`antimatter.session_mixins`#

Subpackages#

Submodules#

Package Contents#

Classes#

`CapabilityMixin`	Session mixin defining CRUD functionality for capabilities.
`CapsuleMixin`	Session mixin defining CRUD functionality for capsules and tags.
`DomainMixin`	Session mixin defining CRUD functionality for domains, including peering.
`EncryptionMixin`	Session mixin defining CRUD functionality for encryption functionality.
`FactMixin`	Session mixin defining CRUD functionality for facts and fact types.
`GeneralMixin`	Session mixin defining CRUD functionality for other general functionality.
`IdentityProviderMixin`	Session mixin defining identity provider CRUD functionality.
`PolicyRuleMixin`	Session mixin defining policy rule CRUD functionality.
`ReadContextMixin`	Session mixin defining CRUD functionality for read contexts.
`WriteContextMixin`	Session mixin defining CRUD functionality for write contexts.
`VerificationMixin`	Session mixin defining CRUD functionality for verification actions.
`RootEncryptionKeyMixin`	Session mixin defining CRUD functionality for root encryption keys
`StarredDomainMixin`
`DataPolicyMixin`	Data policy mixin defining CRUD functionality for data policies

class antimatter.session_mixins.CapabilityMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for capabilities.

list_capabilities() → List[antimatter_api.CapabilityDefinition]#

Get the capabilities for the session’s domain.

Returns:: A list of capabilities.

get_capability(name: str) → antimatter_api.CapabilityDefinition#

Get a specific capability for the session’s domain.

Parameters:: name – The name for this capability, like “admin”
Returns:: The details of the capability.

put_capability(name: str, summary: str, description: str | None = None, unary: bool = True, create_only: bool = False) → None#

Create or update a capability. A capability is attached to authenticated domain identities by an identity provider, and confers additional permissions upon the identity. This is done by writing domain policy rules that reference the capability.

Parameters:

name – The name for this capability, like “admin”
summary – A short, single sentence description of this capability
description – An optional longer form description of this capability
unary – A unary capability does not have a value
create_only – If True, an error will be returned if a capability with the name already exists

delete_capability(name: str) → None#

Delete a capability.

Parameters:: name – The name of the capability, like “admin”

class antimatter.session_mixins.CapsuleMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for capsules and tags.

Returns an iterator over the capsules available for the current domain and auth

Parameters:

start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set. This should be a timezone-aware datetime, or else will be treated as the system timezone
end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time. This should be a timezone-aware datetime, or else will be treated as the system timezone
duration – The query time range duration. This can be a timedelta or a string such as ‘2h’. When using duration, by default the query time range ends ‘now’, unless one of start_date or end_date is specified. If both start_date and end_date are specified, duration is ignored. If using a string value, valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”, “d”, “mo”, “y”. These can be grouped together, such as 1h5m30s.
span_tag – The span tag you would like to filter on. This accepts a tag key only and will return all span tag key results matching the provided tag key. If not specified, this field is ignored.
sort_on – The capsule field you would like to sort on. This accepts the field only and will return results ordered on the provided field. If not specified, this field is ignored.
ascending – This defines whether a sorted result should be order ascending. This accepts a boolean value and when true will work in combination with the sort_on and start_after parameters to return values in ascending order. If not specified, this field is ignored and treated as false.

get_capsule_info(capsule_id: str) → antimatter_api.CapsuleInfo#

Get the summary information about the capsule.

Parameters:: capsule_id – The identifier for the capsule
Returns:: The summary information about the capsule

upsert_capsule_tags(capsule_id: str, tags: List[antimatter.tags.CapsuleTag]) → None#

Upsert the capsule-level tags to apply to a capsule.

