This module contains an AAAAuthorizationApi class to perform oauth API operations.

The HERE API reference documentation used in this module can be found here: IAM API Reference # noqa

class here.platform.api.aaa_authorization_api.AAAAuthorizationApi(base_url: str, auth: Auth | None, platform_config: PlatformConfig, application_config: ApplicationConfig, proxies: dict | None = None)[source]#

Bases: BaseApi

This class provides access to HERE platform AAA Authorization APIs.

add_grant(resource_hrn: str, entity_id: str, action_id: str, entity_type: str) dict[source]#

Grant access to a resource to an entity

Parameters:
  • resource_hrn – The hrn that identifies the resource.

  • entity_id – The target entityId to grant access to.

  • action_id – The action to assign as allowed against the resource as read,write,manage.

  • entity_type – The type of the entity to grant access to. Must be one of user, app, or group

Returns:

a dict with grant related information.

Raises:

PlatformException – If platform responds with an HTTP error.

add_project_member(project: str, member: str)[source]#

Add the member to the requested Project

Parameters:
  • project – HRN identifying the project.

  • member – HRN identifying the project member. Either user, app or group.

Raises:

PlatformException – If platform responds with an HTTP error.

add_role_entity(role: str, entity: str)[source]#

Assign the role provided to the given entity.

Parameters:
  • role – HRN identifying a given role

  • entity – HRN identifying a given entity

Raises:

PlatformException – If platform responds with an HTTP error.

create_project(body: dict) dict[source]#

Create the requested Project.

Parameters:

body – a dictionary with fields id,name,description to create project.

Returns:

a dict with hrn of the created project.

Raises:

PlatformException – If platform responds with an HTTP error.

delete_project(project: str)[source]#

Delete the requested Project.

Parameters:

project – HRN identifying the project.

Raises:

PlatformException – If platform responds with an HTTP error.

delete_project_member(project: str, member: str)[source]#

Remove the member from the specified Project.

Parameters:
  • project – HRN identifying the project.

  • member – HRN identifying the project member. Either user, app or group.

Raises:

PlatformException – If platform responds with an HTTP error.

get_project(project: str) dict[source]#

Get the requested Project.

Parameters:

project – HRN identifying the project.

Returns:

a dict with name,description of the project.

Raises:

PlatformException – If platform responds with an HTTP error.

get_project_list(limit: str | None = None, page_token: str | None = None, can_manage: bool | None = None, is_member: bool | None = None) dict[source]#

Get the list of Projects you are a project admin or a member.

Parameters:
  • limit – Number of entries to be returned in the resp.

  • page_token – The cursor for pagination. Present only if there is an additional page of data to view.

  • can_manage – if true returns all projects of which the caller(user/app) is a project admin.

  • is_member – if true returns all projects of which the caller(user/app) is a member.

Returns:

a dict with project information.

Raises:
  • PlatformException – If platform responds with an HTTP error.

  • ValueError – If can_manage and is_member is not provided correctly.

get_roles(page_token: str | None = None, count: int | None = 100, role_name: str | None = None, resource: str | None = None) dict[source]#

Retrieve the list of roles.

Parameters:
  • page_token – The cursor for pagination. Present only if there is an additional page of data to view.

  • count – Number of records to return. Default is 100 records. Maximum is 100 records.

  • role_name – The name of the role to be returned in the result set.

  • resource – The hrn of the resource which the roles returned in the result set should be associated with.

Returns:

a dict with roles information.

Raises:

PlatformException – If platform responds with an HTTP error.

leave_project(project: str)[source]#

Remove the caller from the specified Project.

Parameters:

project – HRN identifying the project.

Raises:

PlatformException – If platform responds with an HTTP error.

list_project_members(project: str, only_include_identities: bool | None = None, limit: str | None = None, page_token: str | None = None) dict[source]#

Get the list of members of the Project

Parameters:
  • project – HRN identifying the project.

  • only_include_identities – If true, returns an effective project members list containing only user and app identities, including those that are members of the project indirectly via a group. It will also return users who are project admins of the specified project, and Resource Managers for the realm. Response will NOT include total number of identities. If false, returns users, apps, and groups that are direct members of the project, excluding any users and apps that only have membership via a group. Defaults to false.

  • limit – Number of entries to be returned in the resp.

  • page_token – The cursor for pagination. Present only if there is an additional page of data to view.

Returns:

a dict with project members information.

Raises:

PlatformException – If platform responds with an HTTP error.

list_project_resources(project: str, type: str | None = None, relation: str | None = None, limit: str | None = None, page_token: str | None = None) dict[source]#

Get the list of resources in the requested Project.

Parameters:
  • project – HRN identifying the project.

  • type – The type of the resource.

  • relation – The relation of the resource. A resource is only returned in the resp if it matches the requested relation.

  • limit – Number of entries to be returned in the resp.

  • page_token – The cursor for pagination. Present only if there is an additional page of data to view.

Returns:

a dict with resources information.

Raises:

PlatformException – If platform responds with an HTTP error.

patch_project(project: str, body: dict) dict[source]#

Update the specified Project.

Parameters:
  • project – HRN identifying the project.

  • body – a dictionary with fields name,description to update the project.

Returns:

a dict with project information.

Raises:

PlatformException – If platform responds with an HTTP error.

remove_grant(resource_hrn: str, entity_id: str, action_id: str, entity_type: str)[source]#

Revoke access to a resource from an entity.

Parameters:
  • resource_hrn – The hrn that identifies the resource.

  • entity_id – The target entityId to revoke access from.

  • action_id – The action against the resource to revoke access from as read,write,manage.

  • entity_type – The type of the entity to revoke access from. Must be one of user, app, or group.

Raises:

PlatformException – If platform responds with an HTTP error.

share_authorization(resource_hrn: str, entity_type: str, entity_id: str) dict[source]#

Share permission to a resource for an entity.

Parameters:
  • resource_hrn – The hrn that identifies the resource.

  • entity_id – The target entityId to revoke access from.

  • entity_type – The type of the entity to revoke access from. Must be one of user, app, or group.

Returns:

Response dict with authorization info.

Raises:

PlatformException – If platform responds with an HTTP error.