pangea-sdk 6.2.0b2__py3-none-any.whl → 6.3.0__py3-none-any.whl

pangea/services/authz.py

@@ -1,16 +1,16 @@
 # Copyright 2022 Pangea Cyber Corporation
 # Author: Pangea Cyber Corporation
 
-# TODO: Use `list` instead of `List`.
-# ruff: noqa: UP006, UP035
-
 from __future__ import annotations
 
 import enum
-from typing import Any, Dict, List, Optional, Union
+from collections.abc import Mapping, Sequence
+from typing import Annotated, Any, Optional, Union
+
+from pydantic import Field
 
 from pangea.config import PangeaConfig
-from pangea.response import APIRequestModel, APIResponseModel, PangeaResponse, PangeaResponseResult
+from pangea.response import APIRequestModel, APIResponseModel, PangeaDateTime, PangeaResponse, PangeaResponseResult
 from pangea.services.base import ServiceBase
 
 
@@ -47,20 +47,18 @@ class Resource(PangeaResponseResult):
 
 class Subject(PangeaResponseResult):
     type: str
-    id: Optional[str] = None
-    action: Optional[str] = None
+    id: Annotated[str, Field(pattern="^([a-zA-Z0-9_][a-zA-Z0-9/|_.@-]*)$")]
+    action: Annotated[Optional[str], Field(pattern="^([a-zA-Z0-9_][a-zA-Z0-9/|_]*)$")] = None
 
 
 class Tuple(PangeaResponseResult):
     resource: Resource
-    relation: str
+    relation: Annotated[str, Field(pattern="^([a-zA-Z0-9_][a-zA-Z0-9/|_]*)$")]
     subject: Subject
-    expires_at: Optional[str] = None
+    expires_at: Optional[PangeaDateTime] = None
     """A time in ISO-8601 format"""
-
-
-class TupleCreateRequest(APIRequestModel):
-    tuples: List[Tuple]
+    attributes: Optional[dict[str, Any]] = None
+    """A JSON object of attribute data."""
 
 
 class TupleCreateResult(PangeaResponseResult):
@@ -70,54 +68,54 @@ class TupleCreateResult(PangeaResponseResult):
 class TupleListFilter(APIRequestModel):
     resource_type: Optional[str] = None
     """Only records where resource type equals this value."""
-    resource_type__contains: Optional[List[str]] = None
+    resource_type__contains: Optional[list[str]] = None
     """Only records where resource type includes each substring."""
-    resource_type__in: Optional[List[str]] = None
+    resource_type__in: Optional[list[str]] = None
     """Only records where resource type equals one of the provided substrings."""
     resource_id: Optional[str] = None
     """Only records where resource id equals this value."""
-    resource_id__contains: Optional[List[str]] = None
+    resource_id__contains: Optional[list[str]] = None
     """Only records where resource id includes each substring."""
-    resource_id__in: Optional[List[str]] = None
+    resource_id__in: Optional[list[str]] = None
     """Only records where resource id equals one of the provided substrings."""
     relation: Optional[str] = None
     """Only records where relation equals this value."""
-    relation__contains: Optional[List[str]] = None
+    relation__contains: Optional[list[str]] = None
     """Only records where relation includes each substring."""
-    relation__in: Optional[List[str]] = None
+    relation__in: Optional[list[str]] = None
     """Only records where relation equals one of the provided substrings."""
     subject_type: Optional[str] = None
     """Only records where subject type equals this value."""
-    subject_type__contains: Optional[List[str]] = None
+    subject_type__contains: Optional[list[str]] = None
     """Only records where subject type includes each substring."""
-    subject_type__in: Optional[List[str]] = None
+    subject_type__in: Optional[list[str]] = None
     """Only records where subject type equals one of the provided substrings."""
     subject_id: Optional[str] = None
     """Only records where subject id equals this value."""
-    subject_id__contains: Optional[List[str]] = None
+    subject_id__contains: Optional[list[str]] = None
     """Only records where subject id includes each substring."""
-    subject_id__in: Optional[List[str]] = None
+    subject_id__in: Optional[list[str]] = None
     """Only records where subject id equals one of the provided substrings."""
     subject_action: Optional[str] = None
     """Only records where subject action equals this value."""
-    subject_action__contains: Optional[List[str]] = None
+    subject_action__contains: Optional[list[str]] = None
     """Only records where subject action includes each substring."""
-    subject_action__in: Optional[List[str]] = None
+    subject_action__in: Optional[list[str]] = None
     """Only records where subject action equals one of the provided substrings."""
-    expires_at: Optional[str] = None
+    expires_at: Optional[PangeaDateTime] = None
     """Only records where expires_at equals this value."""
-    expires_at__gt: Optional[str] = None
+    expires_at__gt: Optional[PangeaDateTime] = None
     """Only records where expires_at is greater than this value."""
-    expires_at__gte: Optional[str] = None
+    expires_at__gte: Optional[PangeaDateTime] = None
     """Only records where expires_at is greater than or equal to this value."""
-    expires_at__lt: Optional[str] = None
+    expires_at__lt: Optional[PangeaDateTime] = None
     """Only records where expires_at is less than this value."""
-    expires_at__lte: Optional[str] = None
+    expires_at__lte: Optional[PangeaDateTime] = None
     """Only records where expires_at is less than or equal to this value."""
 