Parameters:

capsule_id – The capsule to apply tags to
tags – The tags to apply to the capsule

delete_capsule_tags(capsule_id: str, tag_names: List[str]) → None#

Delete capsule-level tags

Parameters:

capsule_id – The capsule to delete tags from
tag_names – The names of the tags to delete

class antimatter.session_mixins.DomainMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for domains, including peering.

new_peer_domain(import_alias_for_child: str, display_name_for_child: str, nicknames: List[str] | None = None, import_alias_for_parent: str | None = None, display_name_for_parent: str | None = None, link_all: bool = True, link_identity_providers: bool = None, link_facts: bool = None, link_read_contexts: bool = None, link_write_contexts: bool = None, link_capabilities: bool = None, link_domain_policy: bool = None, link_root_encryption_keys: bool = None, link_capsule_access_log: bool = None, link_control_log: bool = None, link_capsule_manifest: bool = None) → antimatter_api.NewDomainResponse#

Creates a new peer domain

Parameters:

import_alias_for_child – The import alias for the child domain
display_name_for_child – The display name for the child domain
nicknames – The nicknames for the child domain
import_alias_for_parent – The import alias for the parent domain
display_name_for_parent – The display name for the parent domain
link_all – Whether to link all capabilities
link_identity_providers – Whether to link identity providers
link_facts – Whether to link facts
link_read_contexts – Whether to link read contexts
link_write_contexts – Whether to link write contexts
link_capabilities – Whether to link capabilities
link_domain_policy – Whether to link domain policy
link_root_encryption_keys – Whether to link root encryption keys
link_capsule_access_log – Whether to link capsule access log
link_control_log – Whether to link control log
link_capsule_manifest – Whether to link capsule manifest

Returns:

The new peer domain

get_peer(nickname: str | None = None, alias: str | None = None) → str#

Retrieve the domain ID of a domain that is configured as a peer of this session’s domain by using either its alias or one of its nicknames.

Parameters:

nickname – The nickname for the peer domain
alias – One of the aliases of the peer domain

Returns:

The domain ID

list_peers() → List[antimatter_api.DomainPeerListPeersInner]#

Return a list of the peers of this session’s domain.

Returns:: The peer list, containing IDs and other information about the domains

get_peer_config(peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None) → antimatter_api.DomainPeerConfig#

Get a peer configuration using one of the peer’s domain ID, nickname, or alias.

Parameters:

peer_domain_id – The domain ID of the peer
nickname – The nickname for the peer domain
alias – One of the aliases of the peer domain

Returns:

The full peer configuration

update_peer(display_name: str, peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None, export_identity_providers: List[str] | None = None, export_all_identity_providers: bool | None = None, export_facts: List[str] | None = None, export_all_facts: bool | None = None, export_read_contexts: List[str] | None = None, export_all_read_contexts: bool | None = None, export_write_contexts: List[str] | None = None, export_all_write_contexts: bool | None = None, export_capabilities: List[str] | None = None, export_all_capabilities: bool | None = None, export_domain_policy: bool | None = None, export_root_encryption_keys: bool | None = None, export_capsule_access_log: bool | None = None, export_control_log: bool | None = None, export_capsule_manifest: bool | None = None, export_billing: bool | None = None, export_admin_contact: bool | None = None, export_data_policies: str | None = None, export_all_data_policies: bool | None = None, nicknames: List[str] | None = None, import_alias: str | None = None, forward_billing: bool | None = None, forward_admin_communications: bool | None = None, import_identity_providers: List[str] | None = None, import_all_identity_providers: bool | None = None, import_facts: List[str] | None = None, import_all_facts: bool | None = None, import_read_contexts: List[str] | None = None, import_all_read_contexts: bool | None = None, import_write_contexts: List[str] | None = None, import_all_write_contexts: bool | None = None, import_capabilities: List[str] | None = None, import_all_capabilities: bool | None = None, import_domain_policy: bool | None = None, import_root_encryption_keys: bool | None = None, import_precedence: int | None = None, import_capsule_access_log: bool | None = None, import_control_log: bool | None = None, import_capsule_manifest: bool | None = None, import_data_policies: str | None = None, import_all_data_policies: bool | None = None) → None#

Create or update the configuration for this peer using one of the peer’s domain ID, nickname, or alias. Please note, if the configuration already exists, it is updated to reflect the values in the request. This will include setting the fields to their default value if not supplied.

