Administrative operations#

This notebook showcases the usage of admin operations provided by the library. These operations typically involve tasks related to managing the library environment, such as setting up configurations, managing dependencies, and performing administrative tasks.

[ ]:

!pip install antimatter

[2]:

import os
from antimatter import new_domain, Session
from antimatter.builders import *
from antimatter.datatype.datatypes import Datatype

Register a domain and create a read/write context#

[ ]:

# Either create a new domain or use an existing one
if True:
    sess = new_domain("[email protected]")
    print ("domain: %s" % (sess.domain_id))
    # print(f"sess = Session.from_api_key(domain_id='{sess.domain_id}', api_key='{sess.api_key}')")
else:
    sess = Session.from_api_key(domain_id='<domain_id>', api_key='<api_key>')

file_name = "/tmp/testdata.capsule"

List the write context#

[6]:

sess.list_write_context()

[6]:

[{'name': 'default',
  'summary': 'Default write context',
  'description': 'No classification of encapsulated data',
  'config': {'key_reuse_ttl': 0,
   'default_capsule_tags': [],
   'required_hooks': []},
  'imported': False,
  'source_domain_id': None,
  'source_domain_name': None},
 {'name': 'sensitive',
  'summary': 'Default write context (sensitive data)',
  'description': 'Classifies data using the fast-pii and data structure classifiers',
  'config': {'key_reuse_ttl': 0,
   'default_capsule_tags': [],
   'required_hooks': [{'hook': 'data-structure-classifier',
     'constraint': '>1.0.0',
     'mode': 'sync'},
    {'hook': 'fast-pii', 'constraint': '>1.0.0', 'mode': 'sync'}]},
  'imported': False,
  'source_domain_id': None,
  'source_domain_name': None}]

Describe the write context#

[7]:

sess.describe_write_context('default')

[7]:

{'name': 'default',
 'summary': 'Default write context',
 'description': 'No classification of encapsulated data',
 'config': {'key_reuse_ttl': 0,
  'default_capsule_tags': [],
  'required_hooks': []},
 'imported': False,
 'source_domain_id': None,
 'source_domain_name': None}

List the read context#

[8]:

sess.list_read_context()

[8]:

[{'name': 'default',
  'summary': 'Default read context',
  'description': 'The default read context',
  'disable_read_logging': False,
  'key_cache_ttl': 0,
  'read_parameters': [],
  'imported': False,
  'source_domain_id': None,
  'source_domain_name': None}]

Describe the read context#

[9]:

sess.describe_read_context('default')

[9]:

{'name': 'default',
 'summary': 'Default read context',
 'description': 'The default read context',
 'disable_read_logging': False,
 'key_cache_ttl': 0,
 'required_hooks': [],
 'read_parameters': [],
 'rules': [],
 'imported': False,
 'source_domain_id': None,
 'source_domain_name': None,
 'policy_assembly': None}

List the facts#

[10]:

sess.list_fact_types()

[10]:

[]

Add a fact type#

[11]:

sess.add_fact_type(
    "is_project_member",
    description="Team membership",
    arguments={"name": "name of the member", "project": "name of the project"},
)

[12]:

sess.add_fact(
    "is_project_member",
    "bazProject",
    "fooPerson",
)
sess.add_fact(
    "is_project_member",
    "bazProject",
    "fooPerson2",
)

[12]:

{'id': 'ft-kl5386pkxhy5gpp4',
 'name': 'is_project_member',
 'arguments': ['bazProject', 'fooPerson2']}

[13]:

sess.add_fact(
    "is_project_member",
    "bazProject2",
    "fooPerson3",
)
sess.add_fact(
    "is_project_member",
    "bazProject2",
    "fooPerson4",
)

[13]:

{'id': 'ft-ugy7vdynwlp5i5om',
 'name': 'is_project_member',
 'arguments': ['bazProject2', 'fooPerson4']}

[14]:

sess.get_fact_type('is_project_member')

[14]:

{'name': 'is_project_member',
 'description': 'Team membership',
 'arguments': [{'name': 'name', 'description': 'name of the member'},
  {'name': 'project', 'description': 'name of the project'}],
 'imported': False,
 'source_domain_id': None,
 'source_domain_name': None}