 
 class TupleListRequest(APIRequestModel):
-    filter: Optional[Union[Dict, TupleListFilter]] = None
+    filter: Optional[Union[dict, TupleListFilter]] = None
     size: Optional[int] = None
     last: Optional[str] = None
     order: Optional[ItemOrder] = None
@@ -125,37 +123,27 @@ class TupleListRequest(APIRequestModel):
 
 
 class TupleListResult(PangeaResponseResult):
-    tuples: List[Tuple]
+    tuples: list[Tuple]
     last: str
     count: int
 
 
 class TupleDeleteRequest(APIRequestModel):
-    tuples: List[Tuple]
+    tuples: list[Tuple]
 
 
 class TupleDeleteResult(PangeaResponseResult):
     pass
 
 
-class CheckRequest(APIRequestModel):
-    resource: Resource
-    action: str
-    subject: Subject
-    debug: Optional[bool] = None
-    """In the event of an allowed check, return a path that granted access."""
-    attributes: Optional[Dict[str, Any]] = None
-    """A JSON object of attribute data."""
-
-
 class DebugPath(APIResponseModel):
-    type: str
-    id: str
+    type: Optional[str] = None
+    id: Optional[str] = None
     action: Optional[str] = None
 
 
 class Debug(APIResponseModel):
-    path: List[DebugPath]
+    path: list[DebugPath]
 
 
 class CheckResult(PangeaResponseResult):
@@ -166,27 +154,47 @@ class CheckResult(PangeaResponseResult):
     debug: Optional[Debug] = None
 
 
+class BulkCheckRequestItem(APIRequestModel):
+    resource: Resource
+    action: Annotated[str, Field(pattern="^([a-zA-Z0-9_][a-zA-Z0-9/|_]*)$")]
+    subject: Subject
+
+
+class BulkCheckItemResult(APIResponseModel):
+    checked: str
+    allowed: bool
+    depth: int
+    debug: Optional[Debug] = None
+
+
+class BulkCheckResult(PangeaResponseResult):
+    schema_id: str
+    schema_version: int
+    allowed: bool
+    results: list[BulkCheckItemResult]
+
+
 class ListResourcesRequest(APIRequestModel):
     type: str
     action: str
     subject: Subject
-    attributes: Optional[Dict[str, Any]] = None
+    attributes: Optional[dict[str, Any]] = None
 
 
 class ListResourcesResult(PangeaResponseResult):
-    ids: List[str]
+    ids: list[str]
 
 
 class ListSubjectsRequest(APIRequestModel):
     resource: Resource
     action: str
-    attributes: Optional[Dict[str, Any]] = None
+    attributes: Optional[dict[str, Any]] = None
     debug: Optional[bool] = None
     """Return a path for each found subject"""
 
 
 class ListSubjectsResult(PangeaResponseResult):
-    subjects: List[Subject]
+    subjects: list[Subject]
 
 
 class AuthZ(ServiceBase):
@@ -232,7 +240,7 @@ class AuthZ(ServiceBase):
 
         super().__init__(token, config, logger_name, config_id=config_id)
 