Parameters:

display_name – The display name for the peer domain
peer_domain_id – The domain ID of the peer
nickname – The nickname for the peer domain
alias – One of the aliases of the peer domain
export_identity_providers – The identity providers to export
export_all_identity_providers – Whether to export all identity providers
export_facts – The facts to export
export_all_facts – Whether to export all facts
export_read_contexts – The read contexts to export
export_all_read_contexts – Whether to export all read contexts
export_write_contexts – The write contexts to export
export_all_write_contexts – Whether to export all write contexts
export_capabilities – The capabilities to export
export_all_capabilities – Whether to export all capabilities
export_domain_policy – Whether to export the domain policy
export_root_encryption_keys – Whether to export the root encryption keys
export_capsule_access_log – Whether to export the capsule access log
export_control_log – Whether to export the control log
export_capsule_manifest – Whether to export the capsule manifest
export_billing – Whether to export billing information
export_admin_contact – Whether to export the admin contact
nicknames – The nicknames for the peer domain
import_alias – The import alias for the peer domain
forward_billing – Whether to forward billing information
forward_admin_communications – Whether to forward admin communications
import_identity_providers – The identity providers to import
import_all_identity_providers – Whether to import all identity providers
import_facts – The facts to import
import_all_facts – Whether to import all facts
import_read_contexts – The read contexts to import
import_all_read_contexts – Whether to import all read contexts
import_write_contexts – The write contexts to import
import_all_write_contexts – Whether to import all write contexts
import_capabilities – The capabilities to import
import_all_capabilities – Whether to import all capabilities
import_domain_policy – Whether to import the domain policy
import_root_encryption_keys – Whether to import the root encryption keys
import_precedence – The precedence of the import
import_capsule_access_log – Whether to import the capsule access log
import_control_log – Whether to import the control log
import_capsule_manifest – Whether to import the capsule manifest

delete_peer(peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None) → None#

Remove the peering relationship with the given domain, using one of the peer’s domain ID, nickname, or alias.

Parameters:

peer_domain_id – The domain ID of the peer
nickname – The nickname for the peer domain
alias – One of the aliases of the peer domain

get_top_tags() → List[str]#: Get domain tag info returns a list containing the top 100 tag names for the current session’s domain.

class antimatter.session_mixins.EncryptionMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for encryption functionality.

flush_encryption_keys()#: Flush all keys in memory. The keys will be immediately reloaded from persistent storage, forcing a check that the domain’s root key is still available

class antimatter.session_mixins.FactMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for facts and fact types.

list_fact_types() → List[antimatter_api.FactTypeDefinition]#: Returns a list of fact types available for the current domain and auth

list_facts(fact_type: str) → List[antimatter_api.Fact]#: Returns a list of facts for the given fact type

add_fact_type(name: str, description: str, arguments: Dict[str, str]) → None#

Upserts a fact type for the current domain and auth

Parameters:

name – The “type name” for this fact, like “has_role”
description – The human-readable description of the fact type
arguments – Name:description argument pairs for the fact type

add_fact(fact_type: str, *arguments: str) → antimatter_api.Fact#

Upserts a fact for the current domain and auth

Parameters:

fact_type – The name of the type of fact being added
arguments – The fact arguments to add

Returns:

The upserted fact

get_fact_type(fact_type: str) → antimatter_api.FactTypeDefinition#

Get the fact type details for the given fact type

Parameters:: fact_type – The “type name” for this fact, like “has_role”
Returns:: The fact type details

get_fact(fact_type: str, fact_id: str) → antimatter_api.Fact#

Returns the fact details for the given fact type and name

Parameters:

fact_type – The “type name” for this fact, like “has_role”
fact_id – The ID for the fact to be retrieved

Returns:

The fact details

delete_fact_type(fact_type: str) → None#

Delete a fact type AND ALL FACTS INSIDE IT.

