antimatter.session_mixins.policy_rule_mixin#

Module Contents#

Classes#

PolicyRuleMixin

Session mixin defining policy rule CRUD functionality.
class antimatter.session_mixins.policy_rule_mixin.PolicyRuleMixin(authz: antimatter.authz.Authorization, **kwargs)#

Bases: antimatter.session_mixins.base.BaseMixin

Session mixin defining policy rule CRUD functionality.

create_policy_rule(capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int = 0, facts: antimatter.builders.fact_policy.FactPoliciesBuilder | None = None, disabled: bool = False) antimatter_api.DomainPolicyRule#

Create a policy rule for the domain.

Parameters:

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

Returns:

A dictionary containing the created rule from the server

delete_policy_rule(rule_id: str) None#

Delete a domain policy rule on the session’s domain.

Parameters:

rule_id – Identifier of the policy rule to delete

list_policy_rules() List[antimatter_api.DomainPolicyRule]#

Get the domain’s policy rules.

Returns:

A list of policy rules.

update_policy_rule(rule_id: str, capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, facts: antimatter.builders.fact_policy.FactPoliciesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, disabled: bool = False) None#

Update a domain policy rule by ID.

Parameters:

  • rule_id – The ID of the rule to update

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

renumber_policy_rules() List[antimatter_api.DomainPolicyRule]#

Re-assign rule priority numbers for the session’s domain to integer multiples of 10

Returns:

The full list of renumbered policy rules in this domain