-    def tuple_create(self, tuples: list[Tuple]) -> PangeaResponse[TupleCreateResult]:
+    def tuple_create(self, tuples: Sequence[Tuple]) -> PangeaResponse[TupleCreateResult]:
         """Create tuples.
 
         Create tuples in the AuthZ Service. The request will fail if there is no schema
@@ -261,8 +269,7 @@ class AuthZ(ServiceBase):
             )
         """
 
-        input_data = TupleCreateRequest(tuples=tuples)
-        return self.request.post("v1/tuple/create", TupleCreateResult, data=input_data.model_dump(exclude_none=True))
+        return self.request.post("v1/tuple/create", TupleCreateResult, data={"tuples": tuples})
 
     def tuple_list(
         self,
@@ -337,8 +344,9 @@ class AuthZ(ServiceBase):
         resource: Resource,
         action: str,
         subject: Subject,
+        *,
         debug: bool | None = None,
-        attributes: dict[str, Any] | None = None,
+        attributes: Mapping[str, Any] | None = None,
     ) -> PangeaResponse[CheckResult]:
         """Perform a check request.
 
@@ -349,7 +357,7 @@ class AuthZ(ServiceBase):
             action: The action to check.
             subject: The subject to check.
             debug: In the event of an allowed check, return a path that granted access.
-            attributes: Additional attributes for the check.
+            attributes: A JSON object of attribute data.
 
         Raises:
             PangeaAPIException: If an API Error happens.
@@ -368,8 +376,44 @@ class AuthZ(ServiceBase):
             )
         """
 
-        input_data = CheckRequest(resource=resource, action=action, subject=subject, debug=debug, attributes=attributes)
-        return self.request.post("v1/check", CheckResult, data=input_data.model_dump(exclude_none=True))
+        return self.request.post(
+            "v1/check",
+            CheckResult,
+            data={"resource": resource, "action": action, "subject": subject, "debug": debug, "attributes": attributes},
+        )
+
+    def bulk_check(
+        self,
+        checks: Sequence[BulkCheckRequestItem],
+        *,
+        debug: bool | None = None,
+        attributes: Mapping[str, Any] | None = None,
+    ) -> PangeaResponse[BulkCheckResult]:
+        """Perform a bulk check request
+
+        Perform multiple checks in a single request to see if a subjects have
+        permission to do actions on the resources.
+
+        Args:
+            checks: Check requests to perform.
+            debug: In the event of an allowed check, return a path that granted access.
+            attributes: A JSON object of attribute data.
+
+        Examples:
+            authz.bulk_check(
+                checks=[
+                    BulkCheckRequestItem(
+                        resource=Resource(type="file", id="file_1"),
+                        action="read",
+                        subject=Subject(type="user", id="user_1", action="read"),
+                    )
+                ]
+            )
+        """
+
+        return self.request.post(
+            "v1/check/bulk", BulkCheckResult, data={"checks": checks, "debug": debug, "attributes": attributes}
+        )
 
     def list_resources(
         self, type: str, action: str, subject: Subject, attributes: dict[str, Any] | None = None

pangea/services/base.py

@@ -8,7 +8,7 @@ from __future__ import annotations
 
 import copy
 import logging
-from typing import Dict, Optional, Type, Union
+from typing import Optional, Type, Union
 
 from typing_extensions import TypeVar
 
@@ -47,8 +47,7 @@ class ServiceBase:
         self._token = token
         self.config_id: Optional[str] = config_id
         self._request: Optional[Union[PangeaRequest, PangeaRequestAsync]] = None
-        extra_headers: Dict = {}
-        self.request.set_extra_headers(extra_headers)
+        self.request.set_extra_headers({})
 
