Identity and access management¶
Tokens¶
Inspect the token currently used by the client¶
-
TokenAPI.
inspect
() → cognite.client.data_classes.iam.TokenInspection¶ Inspect a token.
Get details about which projects it belongs to and which capabilities are granted to it.
Returns: The object with token inspection details. Return type: TokenInspection Example
Inspect token:
>>> from cognite.client import CogniteClient >>> c = CogniteClient() >>> res = c.iam.token.inspect()
Groups¶
List groups¶
-
GroupsAPI.
list
(all: bool = False) → cognite.client.data_classes.iam.GroupList¶ -
Parameters: all (bool) – Whether to get all groups, only available with the groups:list acl. Returns: List of groups. Return type: GroupList Example
List groups:
>>> from cognite.client import CogniteClient >>> c = CogniteClient() >>> res = c.iam.groups.list()
Create groups¶
-
GroupsAPI.
create
(group: Union[cognite.client.data_classes.iam.Group, Sequence[cognite.client.data_classes.iam.Group]]) → Union[cognite.client.data_classes.iam.Group, cognite.client.data_classes.iam.GroupList]¶ -
Parameters: group (Union[Group, Sequence[Group]]) – Group or list of groups to create. Returns: The created group(s). Return type: Union[Group, GroupList] Example
Create group:
>>> from cognite.client import CogniteClient >>> from cognite.client.data_classes import Group >>> c = CogniteClient() >>> my_capabilities = [{"groupsAcl": {"actions": ["LIST"],"scope": {"all": { }}}}] >>> my_group = Group(name="My Group", capabilities=my_capabilities) >>> res = c.iam.groups.create(my_group)
Security categories¶
List security categories¶
-
SecurityCategoriesAPI.
list
(limit: int = 25) → cognite.client.data_classes.iam.SecurityCategoryList¶ -
Parameters: limit (int) – Max number of security categories to return. Defaults to 25. Returns: List of security categories Return type: SecurityCategoryList Example
List security categories:
>>> from cognite.client import CogniteClient >>> c = CogniteClient() >>> res = c.iam.security_categories.list()
Create security categories¶
-
SecurityCategoriesAPI.
create
(security_category: Union[cognite.client.data_classes.iam.SecurityCategory, Sequence[cognite.client.data_classes.iam.SecurityCategory]]) → Union[cognite.client.data_classes.iam.SecurityCategory, cognite.client.data_classes.iam.SecurityCategoryList]¶ Create one or more security categories.
Parameters: security_category (Union[SecurityCategory, Sequence[SecurityCategory]]) – Security category or list of categories to create. Returns: The created security category or categories. Return type: Union[SecurityCategory, SecurityCategoryList] Example
Create security category:
>>> from cognite.client import CogniteClient >>> from cognite.client.data_classes import SecurityCategory >>> c = CogniteClient() >>> my_category = SecurityCategory(name="My Category") >>> res = c.iam.security_categories.create(my_category)
Delete security categories¶
-
SecurityCategoriesAPI.
delete
(id: Union[int, Sequence[int]]) → None¶ Delete one or more security categories.
Parameters: id (Union[int, Sequence[int]]) – ID or list of IDs of security categories to delete. Returns: None Example
Delete security category:
>>> from cognite.client import CogniteClient >>> c = CogniteClient() >>> c.iam.security_categories.delete(1)
Sessions¶
List sessions¶
-
SessionsAPI.
list
(status: Optional[str] = None) → cognite.client.data_classes.iam.SessionList¶ List all sessions in the current project.
Parameters: status (Optional[str]) – If given, only sessions with the given status are returned. Returns: a list of sessions in the current project. Return type: SessionList
Create a session¶
-
SessionsAPI.
create
(client_credentials: Optional[cognite.client.data_classes.iam.ClientCredentials] = None) → cognite.client.data_classes.iam.CreatedSession¶ -
Parameters: client_credentials (Optional[ClientCredentials]) – The client credentials to create the session. If set to None, a session will be created using the credentials used to instantiate -this- CogniteClient object. If that was done using a token, a session will be created using token exchange. Similarly, if the credentials were client credentials, a session will be created using client credentials. This method does not work when using client certificates (not supported server-side). Returns: The object with token inspection details. Return type: CreatedSession
Revoke a session¶
-
SessionsAPI.
revoke
(id: Union[int, Sequence[int]]) → cognite.client.data_classes.iam.SessionList¶ -
Parameters: id (Union[int, Sequence[int]) – Id or list of session ids Returns: List of revoked sessions. If the user does not have the sessionsAcl:LIST capability, then only the session IDs will be present in the response. Return type: SessionList
Data classes¶
-
class
cognite.client.data_classes.iam.
