Resource Restrictions#
- class ResourceRestrictionsClient(*, sdk_config: SDKConfiguration, generated_client: ApiClient)[source]#
Bases:
objectClient for managing Arize resource restrictions.
This class is primarily intended for internal use within the SDK. Users are highly encouraged to access resource-specific functionality via
arize.ArizeClient.Resource restrictions prevent roles bound at higher hierarchy levels (space, org, account) from granting access to the restricted resource. Only space admins or users with the
PROJECT_RESTRICTpermission can restrict or unrestrict a resource.Currently only
PROJECTresources are supported.The resource restrictions client is a thin wrapper around the generated REST API client, using the shared generated API client owned by
arize.config.SDKConfiguration.- Parameters:
sdk_config (SDKConfiguration) – Resolved SDK configuration.
generated_client (ApiClient) – Shared generated API client instance.
- restrict(*, resource_id: str) ResourceRestriction[source]#
Mark a resource as restricted.
Restricting a resource prevents roles bound at higher hierarchy levels (space, org, account) from granting access. Only space admins or users with the
PROJECT_RESTRICTpermission can perform this action.This operation is idempotent — restricting an already-restricted resource returns the existing restriction without error.
Currently only
PROJECTresources are supported.- Parameters:
resource_id (str) – Global ID of the resource to restrict. Must encode a project resource ID.
- Returns:
The resource restriction object.
- Raises:
ApiException – If the API request fails (for example, unsupported resource type or insufficient permissions).
- Return type:
- unrestrict(*, resource_id: str) None[source]#
Remove restriction from a resource.
Removing a restriction means that roles bound at other levels of the hierarchy (space, org, account) can once again grant access to the resource.
- Parameters:
resource_id (str) – Global ID of the resource to unrestrict.
- Raises:
ApiException – If the API request fails (for example, resource is not restricted, or insufficient permissions).
- Return type:
None
Response Types#
- class ResourceRestriction(*, resource_type: ResourceRestrictionType, resource_id: Annotated[str, Strict(strict=True)], created_at: datetime)[source]#
Bases:
BaseModelCreate a new model by parsing and validating input data from keyword arguments.
Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.
self is explicitly positional-only to allow self as a field name.
- Parameters:
- resource_type: ResourceRestrictionType#
- resource_id: StrictStr#
- created_at: datetime#
- model_config: ClassVar[ConfigDict] = {'populate_by_name': True, 'protected_namespaces': (), 'validate_assignment': True, 'validate_by_alias': True, 'validate_by_name': True}#
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- classmethod from_json(json_str: str) Self | None[source]#
Create an instance of ResourceRestriction from a JSON string
- to_dict() Dict[str, Any][source]#
Return the dictionary representation of the model using alias.
This has the following differences from calling pydantic’s self.model_dump(by_alias=True):
None is only added to the output dict for nullable fields that were set at model initialization. Other fields with value None are ignored.