[15]:

facts = sess.list_facts('is_project_member')
facts

[15]:

[{'id': 'ft-77igdzdkngh5l5m0',
  'name': 'is_project_member',
  'arguments': ['bazProject', 'fooPerson']},
 {'id': 'ft-kl5386pkxhy5gpp4',
  'name': 'is_project_member',
  'arguments': ['bazProject', 'fooPerson2']},
 {'id': 'ft-ugy7vdynwlp5i5om',
  'name': 'is_project_member',
  'arguments': ['bazProject2', 'fooPerson4']},
 {'id': 'ft-urh8eg6tlyadf5x9',
  'name': 'is_project_member',
  'arguments': ['bazProject2', 'fooPerson3']}]

Get a fact from the id#

[16]:

sess.get_fact('is_project_member', facts[0]['id'])

[16]:

{'id': 'ft-77igdzdkngh5l5m0',
 'name': 'is_project_member',
 'arguments': ['bazProject', 'fooPerson']}

Add rules to the read context#

Add rules to the read context which redacts all the “tag.antimatter.io/pii/email_address” & the “tag.antimatter.io/pii/credit_card” tags

[17]:

rule_builder = ReadContextRuleBuilder().add_match_expression(
    source=Source.Tags,
    key="tag.antimatter.io/pii/email_address",
    operator=Operator.Exists
).set_action(Action.Redact).set_priority(10)
sess.add_read_context_rules("default", rule_builder=rule_builder)

[17]:

'rl-mlb4im3hgc7rn2lj'

[18]:

rule_builder = ReadContextRuleBuilder().add_match_expression(
    source=Source.Tags,
    key="tag.antimatter.io/pii/credit_card",
    operator=Operator.Exists
).set_action(Action.Redact).set_priority(20)
sess.add_read_context_rules("default", rule_builder=rule_builder)

[18]:

'rl-juwohiq677o6qpuz'

Describe the read context which should now show the updated rules#

[19]:

read_context = sess.describe_read_context("default")
read_context

[19]:

{'name': 'default',
 'summary': 'Default read context',
 'description': 'The default read context',
 'disable_read_logging': False,
 'key_cache_ttl': 0,
 'required_hooks': [],
 'read_parameters': [],
 'rules': [{'id': 'rl-mlb4im3hgc7rn2lj',
   'match_expressions': [{'source': 'tags',
     'key': 'tag.antimatter.io/pii/email_address',
     'operator': 'Exists',
     'values': None,
     'value': None}],
   'action': 'Redact',
   'token_scope': None,
   'token_format': None,
   'facts': [],
   'priority': 10,
   'imported': False,
   'source_domain_id': None,
   'source_domain_name': None},
  {'id': 'rl-juwohiq677o6qpuz',
   'match_expressions': [{'source': 'tags',
     'key': 'tag.antimatter.io/pii/credit_card',
     'operator': 'Exists',
     'values': None,
     'value': None}],
   'action': 'Redact',
   'token_scope': None,
   'token_format': None,
   'facts': [],
   'priority': 20,
   'imported': False,
   'source_domain_id': None,
   'source_domain_name': None}],
 'imported': False,
 'source_domain_id': None,
 'source_domain_name': None,
 'policy_assembly': None}

Delete the last rule created#

[20]:

sess.delete_read_context_rule("default", read_context['rules'][-1]['id'])

Describe the read context which should now show just the first rule#

[21]:

sess.describe_read_context("default")

[21]:

{'name': 'default',
 'summary': 'Default read context',
 'description': 'The default read context',
 'disable_read_logging': False,
 'key_cache_ttl': 0,
 'required_hooks': [],
 'read_parameters': [],
 'rules': [{'id': 'rl-mlb4im3hgc7rn2lj',
   'match_expressions': [{'source': 'tags',
     'key': 'tag.antimatter.io/pii/email_address',
     'operator': 'Exists',
     'values': None,
     'value': None}],
   'action': 'Redact',
   'token_scope': None,
   'token_format': None,
   'facts': [],
   'priority': 10,
   'imported': False,
   'source_domain_id': None,
   'source_domain_name': None}],
 'imported': False,
 'source_domain_id': None,
 'source_domain_name': None,
 'policy_assembly': None}