display_name: str | None = None,
description: str | None = None,
) -> PrincipalAttributeKey
Update a key's display name or description.