antimatter.session#

Module Contents#

Classes#

EncapsulateResponse

EncapsulateResponse contains metadata from encapsulating data, including

Session

The Session establishes auth and the domain you are working with, providing

Functions#

new_domain(email)

Create a new domain with the provided email as the admin contact. A

Attributes#

API_TARGET_VERSION

antimatter.session.API_TARGET_VERSION = 'v1'#
class antimatter.session.EncapsulateResponse#

EncapsulateResponse contains metadata from encapsulating data, including the capsule ID or IDs, and the raw bytes if the capsule was not exported.

capsule_ids: List[str]#
raw: bytes | None#
load_capsule_func: Callable[[str | None, bytes | EncapsulateResponse | None, str], antimatter.capsule.Capsule | None] | None#
load(read_context: str) antimatter.capsule.Capsule | None#

Load the response into a capsule. Note that this shortcut requires that the raw data be returned from the encapsulation.

Parameters:

read_context – The name of the role policy to use for reading data

Returns:

The loaded capsule, if the raw data was present on the response.

save(filename: str)#

Save the capsule to a file

antimatter.session.new_domain(email: str)#

Create a new domain with the provided email as the admin contact. A verification email will be sent to that email. Verification must be completed before the Antimatter API can be interacted with.

class antimatter.session.Session(domain: str, api_key: str, email: str | None = None)#

Bases: antimatter.session_mixins.CapabilityMixin, antimatter.session_mixins.CapsuleMixin, antimatter.session_mixins.DomainMixin, antimatter.session_mixins.EncryptionMixin, antimatter.session_mixins.FactMixin, antimatter.session_mixins.GeneralMixin, antimatter.session_mixins.IdentityProviderMixin, antimatter.session_mixins.PolicyRuleMixin, antimatter.session_mixins.ReadContextMixin, antimatter.session_mixins.WriteContextMixin, antimatter.session_mixins.VerificationMixin

The Session establishes auth and the domain you are working with, providing both a standard instantiation or a context manager in which a Capsule and its underlying data can be interacted with.

property domain_id#

Return the current domain ID

property api_key#

Return the api key in use by this session

config()#

Returns the configuration of this Session

load_capsule(path: str | None = None, data: bytes | EncapsulateResponse | None = None, read_context: str = None) antimatter.capsule.Capsule | None#

load_capsule creates a capsule, extracting data from an Antimatter Capsule binary blob, either provided in raw bytes or as a string path to a local or remote file.

If the as_datatype parameter is supplied and the data is a binary blob Antimatter Capsule, the data will be extracted in that format. If the data is data for saving to an Antimatter Capsule, as_datatype will specify the default format for the data when loaded from the blob.

Parameters:

  • path – The location of the Capsule as a local or remote path.

  • data – The data to load into an Antimatter Capsule.

  • read_context – The name of the role policy to use for reading data

encapsulate(data: Any = None, write_context: str = None, span_tags: List[antimatter.tags.SpanTag] = None, column_tags: List[antimatter.tags.ColumnTag] = None, as_datatype: antimatter.datatype.datatypes.Datatype | str = Datatype.Unknown, skip_classify_on_column_names: List[str] = None, path: str | None = None, subdomains_from: str | None = None, create_subdomains: bool | None = False, data_file_path: str | None = None, data_file_hint: str | None = None, **kwargs) EncapsulateResponse#

Saves the provided Capsule’s data, or the provided data using the provided write context. If ‘as_datatype’ is provided, the default datatype for the raw data will use the specified type.

One of ‘data’ or ‘path’ must be provided.

Parameters:

  • data – Raw data in a Capsule-supported format

  • write_context – The name of the role policy to use for writing data

  • span_tags – The span tags to manually apply to the data

  • column_tags – Tags to apply to entire columns by name

  • as_datatype – The datatype to override the provided data with when the capsule is read

  • skip_classify_on_column_names – List of columns to skip classifying

  • path – If provided, the local or remote path to save the capsule to

  • subdomains_from – column in the raw data that represents the subdomain

  • create_subdomains – allow missing subdomains to be created

  • data_file_path – Optional path to a file containing data to be read. If provided, data from this file will be used instead of the ‘data’ parameter.

