Policy Shard
PolicyShards are a simplified representation of policies.
- class PolicyShard(effect, effective_action, effective_resource, effective_principal, conditions=None, not_conditions=None)
A PolicyShard is part of a policy broken down in such a way that it can be deduplicated and collapsed.
- Parameters
effect (str) –
effective_action (policyglass.effective_arp.EffectiveARP[policyglass.action.Action]) –
effective_resource (policyglass.effective_arp.EffectiveARP[policyglass.resource.Resource]) –
effective_principal (policyglass.effective_arp.EffectiveARP[policyglass.principal.Principal]) –
conditions (FrozenSet[policyglass.condition.Condition]) –
not_conditions (FrozenSet[policyglass.condition.Condition]) –
- Return type
None
- __init__(effect, effective_action, effective_resource, effective_principal, conditions=None, not_conditions=None)
Create a new model by parsing and validating input data from keyword arguments.
Raises ValidationError if the input data cannot be parsed to form a valid model.
- Parameters
effect (str) –
effective_action (policyglass.effective_arp.EffectiveARP[policyglass.action.Action]) –
effective_resource (policyglass.effective_arp.EffectiveARP[policyglass.resource.Resource]) –
effective_principal (policyglass.effective_arp.EffectiveARP[policyglass.principal.Principal]) –
conditions (Optional[FrozenSet[policyglass.condition.Condition]]) –
not_conditions (Optional[FrozenSet[policyglass.condition.Condition]]) –
- Return type
None
- conditions: FrozenSet[policyglass.condition.Condition]
- dict(*args, **kwargs)
Convert instance to dict representation of it.
- Parameters
*args – Arguments will be ignored.
**kwargs – Arguments will be ignored.
- Return type
Dict[str, Any]
Overridden from BaseModel so that when converting conditions to dict they don’t suffer from being unhashable when placed in a set.
- difference(other)
Calculate the difference between this and another object of the same type.
Effectively subtracts the inclusions of
other
fromself
. This is useful when applying denies (other
) to allows (self
).- Parameters
other (object) – The object to subtract from this one.
- Raises
ValueError – If
other
is not the same type as this object.- Return type
- effect: str
- effective_action: policyglass.effective_arp.EffectiveARP[policyglass.action.Action]
- effective_principal: policyglass.effective_arp.EffectiveARP[policyglass.principal.Principal]
- effective_resource: policyglass.effective_arp.EffectiveARP[policyglass.resource.Resource]
- issubset(other)
Whether this object contains all the elements of another object (i.e. is a subset of the other object).
- Parameters
other (object) – The object to determine if our object contains.
- Raises
ValueError – If the other object is not of the same type as this object.
- Return type
bool
- not_conditions: FrozenSet[policyglass.condition.Condition]
- union(other)
Combine this object with another object of the same type.
- Parameters
other (object) – The object to combine with this one.
- Raises
ValueError – If
other
is not the same type as this object.- Return type
- dedupe_policy_shards(shards)
Dedupe policy shards that are subsets of each other.
- Parameters
shards (List[policyglass.policy_shard.PolicyShard]) – The shards to deduplicate.
- Return type
- policy_shards_effect(shards)
Calculate the effect of merging allow and deny shards together.
- Parameters
shards (List[policyglass.policy_shard.PolicyShard]) – The shards to caclulate the effect of.
- Return type