Resource Restrictions#
- class ResourceRestrictionsClient(*, sdk_config: SDKConfiguration, generated_client: ApiClient)[source]#
Bases:
objectClient for managing Arize resource restrictions.
This class is primarily intended for internal use within the SDK. Users are highly encouraged to access resource-specific functionality via
arize.ArizeClient.Resource restrictions prevent roles bound at higher hierarchy levels (space, org, account) from granting access to the restricted resource. Only space admins or users with the
PROJECT_RESTRICTpermission can restrict or unrestrict a resource.Currently only
PROJECTresources are supported.The resource restrictions client is a thin wrapper around the generated REST API client, using the shared generated API client owned by
arize.config.SDKConfiguration.- Parameters:
sdk_config (SDKConfiguration) – Resolved SDK configuration.
generated_client (ApiClient) – Shared generated API client instance.
- list(*, resource_type: ResourceRestrictionType | None = None, limit: int = DEFAULT_LIST_LIMIT, cursor: str | None = None) ResourceRestrictionListResponse[source]#
List resource restrictions the caller is permitted to manage.
Only restrictions the caller can manage are returned — i.e. an account/org admin, a holder of the
PROJECT_RESTRICTpermission in the resource’s space, or a holder ofPROJECT_RESTRICTgranted directly on the resource.Results are paginated. Because entries are authorization-filtered after a page is read, a page may contain fewer items than
limit(or be empty) whilepagination.has_moreis stillTrue. Keep paging untilpagination.has_moreisFalse— do not stop on an empty page.Currently only
PROJECTresources are supported.- Parameters:
resource_type (ResourceRestrictionType | None) – Optional filter restricting results to a single resource type. When omitted, restrictions of all supported resource types are returned (currently only
PROJECT).limit (int) – Maximum number of restrictions to return per page. The server enforces an upper bound.
cursor (str | None) – Opaque pagination cursor returned from a previous response (
pagination.next_cursor). Treat it as an unreadable token; do not attempt to parse or construct it.
- Returns:
A response object with the resource restrictions and pagination information.
- Raises:
ApiException – If the API request fails (for example, invalid input or insufficient permissions).
- Return type:
- restrict(*, resource_id: str) ResourceRestriction[source]#
Mark a resource as restricted.
Restricting a resource prevents roles bound at higher hierarchy levels (space, org, account) from granting access. Only space admins or users with the
PROJECT_RESTRICTpermission can perform this action.This operation is idempotent — restricting an already-restricted resource returns the existing restriction without error.
Currently only
PROJECTresources are supported.- Parameters:
resource_id (str) – Global ID of the resource to restrict. Must encode a project resource ID.
- Returns:
The resource restriction object.
- Raises:
ApiException – If the API request fails (for example, unsupported resource type or insufficient permissions).
- Return type:
- unrestrict(*, resource_id: str) None[source]#
Remove restriction from a resource.
Removing a restriction means that roles bound at other levels of the hierarchy (space, org, account) can once again grant access to the resource.
- Parameters:
resource_id (str) – Global ID of the resource to unrestrict.
- Raises:
ApiException – If the API request fails (for example, resource is not restricted, or insufficient permissions).
- Return type:
None
Response Types#
- class ResourceRestriction(*, resource_type: ResourceRestrictionType, resource_id: Annotated[str, Strict(strict=True)], created_at: datetime)[source]#
Bases:
BaseModelCreate a new model by parsing and validating input data from keyword arguments.
Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.
self is explicitly positional-only to allow self as a field name.
- Parameters:
resource_type (ResourceRestrictionType)
created_at (datetime)
- resource_type: ResourceRestrictionType#
- resource_id: StrictStr#
- created_at: datetime#
- model_config: ClassVar[ConfigDict] = {'populate_by_name': True, 'protected_namespaces': (), 'validate_assignment': True, 'validate_by_alias': True, 'validate_by_name': True}#
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- classmethod from_json(json_str: str) Self | None[source]#
Create an instance of ResourceRestriction from a JSON string
- to_dict() Dict[str, Any][source]#
Return the dictionary representation of the model using alias.
This has the following differences from calling pydantic’s self.model_dump(by_alias=True):
None is only added to the output dict for nullable fields that were set at model initialization. Other fields with value None are ignored.
- class ResourceRestrictionListResponse(*, resource_restrictions: List[ResourceRestriction], pagination: PaginationMetadata)[source]#
Bases:
BaseModelCreate a new model by parsing and validating input data from keyword arguments.
Raises [ValidationError][pydantic_core.ValidationError] if the input data cannot be validated to form a valid model.
self is explicitly positional-only to allow self as a field name.
- Parameters:
resource_restrictions (List[ResourceRestriction])
pagination (PaginationMetadata)
- resource_restrictions: List[ResourceRestriction]#
- pagination: PaginationMetadata#
- model_config: ClassVar[ConfigDict] = {'populate_by_name': True, 'protected_namespaces': (), 'validate_assignment': True, 'validate_by_alias': True, 'validate_by_name': True}#
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
- classmethod from_json(json_str: str) Self | None[source]#
Create an instance of ResourceRestrictionListResponse from a JSON string
- to_dict() Dict[str, Any][source]#
Return the dictionary representation of the model using alias.
This has the following differences from calling pydantic’s self.model_dump(by_alias=True):
None is only added to the output dict for nullable fields that were set at model initialization. Other fields with value None are ignored.
- classmethod from_dict(obj: Dict[str, Any] | None) Self | None[source]#
Create an instance of ResourceRestrictionListResponse from a dict
- to_df(by_alias: bool = False, exclude_none: str | bool = True, json_normalize: bool = False, convert_dtypes: bool = True, expand_field: str = 'additional_properties', expand_prefix: str = '') pd.DataFrame#
Convert a list of objects to a
pandas.DataFrame.- Behavior:
If an item is a Pydantic v2 model, use .model_dump(by_alias=…).
If an item is a mapping (dict-like), use it as-is.
Otherwise, raise a ValueError (unsupported row type).
- Parameters:
self (object) – The object instance containing the field to convert.
by_alias (bool) – Use field aliases when dumping Pydantic models.
exclude_none (str | bool) – Control None/NaN column dropping. - False: keep Nones as-is - “all”: drop columns where all values are None/NaN - “any”: drop columns where any value is None/NaN - True: alias for “all”
json_normalize (bool) – If True, flatten nested dicts via
pandas.json_normalize.convert_dtypes (bool) – If True, call
DataFrame.convert_dtypes()at the end.expand_field (str) – If set, look for this field in each row and expand its keys into top-level columns.
expand_prefix (str) – If set, prefix expanded column names with this string.
- Returns:
The converted DataFrame.
- Return type: