sift_client.resources.access_control.resource_attributes
¶
| CLASS | DESCRIPTION |
|---|---|
ResourceAttributesAPIAsync |
High-level API for resource attributes. |
| ATTRIBUTE | DESCRIPTION |
|---|---|
ResourceLike |
|
SUPPORTED_RESOURCE_ENTITY_TYPES |
|
ResourceLike
module-attribute
¶
ResourceLike = Union[
ResourceAttributeEntity, Asset, Channel, Run, str
]
SUPPORTED_RESOURCE_ENTITY_TYPES
module-attribute
¶
SUPPORTED_RESOURCE_ENTITY_TYPES = {
ResourceAttributeEntityType.ASSET,
ResourceAttributeEntityType.CHANNEL,
ResourceAttributeEntityType.RUN,
}
ResourceAttributesAPIAsync
¶
ResourceAttributesAPIAsync(sift_client: SiftClient)
Bases: ResourceBase
High-level API for resource attributes.
Resource attributes describe the Sift objects an access decision applies to. A resource is the "what" in an access decision.
Create or fetch an attribute key, define enum values when the key uses them, then
assign a value to resources. For currently supported resource types, you can pass
existing Asset, Channel, and Run objects or their IDs directly.
Initialize the ResourceAttributesAPI.
| PARAMETER | DESCRIPTION |
|---|---|
sift_client
|
The Sift client to use.
TYPE:
|
| METHOD | DESCRIPTION |
|---|---|
get_key |
Get a resource attribute key by ID. |
list_keys |
List resource attribute keys with optional filtering. |
find_key |
Find a single key matching the query. Raises if more than one matches. |
create_key |
Create a resource attribute key. |
get_or_create_key |
Get a key by display name, creating it if it does not exist. |
update_key |
Update a key. |
archive_key |
Archive a key. Cascades to its enum values and assignments. |
unarchive_key |
Unarchive a key. Does not restore its cascaded enum values or assignments. |
check_key_archive_impact |
Return the number of active assignments archiving this key would affect. |
create_enum_value |
Create a single enum value for a key. |
list_enum_values |
List the enum values defined for a key. |
get_or_create_enum_values |
Get enum values for a key by name, creating any that don't exist. |
archive_enum_value |
Archive an enum value, migrating existing assignments to a replacement. |
unarchive_enum_value |
Unarchive an enum value. |
assign |
Assign a key's value to resources. |
get_assignment |
Get a single assignment by ID. |
list_assignments |
List resource attribute assignments. |
archive_assignments |
Batch archive assignments. |
unarchive_assignments |
Batch unarchive assignments. |
| ATTRIBUTE | DESCRIPTION |
|---|---|
client |
TYPE:
|
grpc_client |
TYPE:
|
rest_client |
TYPE:
|
list_keys
async
¶
list_keys(
*,
name: str | None = None,
names: list[str] | None = None,
name_contains: str | None = None,
name_regex: str | Pattern | None = None,
value_type: ResourceAttributeValueType | None = None,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[ResourceAttributeKey]
List resource attribute keys with optional filtering.
| PARAMETER | DESCRIPTION |
|---|---|
name
|
Exact display name of the key.
TYPE:
|
names
|
Display names to filter by.
TYPE:
|
name_contains
|
Substring match on the display name.
TYPE:
|
name_regex
|
Regex match on the display name.
TYPE:
|
value_type
|
Filter to keys of this value type.
TYPE:
|
include_archived
|
If True, include archived keys.
TYPE:
|
filter_query
|
Explicit CEL query.
TYPE:
|
order_by
|
Field and direction to order by.
TYPE:
|
limit
|
Maximum number of keys to return.
TYPE:
|
page_size
|
Results to fetch per request.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
list[ResourceAttributeKey]
|
The matching keys. |
find_key
async
¶
find_key(**kwargs) -> ResourceAttributeKey | None
Find a single key matching the query. Raises if more than one matches.
create_key
async
¶
create_key(
display_name: str,
value_type: ResourceAttributeValueType,
*,
description: str = "",
) -> ResourceAttributeKey
Create a resource attribute key.
| PARAMETER | DESCRIPTION |
|---|---|
display_name
|
The human-readable name of the key.
TYPE:
|
value_type
|
The value type of the key. |
description
|
Optional description.