Parameters:: fact_type – The “type name” for this fact, like “has_role”

delete_fact(fact_type: str, *arguments: str, fact_id: str | None = None) → None#

Delete a fact by ID or argument. One of ‘fact_id’ or ‘arguments’ must be provided. If ‘fact_id’ is provided, it will be used solely. If arguments are provided, each must fully match the name and/or arguments of the fact for it to be deleted.

Parameters:

fact_type – The “type name” for this fact, like “has_role”
fact_id – The ID for the fact to be deleted
arguments – The arguments for the fact to be deleted

delete_all_facts(fact_type: str) → None#

Delete all the facts for the given fact type.

Parameters:: fact_type – The “type name” for this fact, like “has_role”

class antimatter.session_mixins.GeneralMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for other general functionality.

get_private_info() → antimatter_api.DomainPrivateInfo#

Returns a Domain’s summary information.

Returns:: The private summary info for a domain

get_public_info() → antimatter_api.DomainPublicInfo#

Returns a Domain’s summary information. This endpoint does not require authorization

Returns:: The public summary info for a domain

get_settings() → antimatter_api.DomainSettings#: Return the domain settings.

put_settings(settings: antimatter.builders.settings_put.SettingsPutBuilder) → antimatter_api.DomainSettings#

Updates the domain settings with the provided settings.

Parameters:: settings – The domain settings to be updated.
Returns:: The domain settings after applying the proposed updates

get_status() → antimatter_api.DomainStatus#: Return the domain status, which contains important notifications for administrators of the domain.

list_hooks() → List[antimatter_api.DomainHooksListHooksInner]#: Return a list of available hooks in this domain. A hook is a data processor, like a PII classifier

list_resources() → List[antimatter_api.DomainResourceSummarySchemaInner]#: Return a list of resource strings that can be used in policy rules, and the set of permissions that you can assign to them.

Query the data access log for this domain. This contains all operations interacting with capsules within this domain. An iterator is returned over the results in reverse chronological order.

Parameters:

start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set. This should be a timezone-aware datetime, or else will be treated as the system timezone
end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time. This should be a timezone-aware datetime, or else will be treated as the system timezone
duration – The query time range duration. This can be a timedelta or a string such as ‘2h’. When using duration, by default the query time range ends ‘now’, unless one of start_date or end_date is specified. If both start_date and end_date are specified, duration is ignored. If using a string value, valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”, “d”, “mo”, “y”. These can be grouped together, such as 1h5m30s
session – The session you would like to filter on. This will return results for only the provided session. If not specified, this field is ignored
location – The location you would like to filter on. This is a matched filter and will return results starting with the provided string. If not specified, this field is ignored
location_prefixed – A boolean indicator to indicate that the location you provided is a prefix or not. If this is set to true, then the filter provided in location is treated as a prefix. If not specified, this is treated as false
operation_type – The operation you would like to filter on. This will filter on the provided operation type and return all results using the provided operation type. If not specified, this field is ignored
allowed_tag – The allow tag key you would like to filter on. This accepts tag key only and will return all allowed tag results matching the provided tag key. If not specified, this field is ignored
redacted_or_tokenized_tag – The redacted or tokenized tag key you would like to filter on. This accepts a tag key only and will return all redacted and tokenized tag key results matching the provided tag key. If not specified, this field is ignored
capsule_id – The ID for a specific capsule. Use this to limit results to a single capsule

Returns:

An iterator over the access logs matching the filters

Query the domain control-plane audit log. An iterator is returned over the results in reverse chronological order.