  • data_file_hint – Optional hint indicating the format of the data in the file specified by ‘data_file_hint’. Supported formats include ‘json’, ‘csv’, ‘txt’, ‘parquet’. If not specified, data will be read as plain text.

Returns:

The response containing capsule metadata and the raw blob of the capsule if no path was provided.

refresh_token()#
with_new_peer_domain(import_alias_for_child: str, display_name_for_child: str, nicknames: List[str] | None = None, import_alias_for_parent: str | None = None, display_name_for_parent: str | None = None, link_all: bool = True, link_identity_providers: bool = None, link_facts: bool = None, link_read_contexts: bool = None, link_write_contexts: bool = None, link_capabilities: bool = None, link_domain_policy: bool = None, link_capsule_access_log: bool = None, link_control_log: bool = None, link_capsule_manifest: bool = None) Session#

Creates a new peer domain, returning the authenticated session for that new domain.

Parameters:

  • import_alias_for_child – The import alias for the child domain

  • display_name_for_child – The display name for the child domain

  • nicknames – The nicknames for the child domain

  • import_alias_for_parent – The import alias for the parent domain

  • display_name_for_parent – The display name for the parent domain

  • link_all – Link all available resources

  • link_identity_providers – Link identity providers

  • link_facts – Link facts

  • link_read_contexts – Link read contexts

  • link_write_contexts – Link write contexts

  • link_capabilities – Link capabilities

  • link_domain_policy – Link domain policy

  • link_capsule_access_log – Link capsule access log

  • link_control_log – Link control log

  • link_capsule_manifest – Link capsule manifest

Returns:

The authenticated session for the new domain

get_capabilities() List[Dict[str, Any]]#

Get the capabilities for the session’s domain.

Returns:

A list of capabilities.

get_capability(name: str) Dict[str, Any]#

Get a specific capability for the session’s domain.

Parameters:

name – The name for this capability, like “admin”

Returns:

The details of the capability.

put_capability(name: str, summary: str, description: str | None = None, unary: bool = True, create_only: bool = False) None#

Create or update a capability. A capability is attached to authenticated domain identities by an identity provider, and confers additional permissions upon the identity. This is done by writing domain policy rules that reference the capability.

Parameters:

  • name – The name for this capability, like “admin”

  • summary – A short, single sentence description of this capability

  • description – An optional longer form description of this capability

  • unary – A unary capability does not have a value

  • create_only

If True, an error will be returned if a capability with the name already exists

delete_capability(name: str) None#

Delete a capability.

Parameters:

name – The name of the capability, like “admin”

list_capsules(start_date: datetime.datetime | None = None, end_date: datetime.datetime | None = None, span_tag: str | None = None, sort_on: str | None = None, ascending: bool | None = None) Iterator[Dict[str, Any]]#

Returns an iterator over the capsules available for the current domain and auth

Parameters:

  • start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set.

  • end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time.

  • span_tag – The span tag you would like to filter on. This accepts a tag key only and will return all span tag key results matching the provided tag key. If not specified, this field is ignored.

  • sort_on – The capsule field you would like to sort on. This accepts the field only and will return results ordered on the provided field. If not specified, this field is ignored.

  • ascending – This defines whether a sorted result should be order ascending. This accepts a boolean value and when true will work in combination with the sort_on and start_after parameters to return values in ascending order. If not specified, this field is ignored and treated as false.

get_capsule_info(capsule_id: str) Dict[str, Any]#

Get the summary information about the capsule.

Parameters:

capsule_id – The identifier for the capsule

Returns:

The summary information about the capsule

upsert_capsule_tags(capsule_id: str, tags: List[antimatter.tags.CapsuleTag]) None#

Upsert the capsule-level tags to apply to a capsule.

