-
Notifications
You must be signed in to change notification settings - Fork 48
/
Copy pathrestriction_policies_api.py
230 lines (201 loc) · 9.01 KB
/
restriction_policies_api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
# Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License.
# This product includes software developed at Datadog (https://www.datadoghq.com/).
# Copyright 2019-Present Datadog, Inc.
from __future__ import annotations
from typing import Any, Dict, Union
from datadog_api_client.api_client import ApiClient, Endpoint as _Endpoint
from datadog_api_client.configuration import Configuration
from datadog_api_client.model_utils import (
UnsetType,
unset,
)
from datadog_api_client.v2.model.restriction_policy_response import RestrictionPolicyResponse
from datadog_api_client.v2.model.restriction_policy_update_request import RestrictionPolicyUpdateRequest
class RestrictionPoliciesApi:
"""
A restriction policy defines the access control rules for a resource, mapping a set of relations
(such as editor and viewer) to a set of allowed principals (such as roles, teams, or users).
The restriction policy determines who is authorized to perform what actions on the resource.
"""
def __init__(self, api_client=None):
if api_client is None:
api_client = ApiClient(Configuration())
self.api_client = api_client
self._delete_restriction_policy_endpoint = _Endpoint(
settings={
"response_type": None,
"auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
"endpoint_path": "/api/v2/restriction_policy/{resource_id}",
"operation_id": "delete_restriction_policy",
"http_method": "DELETE",
"version": "v2",
},
params_map={
"resource_id": {
"required": True,
"openapi_types": (str,),
"attribute": "resource_id",
"location": "path",
},
},
headers_map={
"accept": ["*/*"],
},
api_client=api_client,
)
self._get_restriction_policy_endpoint = _Endpoint(
settings={
"response_type": (RestrictionPolicyResponse,),
"auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
"endpoint_path": "/api/v2/restriction_policy/{resource_id}",
"operation_id": "get_restriction_policy",
"http_method": "GET",
"version": "v2",
},
params_map={
"resource_id": {
"required": True,
"openapi_types": (str,),
"attribute": "resource_id",
"location": "path",
},
},
headers_map={
"accept": ["application/json"],
},
api_client=api_client,
)
self._update_restriction_policy_endpoint = _Endpoint(
settings={
"response_type": (RestrictionPolicyResponse,),
"auth": ["apiKeyAuth", "appKeyAuth", "AuthZ"],
"endpoint_path": "/api/v2/restriction_policy/{resource_id}",
"operation_id": "update_restriction_policy",
"http_method": "POST",
"version": "v2",
},
params_map={
"resource_id": {
"required": True,
"openapi_types": (str,),
"attribute": "resource_id",
"location": "path",
},
"allow_self_lockout": {
"openapi_types": (bool,),
"attribute": "allow_self_lockout",
"location": "query",
},
"body": {
"required": True,
"openapi_types": (RestrictionPolicyUpdateRequest,),
"location": "body",
},
},
headers_map={"accept": ["application/json"], "content_type": ["application/json"]},
api_client=api_client,
)
def delete_restriction_policy(
self,
resource_id: str,
) -> None:
"""Delete a restriction policy.
Deletes the restriction policy associated with a specified resource.
:param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
:type resource_id: str
:rtype: None
"""
kwargs: Dict[str, Any] = {}
kwargs["resource_id"] = resource_id
return self._delete_restriction_policy_endpoint.call_with_http_info(**kwargs)
def get_restriction_policy(
self,
resource_id: str,
) -> RestrictionPolicyResponse:
"""Get a restriction policy.
Retrieves the restriction policy associated with a specified resource.
:param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
:type resource_id: str
:rtype: RestrictionPolicyResponse
"""
kwargs: Dict[str, Any] = {}
kwargs["resource_id"] = resource_id
return self._get_restriction_policy_endpoint.call_with_http_info(**kwargs)
def update_restriction_policy(
self,
resource_id: str,
body: RestrictionPolicyUpdateRequest,
*,
allow_self_lockout: Union[bool, UnsetType] = unset,
) -> RestrictionPolicyResponse:
"""Update a restriction policy.
Updates the restriction policy associated with a resource.
**Supported resources**
Restriction policies can be applied to the following resources:
* Dashboards: ``dashboard``
* Integration Accounts: ``integration-account``
* Integration Webhooks: ``integration-webhook``
* Notebooks: ``notebook``
* Powerpacks: ``powerpack``
* Reference Tables: ``reference-table``
* Security Rules: ``security-rule``
* Service Level Objectives: ``slo``
* Synthetic Global Variables: ``synthetics-global-variable``
* Synthetic Tests: ``synthetics-test``
* Synthetic Private Locations: ``synthetics-private-location``
* Monitors: ``monitor``
* Workflows: ``workflow``
* App Builder Apps: ``app-builder-app``
* Connections: ``connection``
* Connection Groups: ``connection-group``
**Supported relations for resources**
.. list-table::
:header-rows: 1
* - Resource Type
- Supported Relations
* - Dashboards
- ``viewer`` , ``editor``
* - Integration Accounts
- ``viewer`` , ``editor``
* - Integration Webhooks
- ``viewer`` , ``editor``
* - Notebooks
- ``viewer`` , ``editor``
* - Powerpacks
- ``viewer`` , ``editor``
* - Security Rules
- ``viewer`` , ``editor``
* - Service Level Objectives
- ``viewer`` , ``editor``
* - Synthetic Global Variables
- ``viewer`` , ``editor``
* - Synthetic Tests
- ``viewer`` , ``editor``
* - Synthetic Private Locations
- ``viewer`` , ``editor``
* - Monitors
- ``viewer`` , ``editor``
* - Reference Tables
- ``viewer`` , ``editor``
* - Workflows
- ``viewer`` , ``runner`` , ``editor``
* - App Builder Apps
- ``viewer`` , ``editor``
* - Connections
- ``viewer`` , ``resolver`` , ``editor``
* - Connection Groups
- ``viewer`` , ``editor``
:param resource_id: Identifier, formatted as ``type:id``. Supported types: ``connection`` , ``dashboard`` , ``integration-account`` , ``integration-webhook`` , ``notebook`` , ``reference-table`` , ``security-rule`` , ``slo`` , ``workflow`` , ``app-builder-app`` , ``connection`` , ``connection-group``.
:type resource_id: str
:param body: Restriction policy payload
:type body: RestrictionPolicyUpdateRequest
:param allow_self_lockout: Allows admins (users with the ``user_access_manage`` permission) to remove their own access from the resource if set to ``true``. By default, this is set to ``false`` , preventing admins from locking themselves out.
:type allow_self_lockout: bool, optional
:rtype: RestrictionPolicyResponse
"""
kwargs: Dict[str, Any] = {}
kwargs["resource_id"] = resource_id
if allow_self_lockout is not unset:
kwargs["allow_self_lockout"] = allow_self_lockout
kwargs["body"] = body
return self._update_restriction_policy_endpoint.call_with_http_info(**kwargs)