     @property
     def token(self) -> str:

pangea/services/intel.py

@@ -8,7 +8,7 @@ from __future__ import annotations
 
 import enum
 import hashlib
-from typing import Dict, List, Optional
+from typing import Dict, List, Literal, Optional
 
 from pangea.exceptions import PangeaException
 from pangea.response import APIRequestModel, PangeaResponse, PangeaResponseResult
@@ -65,8 +65,20 @@ class FileReputationBulkRequest(APIRequestModel):
     hash_type (str): Type of hash, can be "sha256", "sha" or "md5"
     """
 
-    hashes: List[str]
-    hash_type: str
+    hashes: list[str]
+    """The hash of the file to be looked up"""
+
+    hash_type: Literal["sha256", "sha", "md5"]
+    """One of "sha256", "sha", "md5"."""
+
+    verbose: Optional[bool] = None
+    """Echo the API parameters in the response"""
+
+    raw: Optional[bool] = None
+    """Include raw data from this provider"""
+
+    provider: Optional[Literal["reversinglabs", "crowdstrike"]] = None
+    """Use reputation data from this provider"""
 
 
 class FileReputationData(IntelReputationData):
@@ -360,7 +372,8 @@ class DomainWhoIsRequest(DomainCommonRequest):
     Domain whois request data
     """
 
-    pass
+    domain: str
+    """The domain to query."""
 
 
 class DomainWhoIsData(PangeaResponseResult):
@@ -534,11 +547,11 @@ class FileIntel(ServiceBase):
 
     def hash_reputation_bulk(
         self,
-        hashes: List[str],
-        hash_type: str,
-        provider: Optional[str] = None,
-        verbose: Optional[bool] = None,
-        raw: Optional[bool] = None,
+        hashes: list[str],
+        hash_type: Literal["sha256", "sha", "md5"],
+        provider: Literal["reversinglabs", "crowdstrike"] | None = None,
+        verbose: bool | None = None,
+        raw: bool | None = None,
     ) -> PangeaResponse[FileReputationBulkResult]:
         """
         Reputation check V2
@@ -566,7 +579,7 @@ class FileIntel(ServiceBase):
                 provider="reversinglabs",
             )
         """
-        input = FileReputationBulkRequest(  # type: ignore[call-arg]
+        input = FileReputationBulkRequest(
             hashes=hashes, hash_type=hash_type, verbose=verbose, raw=raw, provider=provider
         )
         return self.request.post("v2/reputation", FileReputationBulkResult, data=input.model_dump(exclude_none=True))
@@ -614,10 +627,10 @@ class FileIntel(ServiceBase):
 
     def filepath_reputation_bulk(
         self,
-        filepaths: List[str],
-        provider: Optional[str] = None,
-        verbose: Optional[bool] = None,
-        raw: Optional[bool] = None,
+        filepaths: list[str],
+        provider: Literal["reversinglabs", "crowdstrike"] | None = None,
+        verbose: bool | None = None,
+        raw: bool | None = None,
     ) -> PangeaResponse[FileReputationBulkResult]:
         """
         Reputation, from filepath V2
@@ -628,10 +641,10 @@ class FileIntel(ServiceBase):
         OperationId: file_intel_post_v2_reputation
 
         Args:
-            filepaths (List[str]): The path list to the files to be looked up
-            provider (str, optional): Use reputation data from these providers: "reversinglabs" or "crowdstrike"
-            verbose (bool, optional): Echo the API parameters in the response
-            raw (bool, optional): Include raw data from this provider
+            filepaths: The path list to the files to be looked up
+            provider: Use reputation data from these providers: "reversinglabs" or "crowdstrike"
+            verbose: Echo the API parameters in the response
+            raw: Include raw data from this provider
 