Parameters:

  • capsule_id – The capsule to apply tags to

  • tags – The tags to apply to the capsule

delete_capsule_tags(capsule_id: str, tag_names: List[str]) None#

Delete capsule-level tags

Parameters:

  • capsule_id – The capsule to delete tags from

  • tag_names – The names of the tags to delete

new_domain(admin_email: str) Dict[str, Any]#

Create a new domain with no default peer relationships.

new_peer_domain(import_alias_for_child: str, display_name_for_child: str, nicknames: List[str] | None = None, import_alias_for_parent: str | None = None, display_name_for_parent: str | None = None, link_all: bool = True, link_identity_providers: bool = None, link_facts: bool = None, link_read_contexts: bool = None, link_write_contexts: bool = None, link_capabilities: bool = None, link_domain_policy: bool = None, link_capsule_access_log: bool = None, link_control_log: bool = None, link_capsule_manifest: bool = None) Dict[str, Any]#

Creates a new peer domain

Parameters:

  • import_alias_for_child – The import alias for the child domain

  • display_name_for_child – The display name for the child domain

  • nicknames – The nicknames for the child domain

  • import_alias_for_parent – The import alias for the parent domain

  • display_name_for_parent – The display name for the parent domain

  • link_all – Whether to link all capabilities

  • link_identity_providers – Whether to link identity providers

  • link_facts – Whether to link facts

  • link_read_contexts – Whether to link read contexts

  • link_write_contexts – Whether to link write contexts

  • link_capabilities – Whether to link capabilities

  • link_domain_policy – Whether to link domain policy

  • link_capsule_access_log – Whether to link capsule access log

  • link_control_log – Whether to link control log

  • link_capsule_manifest – Whether to link capsule manifest

Returns:

The new peer domain

get_peer(nickname: str | None = None, alias: str | None = None) str#

Retrieve the domain ID of a domain that is configured as a peer of this session’s domain by using either its alias or one of its nicknames.

Parameters:

  • nickname – The nickname for the peer domain

  • alias – One of the aliases of the peer domain

Returns:

The domain ID

list_peers()#

Return a list of the peers of this session’s domain.

Returns:

The peer list, containing IDs and other information about the domains

get_peer_config(peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None) Dict[str, Any]#

Get a peer configuration using one of the peer’s domain ID, nickname, or alias.

Parameters:

  • peer_domain_id – The domain ID of the peer

  • nickname – The nickname for the peer domain

  • alias – One of the aliases of the peer domain

Returns:

The full peer configuration

update_peer(display_name: str, peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None, export_identity_providers: List[str] | None = None, export_all_identity_providers: bool | None = None, export_facts: List[str] | None = None, export_all_facts: bool | None = None, export_read_contexts: List[str] | None = None, export_all_read_contexts: bool | None = None, export_write_contexts: List[str] | None = None, export_all_write_contexts: bool | None = None, export_capabilities: List[str] | None = None, export_all_capabilities: bool | None = None, export_domain_policy: bool | None = None, export_capsule_access_log: bool | None = None, export_control_log: bool | None = None, export_capsule_manifest: bool | None = None, export_billing: bool | None = None, export_admin_contact: bool | None = None, nicknames: List[str] | None = None, import_alias: str | None = None, forward_billing: bool | None = None, forward_admin_communications: bool | None = None, import_identity_providers: List[str] | None = None, import_all_identity_providers: bool | None = None, import_facts: List[str] | None = None, import_all_facts: bool | None = None, import_read_contexts: List[str] | None = None, import_all_read_contexts: bool | None = None, import_write_contexts: List[str] | None = None, import_all_write_contexts: bool | None = None, import_capabilities: List[str] | None = None, import_all_capabilities: bool | None = None, import_domain_policy: bool | None = None, import_precedence: int | None = None, import_capsule_access_log: bool | None = None, import_control_log: bool | None = None, import_capsule_manifest: bool | None = None) None#

Create or update the configuration for this peer using one of the peer’s domain ID, nickname, or alias. Please note, if the configuration already exists, it is updated to reflect the values in the request. This will include setting the fields to their default value if not supplied.