Parameters:

start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set. This should be a timezone-aware datetime, or else will be treated as the system timezone
end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time. This should be a timezone-aware datetime, or else will be treated as the system timezone
duration – The query time range duration. This can be a timedelta or a string such as ‘2h’. When using duration, by default the query time range ends ‘now’, unless one of start_date or end_date is specified. If both start_date and end_date are specified, duration is ignored. If using a string value, valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”, “d”, “mo”, “y”. These can be grouped together, such as 1h5m30s
session – The session you would like to filter on. This will return results for only the provided session. If not specified, this field is ignored
url – The URL you would like to filter on. This is a prefix matched filter and will return results starting with the provided string. If not specified, this field is ignored
description – The description you would like to filter on. This is an in matched filter and will return results that contain the provided string. If not specified, this field is ignored

Returns:

An iterator over the control logs matching the filters

class antimatter.session_mixins.IdentityProviderMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining identity provider CRUD functionality.

upsert_identity_provider(provider_name: str, provider_type: str | antimatter.constants.identity_provider.ProviderType = ProviderType.ApiKey, client_id: str | None = None) → antimatter_api.DomainIdentityProviderInfo#

Create or update an identity provider.

Parameters:

provider_name – The name of a new or existing identity provider
provider_type – The provider type for identity management
client_id – If the provider type is ‘GoogleOAuth’ or ‘MicrosoftOAuth’, a client ID must be provided

Returns:

The identity provider summary

insert_identity_provider_principal(provider_name: str, capabilities: List[str | Dict[str, Any]], principal_type: str | antimatter.constants.identity_provider.PrincipalType, principal_value: str | None = None, comment: str | None = None) → antimatter_api.DomainInsertIdentityProviderPrincipal200Response#

Creates a new principal for the provider. Note that the provider_name must refer to an existing identity provider. The principal_value is optional if the type is APIKey.

Parameters:

provider_name – The name of an existing identity provider
capabilities – The capabilities to attach to the principal. These can be in one of the following forms: - A list of unary capabilities, like [‘admin’, ‘read_only’] - A list of key-value pairs, like [“admin=True”, “read_only=False”] - A list of dictionaries, like [{“admin”: “True”}, {“read_only”: “False”}] - A list of dictionaries as a name/value pair, like [{“name”: “admin”, “value”: “True”}, {“name”: “read_only”, “value”: “False”}] - Any combination of the above
principal_type – The type of principal to create. One of ‘APIKey’, ‘Email’, or ‘HostedDomain’
principal_value – The appropriate identifying value for the principal, depending on type
comment – An optional comment for the identity provider principal

Returns:

The ID of the inserted principal and any additional metadata

update_identity_provider_principal(provider_name: str, principal_id: str, capabilities: List[str | Dict[str, Any]]) → None#

Update the capabilities for an identity provider principal.

Parameters:

provider_name – The name of an existing identity provider
principal_id – The ID of the principal
capabilities – The capabilities to attach to the principal. These can be in one of the following forms: - A list of unary capabilities, like [‘admin’, ‘read_only’] - A list of key-value pairs, like [“admin=True”, “read_only=False”] - A list of dictionaries, like [{“admin”: “True”}, {“read_only”: “False”}] - A list of dictionaries as a name/value pair, like [{“name”: “admin”, “value”: “True”}, {“name”: “read_only”, “value”: “False”}] - Any combination of the above

get_identity_provider(provider_name: str) → antimatter_api.DomainIdentityProviderInfo#

Retrieve detailed information and configuration of an identity provider

Parameters:: provider_name – The name of an existing identity provider
Returns:: The identity provider details

list_identity_providers() → List[antimatter_api.DomainIdentityProviderInfo]#: Retrieve the domain’s identity providers and a brief overview of their configuration.

get_identity_provider_principal(provider_name: str, principal_id: str | None = None) → List[antimatter_api.PrincipalSummary] | antimatter_api.PrincipalSummary#

Get either a summary of all the principals for an identity provider, or detailed information about a single principal if a principal_id is provided

Parameters:

provider_name – The name of an existing identity provider
principal_id – The ID of the principal; None to get all principals

Returns:

The principal information

delete_identity_provider(provider_name: str) → None#

Delete an identity provider. All domain tokens created using this identity provider will be invalidated. Take care not to remove the identity provider that is providing you admin access to your domain, as you may lock yourself out.