         Raises:
             PangeaAPIException: If an API Error happens
@@ -781,7 +794,7 @@ class DomainIntel(ServiceBase):
                 provider="whoisxml",
             )
         """
-        input = DomainWhoIsRequest(domain=domain, verbose=verbose, provider=provider, raw=raw)  # type: ignore[call-arg]
+        input = DomainWhoIsRequest(domain=domain, verbose=verbose, provider=provider, raw=raw)
         return self.request.post("v1/whois", DomainWhoIsResult, data=input.model_dump(exclude_none=True))
 
 

pangea/services/prompt_guard.py

@@ -1,12 +1,9 @@
 from __future__ import annotations
 
-from collections.abc import Mapping
-from typing import TYPE_CHECKING, Annotated, Literal, Optional
-
-from pydantic import BaseModel, Field
+from typing import TYPE_CHECKING, Literal, Optional
 
 from pangea.config import PangeaConfig
-from pangea.response import APIRequestModel, APIResponseModel, PangeaDateTime, PangeaResponse, PangeaResponseResult
+from pangea.response import APIRequestModel, APIResponseModel, PangeaResponse, PangeaResponseResult
 from pangea.services.base import ServiceBase
 
 if TYPE_CHECKING:
@@ -49,92 +46,6 @@ class GuardResult(PangeaResponseResult):
     """List of classification results with labels and confidence scores"""
 
 
-class Areas(BaseModel):
-    malicious_prompt: Optional[bool] = None
-    benign_prompt: Optional[bool] = None
-
-
-class AuditDataActivityConfig(BaseModel):
-    enabled: bool
-    audit_service_config_id: str
-    areas: Areas
-
-
-class ServiceConfig(BaseModel):
-    id: Optional[str] = None
-    version: Optional[str] = None
-    analyzers: Optional[dict[str, bool]] = None
-    malicious_detection_threshold: Annotated[Optional[float], Field(ge=0.0, le=1.0)] = None
-    benign_detection_threshold: Annotated[Optional[float], Field(ge=0.0, le=1.0)] = None
-    audit_data_activity: Optional[AuditDataActivityConfig] = None
-
-
-class ServiceConfigFilter(BaseModel):
-    id: Optional[str] = None
-    """
-    Only records where id equals this value.
-    """
-    id__contains: Optional[list[str]] = None
-    """
-    Only records where id includes each substring.
-    """
-    id__in: Optional[list[str]] = None
-    """
-    Only records where id equals one of the provided substrings.
-    """
-    created_at: Optional[PangeaDateTime] = None
-    """
-    Only records where created_at equals this value.
-    """
-    created_at__gt: Optional[PangeaDateTime] = None
-    """
-    Only records where created_at is greater than this value.
-    """
-    created_at__gte: Optional[PangeaDateTime] = None
-    """
-    Only records where created_at is greater than or equal to this value.
-    """
-    created_at__lt: Optional[PangeaDateTime] = None
-    """
-    Only records where created_at is less than this value.
-    """
-    created_at__lte: Optional[PangeaDateTime] = None
-    """
-    Only records where created_at is less than or equal to this value.
-    """
-    updated_at: Optional[PangeaDateTime] = None
-    """
-    Only records where updated_at equals this value.
-    """
-    updated_at__gt: Optional[PangeaDateTime] = None
-    """
-    Only records where updated_at is greater than this value.
-    """
-    updated_at__gte: Optional[PangeaDateTime] = None
-    """
-    Only records where updated_at is greater than or equal to this value.
-    """
-    updated_at__lt: Optional[PangeaDateTime] = None
-    """
-    Only records where updated_at is less than this value.
-    """
-    updated_at__lte: Optional[PangeaDateTime] = None
-    """
-    Only records where updated_at is less than or equal to this value.
-    """
-
-
-class ServiceConfigsPage(PangeaResponseResult):
-    count: Optional[int] = None
-    """The total number of service configs matched by the list request."""
-    last: Optional[str] = None
-    """
-    Used to fetch the next page of the current listing when provided in a
-    repeated request's last parameter.
-    """
-    items: Optional[list[ServiceConfig]] = None
-
-
 class PromptGuard(ServiceBase):
     """Prompt Guard service client.
 