Parameters:

  • display_name – The display name for the peer domain

  • peer_domain_id – The domain ID of the peer

  • nickname – The nickname for the peer domain

  • alias – One of the aliases of the peer domain

  • export_identity_providers – The identity providers to export

  • export_all_identity_providers – Whether to export all identity providers

  • export_facts – The facts to export

  • export_all_facts – Whether to export all facts

  • export_read_contexts – The read contexts to export

  • export_all_read_contexts – Whether to export all read contexts

  • export_write_contexts – The write contexts to export

  • export_all_write_contexts – Whether to export all write contexts

  • export_capabilities – The capabilities to export

  • export_all_capabilities – Whether to export all capabilities

  • export_domain_policy – Whether to export the domain policy

  • export_capsule_access_log – Whether to export the capsule access log

  • export_control_log – Whether to export the control log

  • export_capsule_manifest – Whether to export the capsule manifest

  • export_billing – Whether to export billing information

  • export_admin_contact – Whether to export the admin contact

  • nicknames – The nicknames for the peer domain

  • import_alias – The import alias for the peer domain

  • forward_billing – Whether to forward billing information

  • forward_admin_communications – Whether to forward admin communications

  • import_identity_providers – The identity providers to import

  • import_all_identity_providers – Whether to import all identity providers

  • import_facts – The facts to import

  • import_all_facts – Whether to import all facts

  • import_read_contexts – The read contexts to import

  • import_all_read_contexts – Whether to import all read contexts

  • import_write_contexts – The write contexts to import

  • import_all_write_contexts – Whether to import all write contexts

  • import_capabilities – The capabilities to import

  • import_all_capabilities – Whether to import all capabilities

  • import_domain_policy – Whether to import the domain policy

  • import_precedence – The precedence of the import

  • import_capsule_access_log – Whether to import the capsule access log

  • import_control_log – Whether to import the control log

  • import_capsule_manifest – Whether to import the capsule manifest

delete_peer(peer_domain_id: str | None = None, nickname: str | None = None, alias: str | None = None) None#

Remove the peering relationship with the given domain, using one of the peer’s domain ID, nickname, or alias.

Parameters:

  • peer_domain_id – The domain ID of the peer

  • nickname – The nickname for the peer domain

  • alias – One of the aliases of the peer domain

get_top_tags() List[str]#

Get domain tag info returns a list containing the top 100 tag names for the current session’s domain.

flush_encryption_keys()#

Flush all keys in memory. The keys will be immediately reloaded from persistent storage, forcing a check that the domain’s root key is still available

list_fact_types()#

Returns a list of fact types available for the current domain and auth

list_facts(fact_type: str)#

Returns a list of facts for the given fact type

add_fact_type(name: str, description: str, arguments: Dict[str, str]) None#

Upserts a fact type for the current domain and auth

Parameters:

  • name – The “type name” for this fact, like “has_role”

  • description – The human-readable description of the fact type

  • arguments – Name:description argument pairs for the fact type

add_fact(fact_type: str, *arguments: str) Dict[str, Any]#

Upserts a fact for the current domain and auth

Parameters:

  • fact_type – The name of the type of fact being added

  • arguments – The fact arguments to add

Returns:

The upserted fact

get_fact_type(fact_type: str) Dict[str, Any]#

Get the fact type details for the given fact type

Parameters:

fact_type – The “type name” for this fact, like “has_role”

Returns:

The fact type details

get_fact(fact_type: str, fact_id: str) Dict[str, Any]#

Returns the fact details for the given fact type and name

Parameters:

  • fact_type – The “type name” for this fact, like “has_role”

  • fact_id – The ID for the fact to be retrieved

Returns:

The fact details

delete_fact_type(fact_type: str) None#

Delete a fact type AND ALL FACTS INSIDE IT.

Parameters:

fact_type – The “type name” for this fact, like “has_role”

delete_fact(fact_type: str, fact_id: str | None = None, arguments: List[str] | None = None) None#

Delete a fact by ID or argument. One of ‘fact_id’ or ‘arguments’ must be provided. If ‘fact_id’ is provided, it will be used solely. If arguments are provided, each must fully match the name and/or arguments of the fact for it to be deleted.