Parameters:: provider_name – The name of the identity provider to fully delete

delete_identity_provider_principal(provider_name: str, principal_id: str) → None#

Delete an identity provider principal.

Parameters:

provider_name – The name of the identity provider to delete a principal from
principal_id – The ID of the principal to delete

class antimatter.session_mixins.PolicyRuleMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining policy rule CRUD functionality.

create_policy_rule(capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int = 0, facts: antimatter.builders.fact_policy.FactPoliciesBuilder | None = None, disabled: bool = False) → antimatter_api.DomainPolicyRule#

Create a policy rule for the domain.

Parameters:

capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together
facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.
path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)
operation – The operation to apply the policy to
result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule
priority – The priority of this rule. Lower priority rules are evaluated first
disabled – If this rule is disabled or not

Returns:

A dictionary containing the created rule from the server

delete_policy_rule(rule_id: str) → None#

Delete a domain policy rule on the session’s domain.

Parameters:: rule_id – Identifier of the policy rule to delete

list_policy_rules() → List[antimatter_api.DomainPolicyRule]#

Get the domain’s policy rules.

Returns:: A list of policy rules.

update_policy_rule(rule_id: str, capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, facts: antimatter.builders.fact_policy.FactPoliciesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, disabled: bool = False) → None#

Update a domain policy rule by ID.

Parameters:

rule_id – The ID of the rule to update
capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together
facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.
path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)
operation – The operation to apply the policy to
result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule
priority – The priority of this rule. Lower priority rules are evaluated first
disabled – If this rule is disabled or not

renumber_policy_rules() → List[antimatter_api.DomainPolicyRule]#

Re-assign rule priority numbers for the session’s domain to integer multiples of 10

Returns:: The full list of renumbered policy rules in this domain

class antimatter.session_mixins.ReadContextMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for read contexts.

add_read_context(name: str, builder: antimatter.builders.ReadContextBuilder) → None#

Upserts a read context for the current domain and auth

Parameters:

name – The name of the read context to add or update
builder – The builder containing read context configuration

list_read_context() → List[antimatter_api.ReadContextShortDetails]#: Returns a list of read contexts available for the current domain and auth

describe_read_context(name: str) → antimatter_api.ReadContextDetails#

Returns the read context with the given name for the current domain and auth

Parameters:: name – The name of the read context to describe
Returns:: The full details of the read context

delete_read_context(name: str) → None#

Delete a read context. All configuration associated with this read context will also be deleted. Domain policy rules referencing this read context will be left as-is.

Parameters:: name – The name of the read context to delete

class antimatter.session_mixins.WriteContextMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for write contexts.

add_write_context(name: str, builder: antimatter.builders.WriteContextBuilder) → None#

Upserts a write context for the current domain and auth

Parameters:

name – The name of the write context to add or update
builder – The builder containing write context configuration

list_write_context() → List[antimatter_api.WriteContextDetails]#: Returns a list of write contexts available for the current domain and auth

describe_write_context(name: str) → antimatter_api.WriteContextDetails#

Returns the write context with the given name for the current domain and auth

Parameters:: name – The name of the write context to describe
Returns:: The full details of the write context

upsert_write_context_configuration(name: str, builder: antimatter.builders.WriteContextConfigurationBuilder) → None#

Update a write context configuration. The write context must already exist.

Parameters:

name – The name of the write context to update the configuration for
builder – The builder containing write context configuration

delete_write_context(name: str) → None#

Delete a write context. All configuration associated with this write context will also be deleted. Domain policy rules referencing this write context will be left as-is.

Parameters:: name – The name of the write context to delete

list_write_context_classifier_rules(context_name: str) → List[antimatter_api.ClassifierRule]#

List all regex rules for the write context.

