sym.sdk.templates¶
Modules
Workflow templates that can be declaratively provisioned.
- class sym.sdk.templates.ApprovalTemplate(srn: Union[sym.sdk.resource.SRN, str])¶
Bases:
sym.sdk.templates.template.Template
The
ApprovalTemplate
object represents a security workflow for access management supported out of the box by Sym.Read more about the sym:approval
Template
.- classmethod approve(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)¶
Generates a request to fire an
Event
of typeapprove
to approve an outstanding request for access to anAccessTarget
.- Parameters
target_srn – The
SRN
of theAccessTarget
to request access to. Required only if firing anEvent
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requestedAccessTarget
.duration – How long the escalation should last. Required only if firing an
Event
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requested duration.**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- classmethod deescalate(*, target_srn: Optional[sym.sdk.resource.SRN] = None, **kwargs)¶
Generates a request to fire an
Event
of typedeescalate
to begin deescalation of aUser
for anAccessTarget
.- Parameters
target_srn – The
SRN
of theAccessTarget
to deescalate theUser
for. Required only if firing anEvent
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requestedAccessTarget
.**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- classmethod deny(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)¶
Generates a request to fire an
Event
of typedeny
to deny an outstanding request for access to anAccessTarget
.- Parameters
target_srn – The
SRN
of theAccessTarget
to request access to. Required only if firing anEvent
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requestedAccessTarget
.duration – How long the escalation should last. Required only if firing an
Event
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requested duration.**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- dict()¶
Represent this resource as a dictionary.
- classmethod escalate(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)¶
Generates a request to fire an
Event
of typeescalate
to begin escalation of aUser
for anAccessTarget
.- Parameters
target_srn – The
SRN
of theAccessTarget
to escalate theUser
for. Required only if firing anEvent
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requestedAccessTarget
.duration – How long the escalation should last. Required only if firing an
Event
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requested duration.**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- classmethod ignore(*, message: Optional[str] = None, **kwargs)¶
Generates a request to fire an
Event
of typeignore
to nullify the incomingEvent
and send a message to the actingUser
.
- classmethod prompt(**kwargs)¶
Generates a request to fire an
Event
of typeprompt
to pop up a modal for theUser
to make a request.- Parameters
**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- classmethod request(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)¶
Generates a request to fire an
Event
of typerequest
to submit a request for access to anAccessTarget
.- Parameters
target_srn – The
SRN
of theAccessTarget
to request access to. Required only if firing anEvent
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requestedAccessTarget
.duration – How long the escalation should last. Required only if firing an
Event
for aRun
which has not had a request submitted. Otherwise, defaults to the currentRun
’s requested duration.**kwargs – Arbitrary additional values to pass through to the fired
Event
’s payload.
- class sym.sdk.templates.ApprovalTemplateStep(value)¶
-
The
ApprovalTemplateStep
enum lists the steps in theApprovalTemplate
, each of which can be used in hooks to fire newEvents
.Read more about the steps of the sym:approval template.
- class sym.sdk.templates.Template(srn: Union[sym.sdk.resource.SRN, str])¶
Bases:
sym.sdk.resource.SymResource
The
Template
object represents a common security workflow supported out of the box by Sym.Read more about Templates.
- dict()¶
Represent this resource as a dictionary.
- class sym.sdk.templates.TemplateStep(value)¶
-
The
TemplateStep
class represents general steps which may be part of anyTemplate
.
- sym.sdk.templates.get_step_output(step: Optional[sym.sdk.templates.approval.ApprovalTemplateStep] = None) dict ¶
Returns the output returned by the specified step (or the current step if no step is specified).
For Lambda flows, this method can be used in after_escalate and after_deescalate hooks to retrieve responses from the lambda.
For example:
@hook def after_escalate(evt): escalate_output = get_step_output() print(escalate_output["body"])
For
custom Strategies
, this method can be used indeescalate()
to retrieve the output from the corresponding escalation by specifying theApprovalTemplateStep.ESCALATE
step:def deescalate(self, target_id, event): escalate_output = get_step_output(ApprovalTemplateStep.ESCALATE) escalation_id = escalate_output["id"] ...
- Parameters
step – The step for which to retrieve output. If
None
or omitted, returns the output for the current step.