Parameters:

  • fact_type – The “type name” for this fact, like “has_role”

  • fact_id – The ID for the fact to be deleted

  • arguments – The arguments for the fact to be deleted

delete_all_facts(fact_type: str) None#

Delete all the facts for the given fact type.

Parameters:

fact_type – The “type name” for this fact, like “has_role”

get_private_info() Dict[str, Any]#

Returns a Domain’s summary information.

Returns:

The private summary info for a domain

get_public_info() Dict[str, Any]#

Returns a Domain’s summary information. This endpoint does not require authorization

Returns:

The public summary info for a domain

get_settings() Dict[str, Any]#

Return the domain settings.

patch_settings(*patch: antimatter.builders.settings_patch.SettingsPatchBuilder) Dict[str, Any]#

Applies the given patch to the domain settings. The user must have permissions on all resources the patch references.

Parameters:

patch – The patch or patches to make to the settings. The path is the patch is a JSON pointer path.

Returns:

The domain settings after applying the patch

get_status() Dict[str, Any]#

Return the domain status, which contains important notifications for administrators of the domain.

list_hooks() List[Dict[str, Any]]#

Return a list of available hooks in this domain. A hook is a data processor, like a PII classifier

list_resources() Dict[str, Any]#

Return a list of resource strings that can be used in policy rules, and the set of permissions that you can assign to them.

query_access_log(start_date: datetime.datetime | None = None, end_date: datetime.datetime | None = None, session: str | None = None, location: str | None = None, location_prefixed: bool | None = None, operation_type: str | None = None, allowed_tag: str | None = None, redacted_or_tokenized_tag: str | None = None, capsule_id: str | None = None) Iterator[Dict[str, Any]]#

Query the data access log for this domain. This contains all operations interacting with capsules within this domain. An iterator is returned over the results in reverse chronological order.

Parameters:

  • start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set. This should be a timezone-aware datetime, or else will be treated as the system timezone

  • end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time. This should be a timezone-aware datetime, or else will be treated as the system timezone

  • session – The session you would like to filter on. This will return results for only the provided session. If not specified, this field is ignored

  • location – The location you would like to filter on. This is a matched filter and will return results starting with the provided string. If not specified, this field is ignored

  • location_prefixed – A boolean indicator to indicate that the location you provided is a prefix or not. If this is set to true, then the filter provided in location is treated as a prefix. If not specified, this is treated as false

  • operation_type – The operation you would like to filter on. This will filter on the provided operation type and return all results using the provided operation type. If not specified, this field is ignored

  • allowed_tag – The allow tag key you would like to filter on. This accepts tag key only and will return all allowed tag results matching the provided tag key. If not specified, this field is ignored

  • redacted_or_tokenized_tag – The redacted or tokenized tag key you would like ot filter on. This accepts a tag key only and will return all redacted and tokenized tag key results matching the provided tag key. If not specified, this field is ignored

  • capsule_id – The ID for a specific capsule. Use this to limit results to a single capsule

Returns:

An iterator over the access logs matching the filters

query_control_log(start_date: datetime.datetime | None = None, end_date: datetime.datetime | None = None, session: str | None = None, url: str | None = None, description: str | None = None) Iterator[Dict[str, Any]]#

Query the domain control-plane audit log. An iterator is returned over the results in reverse chronological order.

Parameters:

  • start_date – The earlier date of the date range. As results are returned in reverse chronological order, this date corresponds with the end of the result set. This should be a timezone-aware datetime, or else will be treated as the system timezone

  • end_date – The later date of the date range. As results are returned in reverse chronological order, this date corresponds with the beginning of the result set. If not specified, defaults to the current time. This should be a timezone-aware datetime, or else will be treated as the system timezone

  • session – The session you would like to filter on. This will return results for only the provided session. If not specified, this field is ignored

  • url – The URL you would like to filter on. This is a prefix matched filter and will return results starting with the provided string. If not specified, this field is ignored

  • description – The description you would like to filter on. This is an in matched filter and will return results that contain the provided string. If not specified, this field is ignored

Returns:

An iterator over the control logs matching the filters

upsert_identity_provider(provider_name: str, provider_type: str | antimatter.constants.identity_provider.ProviderType = ProviderType.ApiKey, client_id: str | None = None) Dict[str, Any]#

Create or update an identity provider.