Parameters:: context_name – The name of the write context
Returns:: The list of rules

insert_write_context_classifier_rule(context_name: str, comment: str | None = None, span_tags: List[str] = [], capsule_tags: List[str] = [], llm_model: str | None = None, llm_prompt: str | None = None, regex_pattern: str | None = None, regex_match_on_key: bool | None = None) → str#

Insert a classifier rule for the context.

Parameters:

context_name – The name of the write context
comment – The comment for the classifier rule
span_tags – The span tags for the classifier rule
capsule_tags – The capsule tags for the classifier rule Span tags and capsule tags can be of the form: - A list of unary tags, like [‘tag.antimatter.io/pii/email’, ‘tag.antimatter.io/pii/name’] - A list of key-value pairs, like [“tag.antimatter.io/pii/date=24/12/2021”, “tag.antimatter.io/pii/credit_card=1234”] - A list of dictionaries, like [{“tag.antimatter.io/pii/email”: “”}, {“tag.antimatter.io/pii/date”: “24/12/2021”}] - A list of dictionaries as a name/value pair, like [{“name”: “tag.antimatter.io/pii/email”, “value”: “”}, {“name”: “tag.antimatter.io/pii/date”, “value”: “24/12/2021”}] - Any combination of the above
llm_model – The LLM model for the classifier rule. One of: ‘openai’, ‘bedrock’ One of the following must be provided: llm classifier rules or regex classifier rules
llm_prompt – The LLM prompt for the classifier rule
regex_pattern – A regex pattern for the classifier rule One of the following must be provided: llm classifier rules or regex classifier rules
regex_match_on_key – A regex match on key for the classifier rule

delete_write_context_classifier_rule(context_name: str, rule_id: str) → None#

Delete a regex classifier rule for the context.

Parameters:

context_name – The name of the write context
rule_id – The ID of the rule to delete

delete_write_context_classifier_rules(context_name: str) → None#

Delete the regex classifier rules for the context.

Parameters:: context_name – The name of the write context

class antimatter.session_mixins.VerificationMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for verification actions.

resend_verification_email(email: str | None = None)#

Resend the verification email to the admin contact email. If the session was called with an email, that will be used if none is provided.

Parameters:: email – The email to resend the verification email for.

class antimatter.session_mixins.RootEncryptionKeyMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining CRUD functionality for root encryption keys

get_active_root_encryption_key() → antimatter_api.RootEncryptionKeyItem#

Get the active root encryption key

Returns:: The active root encryption key

list_root_encryption_keys() → List[antimatter_api.RootEncryptionKeyItem]#

List all root encryption keys

Returns:: A list of root encryption keys

test_root_encryption_key(root_encryption_key_id: str) → antimatter_api.RootEncryptionKeyTestResponse#

Attempt to test a root encryption key to encrypt and decrypt

Parameters:: key – The key to test
Returns:: The result of the test

add_root_encryption_key(key_infos: antimatter_api.KeyInfos, description: str = '') → str#

Add a new root encryption key. Use the builder functions in antimatter.builders.root_encryption_key to create the key information.

For example:

key_info = antimatter.builders.antimatter_delegated_aws_key_info(key_arn="key_arn")
key_id = session.add_root_encryption_key(key_info)

key_info = antimatter.builders.aws_service_account_key_info(
    access_key_id="access_key_id", secret_access_key
)
key_id = session.add_root_encryption_key(key_info)

key_info = antimatter.builders.gcp_service_account_key_info(
    service_account_credentials="service_account_credentials", project_id="project_id", location="location"
)
key_id = session.add_root_encryption_key(key_info)

Parameters:

key_infos – The key information to add
description – The description of the key

delete_root_encryption_key(root_encryption_key_id: str)#

Delete a root encryption key. Only possible if key is not in use by any data key encryption keys