TYPE:
|
| RETURNS | DESCRIPTION |
|---|---|
ResourceAttributeKey
|
The created key. |
get_or_create_key
async
¶
get_or_create_key(
display_name: str,
value_type: ResourceAttributeValueType,
*,
description: str = "",
) -> ResourceAttributeKey
Get a key by display name, creating it if it does not exist.
Note
Display names are not guaranteed unique. If multiple keys share the display name, the first active match is returned.
update_key
async
¶
update_key(
key: str | ResourceAttributeKey,
update: ResourceAttributeKeyUpdate | dict,
) -> ResourceAttributeKey
Update a key.
| PARAMETER | DESCRIPTION |
|---|---|
key
|
The key or key ID to update.
TYPE:
|
update
|
Updates to apply to the key.
TYPE:
|
archive_key
async
¶
archive_key(
key: str | ResourceAttributeKey,
) -> ResourceAttributeKey
Archive a key. Cascades to its enum values and assignments.
unarchive_key
async
¶
unarchive_key(
key: str | ResourceAttributeKey,
) -> ResourceAttributeKey
Unarchive a key. Does not restore its cascaded enum values or assignments.
check_key_archive_impact
async
¶
check_key_archive_impact(
key: str | ResourceAttributeKey,
) -> int
Return the number of active assignments archiving this key would affect.
create_enum_value
async
¶
create_enum_value(
key: str | ResourceAttributeKey,
display_name: str,
*,
description: str = "",
) -> ResourceAttributeEnumValue
Create a single enum value for a key.
list_enum_values
async
¶
list_enum_values(
key: str | ResourceAttributeKey,
*,
name: str | None = None,
names: list[str] | None = None,
name_contains: str | None = None,
name_regex: str | Pattern | None = None,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[ResourceAttributeEnumValue]
List the enum values defined for a key.
get_or_create_enum_values
async
¶
get_or_create_enum_values(
key: str | ResourceAttributeKey, names: list[str]
) -> list[ResourceAttributeEnumValue]
Get enum values for a key by name, creating any that don't exist.
Returns the values in the same order as names.
archive_enum_value
async
¶
archive_enum_value(
enum_value: str | ResourceAttributeEnumValue,
*,
replacement: str
| ResourceAttributeEnumValue
| None = None,
) -> int
Archive an enum value, migrating existing assignments to a replacement.
Returns the number of assignments migrated.
unarchive_enum_value
async
¶
unarchive_enum_value(
enum_value: str | ResourceAttributeEnumValue,
) -> ResourceAttributeEnumValue
Unarchive an enum value.
assign
async
¶
assign(
key: str | ResourceAttributeKey,
resources: list[
ResourceAttributeEntity
| Asset
| Channel
| Run
| str
],
*,
value: ResourceAttributeValueLike,
) -> list[ResourceAttributeAssignment]
Assign a key's value to resources.
| PARAMETER | DESCRIPTION |
|---|---|
key
|
The key or key ID to assign. Its
TYPE:
|
resources
|
Resources to assign to. For currently supported resource types, pass
TYPE:
|
value
|
For |
| RETURNS | DESCRIPTION |
|---|---|
list[ResourceAttributeAssignment]
|
The created assignments. |
get_assignment
async
¶
get_assignment(
*, assignment_id: str
) -> ResourceAttributeAssignment
Get a single assignment by ID.
list_assignments
async
¶
list_assignments(
*,
key: str | ResourceAttributeKey | None = None,
resource: ResourceAttributeEntity
| Asset
| Channel
| Run
| str
| None = None,
include_archived: bool = False,
filter_query: str | None = None,
order_by: str | None = None,
limit: int | None = None,
page_size: int | None = None,
) -> list[ResourceAttributeAssignment]
List resource attribute assignments.
| PARAMETER | DESCRIPTION |
|---|---|
key
|
Filter to assignments of this key.
TYPE:
|
resource
|
Filter to assignments on this resource. When set, other filters are ignored.
Pass a resource object, resource ID, or
TYPE:
|
include_archived
|
If True, include archived assignments.
TYPE:
|
filter_query
|
Explicit CEL query.
TYPE:
|
order_by
|
Field and direction to order by.
TYPE:
|
limit
|
Maximum number of assignments to return.
TYPE:
|
page_size
|
Results to fetch per request.
TYPE:
|
archive_assignments
async
¶
archive_assignments(
assignments: list[str | ResourceAttributeAssignment],
) -> None
Batch archive assignments.
unarchive_assignments
async
¶
unarchive_assignments(
assignments: list[str | ResourceAttributeAssignment],
) -> None
Batch unarchive assignments.