Parameters:

  • provider_name – The name of a new or existing identity provider

  • provider_type – The provider type for identity management

  • client_id – If the provider type is ‘GoogleOAuth’, a client ID must be provided

Returns:

The identity provider summary

insert_identity_provider_principal(provider_name: str, capabilities: Dict[str, str], principal_type: str | antimatter.constants.identity_provider.PrincipalType, principal_value: str | None = None) Dict[str, str]#

Creates a new principal for the provider. Note that the provider_name must refer to an existing identity provider. The principal_value is optional if the type is APIKey.

Parameters:

  • provider_name – The name of an existing identity provider

  • capabilities – The capabilities to attach to the principal

  • principal_type – The type of principal to create. One of ‘APIKey’, ‘Email’, or ‘HostedDomain’

  • principal_value – The appropriate identifying value for the principal, depending on type

Returns:

The ID of the inserted principal and any additional metadata

update_identity_provider_principal(provider_name: str, principal_id: str, capabilities: Dict[str, str]) None#

Update the capabilities for an identity provider principal.

Parameters:

  • provider_name – The name of an existing identity provider

  • principal_id – The ID of the principal

  • capabilities – The capabilities to attach to the principal

get_identity_provider(provider_name: str) Dict[str, Any]#

Retrieve detailed information and configuration of an identity provider

Parameters:

provider_name – The name of an existing identity provider

Returns:

The identity provider details

list_identity_providers() List[Dict[str, Any]]#

Retrieve the domain’s identity providers and a brief overview of their configuration.

get_identity_provider_principal(provider_name: str, principal_id: str | None = None) List[Dict[str, Any]] | Dict[str, Any]#

Get either a summary of all the principals for an identity provider, or detailed information about a single principal if a principal_id is provided

Parameters:

  • provider_name – The name of an existing identity provider

  • principal_id – The ID of the principal; None to get all principals

Returns:

The principal information

delete_identity_provider(provider_name: str) None#

Delete an identity provider. All domain tokens created using this identity provider will be invalidated. Take care not to remove the identity provider that is providing you admin access to your domain, as you may lock yourself out.

Parameters:

provider_name – The name of the identity provider to fully delete

delete_identity_provider_principal(provider_name: str, principal_id: str) None#

Delete an identity provider principal.

Parameters:

  • provider_name – The name of the identity provider to delete a principal from

  • principal_id – The ID of the principal to delete

create_policy_rule(capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, facts: antimatter.builders.fact_policy.FactPoliciesBuilder | None = None, disabled: bool = False) Dict[str, Any]#

Create a policy rule for the domain.

Parameters:

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

Returns:

A dictionary containing the created rule from the server

delete_policy_rule(rule_id: str)#

Delete a domain policy rule on the session’s domain.

Parameters:

rule_id – Identifier of the policy rule to delete

list_policy_rules()#

Get the domain’s policy rules.

Returns:

A list of policy rules.

update_policy_rule(rule_id: str, capability_rules: antimatter.builders.capability.CapabilityRulesBuilder, facts: antimatter.builders.fact_policy.FactPoliciesBuilder, path: str, operation: str | antimatter.constants.domain_policy.Operation, result: str | antimatter.constants.domain_policy.Result, priority: int, disabled: bool = False) None#

Update a domain policy rule by ID.

Parameters:

  • rule_id – The ID of the rule to update

  • capability_rules – Rules referring to domain identity capabilities. These rules are ANDed together

  • facts – Assert the existence or nonexistence of facts that reference the capability rules. These assertions will be ANDed together, and ANDed with the capability rules.

