kelp.models.abac¶
Reference for the abac configuration model.
pydantic-model
¶
Bases: BaseModel
A MATCH COLUMNS clause item.
Show JSON schema:
{
"description": "A MATCH COLUMNS clause item.",
"properties": {
"condition": {
"description": "hasTag/hasTagValue condition expression",
"title": "Condition",
"type": "string"
},
"alias": {
"description": "Alias used in USING COLUMNS",
"title": "Alias",
"type": "string"
}
},
"required": [
"condition",
"alias"
],
"title": "AbacMatchColumn",
"type": "object"
}
Fields:
pydantic-model
¶
Bases: BaseModel
ABAC policy definition for Unity Catalog.
Show JSON schema:
{
"$defs": {
"AbacMatchColumn": {
"description": "A MATCH COLUMNS clause item.",
"properties": {
"condition": {
"description": "hasTag/hasTagValue condition expression",
"title": "Condition",
"type": "string"
},
"alias": {
"description": "Alias used in USING COLUMNS",
"title": "Alias",
"type": "string"
}
},
"required": [
"condition",
"alias"
],
"title": "AbacMatchColumn",
"type": "object"
}
},
"description": "ABAC policy definition for Unity Catalog.",
"properties": {
"name": {
"description": "Policy name",
"title": "Name",
"type": "string"
},
"securable_type": {
"description": "Target securable type",
"enum": [
"CATALOG",
"SCHEMA",
"TABLE"
],
"title": "Securable Type",
"type": "string"
},
"securable_name": {
"description": "Target securable fully qualified name",
"title": "Securable Name",
"type": "string"
},
"description": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"description": "Policy comment",
"title": "Description"
},
"mode": {
"description": "Policy operation mode",
"enum": [
"ROW_FILTER",
"COLUMN_MASK"
],
"title": "Mode",
"type": "string"
},
"udf_name": {
"description": "UDF name referenced by policy",
"title": "Udf Name",
"type": "string"
},
"target_column": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"description": "Target column for COLUMN MASK policies",
"title": "Target Column"
},
"principals_to": {
"description": "Principals in TO clause",
"items": {
"type": "string"
},
"title": "Principals To",
"type": "array"
},
"principals_except": {
"description": "Principals in EXCEPT clause",
"items": {
"type": "string"
},
"title": "Principals Except",
"type": "array"
},
"for_tables_when": {
"anyOf": [
{
"type": "string"
},
{
"type": "null"
}
],
"default": null,
"description": "Optional FOR TABLES WHEN expression",
"title": "For Tables When"
},
"match_columns": {
"description": "MATCH COLUMNS clauses",
"items": {
"$ref": "#/$defs/AbacMatchColumn"
},
"title": "Match Columns",
"type": "array"
},
"using_columns": {
"description": "USING COLUMNS aliases",
"items": {
"type": "string"
},
"title": "Using Columns",
"type": "array"
},
"meta": {
"additionalProperties": true,
"description": "Generic user-defined metadata for filtering and grouping",
"title": "Meta",
"type": "object"
}
},
"required": [
"name",
"securable_type",
"securable_name",
"mode",
"udf_name"
],
"title": "AbacPolicy",
"type": "object"
}
Config:
validate_by_name:Truevalidate_by_alias:True
Fields:
-
origin_file_path(SkipJsonSchema[str] | None) -
name(str) -
securable_type(Literal['CATALOG', 'SCHEMA', 'TABLE']) -
securable_name(str) -
description(str | None) -
mode(Literal['ROW_FILTER', 'COLUMN_MASK']) -
udf_name(str) -
target_column(str | None) -
principals_to(list[str]) -
principals_except(list[str]) -
for_tables_when(str | None) -
match_columns(list[AbacMatchColumn]) -
using_columns(list[str]) -
meta(dict[str, Any]) -
raw_config(SkipJsonSchema[dict])