sym.sdk.templates

Modules

sym.sdk.templates.approval

sym.sdk.templates.step

sym.sdk.templates.template

Workflow templates that can be declaratively provisioned.

class sym.sdk.templates.ApprovalTemplate(srn: Union[sym.sdk.resource.SRN, str])

Bases: sym.sdk.templates.template.Template

The ApprovalTemplate object represents a security workflow for access management supported out of the box by Sym.

classmethod approve(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)

Generates a request to fire an Event of type approve to approve an outstanding request for access to an AccessTarget.

Parameters

  • target_srn – The SRN of the AccessTarget to request access to. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested AccessTarget.

  • duration – How long the escalation should last. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested duration.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

classmethod deescalate(*, target_srn: Optional[sym.sdk.resource.SRN] = None, **kwargs)

Generates a request to fire an Event of type deescalate to begin deescalation of a User for an AccessTarget.

Parameters

  • target_srn – The SRN of the AccessTarget to deescalate the User for. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested AccessTarget.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

classmethod deny(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)

Generates a request to fire an Event of type deny to deny an outstanding request for access to an AccessTarget.

Parameters

  • target_srn – The SRN of the AccessTarget to request access to. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested AccessTarget.

  • duration – How long the escalation should last. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested duration.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

dict()

Represent this resource as a dictionary.

classmethod escalate(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)

Generates a request to fire an Event of type escalate to begin escalation of a User for an AccessTarget.

Parameters

  • target_srn – The SRN of the AccessTarget to escalate the User for. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested AccessTarget.

  • duration – How long the escalation should last. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested duration.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

classmethod ignore(*, message: Optional[str] = None, **kwargs)

Generates a request to fire an Event of type ignore to nullify the incoming Event and send a message to the acting User.

Parameters

  • message – The message to send to the User who triggered the original Event.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

property name

An alias for this resource’s slug, derived from its SRN.

classmethod prompt(**kwargs)

Generates a request to fire an Event of type prompt to pop up a modal for the User to make a request.

Parameters

**kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

classmethod request(*, target_srn: Optional[sym.sdk.resource.SRN] = None, duration: Optional[int] = None, **kwargs)

Generates a request to fire an Event of type request to submit a request for access to an AccessTarget.

Parameters

  • target_srn – The SRN of the AccessTarget to request access to. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested AccessTarget.

  • duration – How long the escalation should last. Required only if firing an Event for a Run which has not had a request submitted. Otherwise, defaults to the current Run’s requested duration.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

property srn

A SRN object that represents the unique identifier for this resource.

class sym.sdk.templates.ApprovalTemplateStep(value)

Bases: str, enum.Enum

The ApprovalTemplateStep enum lists the steps in the ApprovalTemplate, each of which can be used in hooks to fire new Events.

class sym.sdk.templates.Template(srn: Union[sym.sdk.resource.SRN, str])

Bases: sym.sdk.resource.SymResource

The Template object represents a common security workflow supported out of the box by Sym.

dict()

Represent this resource as a dictionary.

classmethod ignore(*, message: Optional[str] = None, **kwargs)

Generates a request to fire an Event of type ignore to nullify the incoming Event and send a message to the acting User.

Parameters

  • message – The message to send to the User who triggered the original Event.

  • **kwargs – Arbitrary additional values to pass through to the fired Event’s payload.

property name

An alias for this resource’s slug, derived from its SRN.

property srn

A SRN object that represents the unique identifier for this resource.

class sym.sdk.templates.TemplateStep(value)

Bases: str, enum.Enum

The TemplateStep class represents general steps which may be part of any Template.

IGNORE = 'ignore'

Fire an Event of type ignore to ullify the incoming Event and send a message to the acting User

sym.sdk.templates.get_step_output(step: Optional[sym.sdk.templates.approval.ApprovalTemplateStep] = None) dict

Returns the output returned by the specified step (or the current step if no step is specified).

For Lambda flows, this method can be used in after_escalate and after_deescalate hooks to retrieve responses from the lambda.

For example:

@hook
def after_escalate(evt):
    escalate_output = get_step_output()
    print(escalate_output["body"])

For custom Strategies, this method can be used in deescalate() to retrieve the output from the corresponding escalation by specifying the ApprovalTemplateStep.ESCALATE step:

def deescalate(self, target_id, event):
    escalate_output = get_step_output(ApprovalTemplateStep.ESCALATE)
    escalation_id = escalate_output["id"]
    ...
Parameters

step – The step for which to retrieve output. If None or omitted, returns the output for the current step.