  • path – The path this rule governs. May contain glob expressions (e.g. ‘*’ and ‘**’)

  • operation – The operation to apply the policy to

  • result – Whether to ‘allow’ or ‘deny’ the operation performed that matches this rule

  • priority – The priority of this rule. Lower priority rules are evaluated first

  • disabled – If this rule is disabled or not

renumber_policy_rules() List[Dict[str, Any]]#

Re-assign rule priority numbers for the session’s domain to integer multiples of 10

Returns:

The full list of renumbered policy rules in this domain

add_read_context(name: str, builder: antimatter.builders.ReadContextBuilder) None#

Upserts a read context for the current domain and auth

Parameters:

  • name – The name of the read context to add or update

  • builder – The builder containing read context configuration

list_read_context() List[Dict[str, Any]]#

Returns a list of read contexts available for the current domain and auth

describe_read_context(name: str) Dict[str, Any]#

Returns the read context with the given name for the current domain and auth

Parameters:

name – The name of the read context to describe

Returns:

The full details of the read context

delete_read_context(name: str) None#

Delete a read context. All configuration associated with this read context will also be deleted. Domain policy rules referencing this read context will be left as-is.

Parameters:

name – The name of the read context to delete

list_read_context_rules(name: str) List[Dict[str, Any]]#

List all rules for the read context

Parameters:

name – The name of the read context to list rules from

Returns:

The list of read context rules

add_read_context_rules(name: str, rule_builder: antimatter.builders.ReadContextRuleBuilder) str#

Adds rules to a read context

Parameters:

  • name – The name of the read context to add rules to

  • rule_builder – The builder containing rule configuration for the read context

Returns:

The unique ID for the added read context rule

update_read_context_rule(name: str, rule_id: str, rule_builder: antimatter.builders.ReadContextRuleBuilder) None#

Update a read context configuration rule. The rule must already exist.

Parameters:

  • name – The name of the read context to update a rule for

  • rule_id – The unique ID of the rule to update

  • rule_builder – The builder containing rule configuration

delete_read_context_rule(name: str, rule_id: str) None#

Deletes a rule from a read context

Parameters:

  • name – The name of the read context to delete a rule from

  • rule_id – The unique ID of the rule to delete

delete_read_context_rules(name: str) None#

Deletes all the read context rules

Parameters:

name – The name of the read context to delete all the rules from

add_write_context(name: str, builder: antimatter.builders.WriteContextBuilder) None#

Upserts a write context for the current domain and auth

Parameters:

  • name – The name of the write context to add or update

  • builder – The builder containing write context configuration

list_write_context() List[Dict[str, Any]]#

Returns a list of write contexts available for the current domain and auth

describe_write_context(name: str) Dict[str, Any]#

Returns the write context with the given name for the current domain and auth

Parameters:

name – The name of the write context to describe

Returns:

The full details of the write context

upsert_write_context_configuration(name: str, builder: antimatter.builders.WriteContextConfigurationBuilder) None#

Update a write context configuration. The write context must already exist.

Parameters:

  • name – The name of the write context to update the configuration for

  • builder – The builder containing write context configuration

delete_write_context(name: str) None#

Delete a write context. All configuration associated with this write context will also be deleted. Domain policy rules referencing this write context will be left as-is.

Parameters:

name – The name of the write context to delete

list_write_context_regex_rules(context_name: str) List[Dict[str, Any]]#

List all regex rules for the write context.

Parameters:

context_name – The name of the write context

Returns:

The list of rules

insert_write_context_regex_rule(context_name: str, builder: antimatter.builders.WriteContextRegexRuleBuilder) str#

Create a new regex rule for a write context.

Parameters:

  • context_name – The name of the write context

  • builder – The builder containing write context regex rule configuration

delete_write_context_regex_rule(context_name: str, rule_id: str) None#

Delete a regex classifier rule for the context.

Parameters:

  • context_name – The name of the write context

  • rule_id – The ID of the rule to delete

delete_write_context_regex_rules(context_name: str) None#

Delete the regex classifier rules for the context.

Parameters:

context_name – The name of the write context

resend_verification_email(email: str | None = None)#

Resend the verification email to the admin contact email. If the session was called with an email, that will be used if none is provided.

Parameters:

email – The email to resend the verification email for.