Parameters:: key – The key to delete

set_active_root_encryption_key(root_encryption_key_id: str) → None#

Set the active root encryption key for the domain

Parameters:: key – The key to set as active

rotate_encryption_keys() → None#: Rotates the root encryption keys. This is a batched operation and if ‘True’ is returned, this indicates whether there are more key encryption keys that can be rotated.

list_key_providers() → List[antimatter_api.AvailableDelegatedRootEncryptionKeyProvider | antimatter_api.AvailableServiceAccountRootEncryptionKeyProvider]#: Retrieve the domain’s key providers and a brief overview of their configuration.

class antimatter.session_mixins.StarredDomainMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

list_starred_domains() → List[str]#: Returns a list of starred domains for the current user

add_starred_domain(domain_id: str) → None#: Adds a domain to the starred list for the current user

delete_starred_domain(domain_id: str) → None#: Removes a domain from the starred list for the current user

class antimatter.session_mixins.DataPolicyMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Data policy mixin defining CRUD functionality for data policies

list_data_policies() → List[antimatter_api.DataPolicy]#

Returns a list of data policies available for the current domain and auth

Returns:: A list of data policies

create_data_policy(name: str, description: str) → antimatter_api.DomainCreateDataPolicy200Response#

Create a new data policy for the current domain and auth

Parameters:

name – The name for this data policy
description – The human-readable description of the data policy

describe_data_policy(policy_id: str) → antimatter_api.ExtendedDataPolicy#

Describe a data policy by ID

Parameters:: policy_id – The ID of the data policy
Returns:: The data policy details

update_data_policy(policy_id: str, name: str, description: str) → None#

Update a data policy by ID

Parameters:

policy_id – The ID of the data policy
name – The name for this data policy
description – The human-readable description of the data policy

delete_data_policy(policy_id: str) → None#

Delete a data policy by ID

Parameters:: policy_id – The ID of the data policy

renumber_data_policy_rules(policy_id: str) → None#

Renumber the rules of a data policy by ID

Parameters:: policy_id – The ID of the data policy

update_data_policy_rules(policy_id: str, rules: antimatter.builders.data_policy.DataPolicyRuleChangesBuilder) → antimatter_api.DataPolicyRuleChangeResponse#

Update a rule of a data policy by ID

Parameters:

policy_id – The ID of the data policy
rules – The rules to apply to the data policy, constructed using the DataPolicyRuleChangesBuilder

describe_data_policy_rule(policy_id: str, rule_id: str) → antimatter_api.DataPolicyRule#

Describe a rule of a data policy by ID

Parameters:

policy_id – The ID of the data policy
rule_id – The ID of the rule to describe

Returns:

The data policy rule details for the given policy and rule

update_data_policy_rule(policy_id: str, rule_id: str, rules: antimatter.builders.data_policy.NewDataPolicyRuleBuilder) → None#

Update a rule of a data policy by ID

Parameters:

policy_id – The ID of the data policy
rule_id – The ID of the rule to update
rules – The rules to apply to the data policy, constructed using the NewDataPolicyRuleBuilder

delete_data_policy_rule(policy_id: str, rule_id: str) → None#

Delete a rule of a data policy by ID

Parameters:

policy_id – The ID of the data policy
rule_id – The ID of the rule to delete

describe_data_policy_binding(policy_id: str, binding_id: str) → antimatter_api.DataPolicyBindingInfo#

Describe a binding of a data policy by ID

Parameters:

policy_id – The ID of the data policy
binding_id – The ID of the binding to describe

Returns:

The data policy binding details for the given policy and binding ID

set_data_policy_binding(policy_id: str, default_attachment: antimatter.builders.data_policy.Attachment, read_contexts: List[Tuple[str, antimatter.builders.data_policy.Attachment]]) → None#

Set a binding of a data policy by ID

Parameters:

policy_id – The ID of the data policy
default_attachment – The default attachment for the data policy

antimatter.session_mixins#

Subpackages#

Submodules#

Package Contents#

Classes#

`antimatter.session_mixins`#