ClientCredentials
(client_id: str, client_secret: str)¶ Bases:
cognite.client.data_classes._base.CogniteResource
Client credentials for session creation
Parameters: - client_id (str) – Client ID from identity provider.
- client_secret (str) – Client secret from identity provider.
-
class
cognite.client.data_classes.iam.
CreatedSession
(id: int = None, type: str = None, status: str = None, nonce: str = None, client_id: str = None, cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResource
Session creation related information
Parameters: - id (int) – ID of the created session.
- type (str) – Credentials kind used to create the session.
- status (str) – Current status of the session.
- nonce (str) – Nonce to be passed to the internal service that will bind the session
- client_id (str) – Client ID in identity provider. Returned only if the session was created using client credentials
-
class
cognite.client.data_classes.iam.
Group
(name: str = None, source_id: str = None, capabilities: List[Dict[str, Any]] = None, id: int = None, is_deleted: bool = None, deleted_time: int = None, cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResource
No description.
Parameters: - name (str) – Name of the group
- source_id (str) – ID of the group in the source. If this is the same ID as a group in the IDP, a service account in that group will implicitly be a part of this group as well.
- capabilities (List[Dict[str, Any]]) – No description.
- id (int) – No description.
- is_deleted (bool) – No description.
- deleted_time (int) – No description.
- cognite_client (CogniteClient) – The client to associate with this object.
-
class
cognite.client.data_classes.iam.
GroupList
(resources: Collection[Any], cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResourceList
-
class
cognite.client.data_classes.iam.
ProjectSpec
(url_name: str, groups: List[int])¶ Bases:
cognite.client.data_classes._base.CogniteResponse
A CDF project spec
Parameters: - url_name (str) – The url name for the project
- groups (List[int]) – Group ids in the project
-
class
cognite.client.data_classes.iam.
SecurityCategory
(name: str = None, id: int = None, cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResource
No description.
Parameters: - name (str) – Name of the security category
- id (int) – Id of the security category
- cognite_client (CogniteClient) – The client to associate with this object.
-
class
cognite.client.data_classes.iam.
SecurityCategoryList
(resources: Collection[Any], cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResourceList
-
class
cognite.client.data_classes.iam.
Session
(id: int = None, type: str = None, status: str = None, creation_time: int = None, expiration_time: int = None, client_id: str = None, cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResource
Session status
Parameters: - id (int) – ID of the session.
- type (str) – Credentials kind used to create the session.
- status (str) – Current status of the session.
- creation_time (int) – Session creation time, in milliseconds since 1970
- expiration_time (int) – Session expiry time, in milliseconds since 1970. This value is updated on refreshing a token
- client_id (str) – Client ID in identity provider. Returned only if the session was created using client credentials
-
class
cognite.client.data_classes.iam.
SessionList
(resources: Collection[Any], cognite_client: CogniteClient = None)¶ Bases:
cognite.client.data_classes._base.CogniteResourceList
-
class
cognite.client.data_classes.iam.
TokenInspection
(subject: str, projects: List[cognite.client.data_classes.iam.ProjectSpec], capabilities: List[Dict[KT, VT]])¶ Bases:
cognite.client.data_classes._base.CogniteResponse
Current login status
Parameters: - subject (str) – Subject (sub claim) of JWT.
- projects (List[ProjectSpec]) – Projects this token is valid for.
- capabilities (List[Dict]) – Capabilities associated with this token.
-
dump
(camel_case: bool = False) → Dict[str, Any]¶ Dump the instance into a json serializable Python data type.
Parameters: camel_case (bool) – Use camelCase for attribute names. Defaults to False. Returns: A dictionary representation of the instance. Return type: Dict[str, Any]