@@ -205,105 +116,3 @@ class PromptGuard(ServiceBase):
             GuardResult,
             data={"messages": messages, "analyzers": analyzers, "classify": classify},
         )
-
-    def get_service_config(
-        self,
-        *,
-        id: str | None = None,
-        version: str | None = None,
-        analyzers: Mapping[str, bool] | None = None,
-        malicious_detection_threshold: float | None = None,
-        benign_detection_threshold: float | None = None,
-        audit_data_activity: AuditDataActivityConfig | None = None,
-    ) -> PangeaResponse[PangeaResponseResult]:
-        """
-        OperationId: prompt_guard_post_v1beta_config
-        """
-        return self.request.post(
-            "v1beta/config",
-            data={
-                "id": id,
-                "version": version,
-                "analyzers": analyzers,
-                "malicious_detection_threshold": malicious_detection_threshold,
-                "benign_detection_threshold": benign_detection_threshold,
-                "audit_data_activity": audit_data_activity,
-            },
-            result_class=PangeaResponseResult,
-        )
-
-    def create_service_config(
-        self,
-        *,
-        id: str | None = None,
-        version: str | None = None,
-        analyzers: Mapping[str, bool] | None = None,
-        malicious_detection_threshold: float | None = None,
-        benign_detection_threshold: float | None = None,
-        audit_data_activity: AuditDataActivityConfig | None = None,
-    ) -> PangeaResponse[PangeaResponseResult]:
-        """
-        OperationId: prompt_guard_post_v1beta_config_create
-        """
-        return self.request.post(
-            "v1beta/config/create",
-            data={
-                "id": id,
-                "version": version,
-                "analyzers": analyzers,
-                "malicious_detection_threshold": malicious_detection_threshold,
-                "benign_detection_threshold": benign_detection_threshold,
-                "audit_data_activity": audit_data_activity,
-            },
-            result_class=PangeaResponseResult,
-        )
-
-    def update_service_config(
-        self,
-        *,
-        id: str | None = None,
-        version: str | None = None,
-        analyzers: Mapping[str, bool] | None = None,
-        malicious_detection_threshold: float | None = None,
-        benign_detection_threshold: float | None = None,
-        audit_data_activity: AuditDataActivityConfig | None = None,
-    ) -> PangeaResponse[PangeaResponseResult]:
-        """
-        OperationId: prompt_guard_post_v1beta_config_update
-        """
-        return self.request.post(
-            "v1beta/config/update",
-            data={
-                "id": id,
-                "version": version,
-                "analyzers": analyzers,
-                "malicious_detection_threshold": malicious_detection_threshold,
-                "benign_detection_threshold": benign_detection_threshold,
-                "audit_data_activity": audit_data_activity,
-            },
-            result_class=PangeaResponseResult,
-        )
-
-    def delete_service_config(self, id: str) -> PangeaResponse[PangeaResponseResult]:
-        """
-        OperationId: prompt_guard_post_v1beta_config_delete
-        """
-        return self.request.post("v1beta/config/delete", data={"id": id}, result_class=PangeaResponseResult)
-
-    def list_service_configs(
-        self,
-        *,
-        filter: ServiceConfigFilter | None = None,
-        last: str | None = None,
-        order: Literal["asc", "desc"] | None = None,
-        order_by: Literal["id", "created_at", "updated_at"] | None = None,
-        size: int | None = None,
-    ) -> PangeaResponse[ServiceConfigsPage]:
-        """
-        OperationId: prompt_guard_post_v1beta_config_list
-        """
-        return self.request.post(
-            "v1beta/config/list",
-            data={"filter": filter, "last": last, "order": order, "order_by": order_by, "size": size},
-            result_class=ServiceConfigsPage,
-        )