Module tripleblind.agreement

Agreements allow organizations to customize permissions for using specific assets for partners. When agreements are in place, partner teams and organizations can use the asset without requesting permission.

Global variables

var NAMESPACE_DEFAULT_USER

Special UUID which represents the current user

Functions

def has_agreement_permissions(session: Optional[Session] = None)

Verify that the user has permission to create and delete agreements

Args

session (optional):

Returns

bool
True if the user has write permission, false if read-only

Classes

class Agreement (id: UUID, asset_id: UUID)

Points to an Agreement object on the TripleBlind Router.

Agreements allow other teams to use an Asset at will without requiring express permission for each access. Agreements also specify the price the partner team pays for each access.

Class variables

var asset_id : uuid.UUID

Asset Identifier associated with this Agreement.

var id : uuid.UUID

Identifier for this Agreement.

Static methods

def create(to_team: int, asset_id: "Union[UUID, 'Asset']", asset_restricted: bool = True, expiration: str = None, run_limit: int = None, algorithm: "Union[UUID, 'Asset']" = None, algorithm_security: str = None, protocol: "Union[UUID, 'Asset']" = None, custom_protocol: "Union[UUID, str, 'Asset']" = None, only_visible: bool = False, session: Optional[Session] = None)

Create an Agreement between your team and another.

Agreements are only valid for the Asset specified unless asset restricted is explicitly set to False. If it is False, the Agreement created is valid for all of the team's Assets. If the Asset specified is an algorithm, the default security level is set to SMPC. If FED is acceptable, the user can set the algorithm_security parameter to "fed".

Agreements must specify an operation that is allowed under the terms of the Agreement. The user must specify either a TripleBlind supplied protocol or a custom Algorithm.

Expiration and Run Limit allow other teams to use your Asset at will within the bounds of those terms without requiring express permission for each access.

Only Visible overrides expiration and run limit auto-grant permission properties. Making an unpublished Asset visible to another team while still requiring permission requests for each Job.

NOTE: If an Agreement already exists, it will be returned. To modify properties you must delete the existing Agreement and create a new one.

Args

to_team : int
ID of the partner team, or "ANY" to make an Asset available to everyone without explicit permission.
asset_id : Union[Asset, UUID]
The Asset that will be governed by the Agreement.
asset_restricted : bool
Limits Agreement to only govern the asset specified. If False, the Agreement applies to any of the Team's Assets (Defaults to True).
expiration : str
ISO formatted date on which the Agreement becomes invalid.
run_limit : int
The number of jobs that can be created under the Agreement before it becomes invalid.
algorithm : UUID
ID of the algorithm that is allowed to be used on the given Asset.
algorithm_security : str
"smpc" or "fed". Specifies the level of algorithm security required to run the operation.
protocol : UUID
ID of the Protocol that is allowed under the Agreement.
custom_protocol : UUID
ID of the CustomProtocol.
only_visible : bool
If True, overrides any auto grant permission parameters, making an private Asset visible to the counterparty and usable with permission requests being granted.
session : Session, Optional
A connection session. If not specified the default session is used

Raises

TripleblindPermissionError
User is doesn't have permission to create agreements for their team or is not Asset owner.
TripleblindAssetError
Invalid parameters sent.

Returns

Agreement
The created Agreement object

Instance variables

var algorithm : UUID
var algorithm_security : str
var asset : UUID
var asset_restricted : bool
var custom_protocol : UUID
var expiration : str
var from_team : str

str: Name of the team granting access

var from_team_id : UUID

Int: ID of the teamgranting access

var is_valid : bool

Is this Agreement object valid? Forces sync with the Router.

var only_visible : bool
var protocol : UUID
var run_limit : int
var to_team : str

str: Name of the team receiving access

var to_team_id : UUID

Int: ID of the team receiving access

Methods

def remove(self, session: Optional[Session] = None)

Remove the Agreement between two teams from the associated Asset. The team can still access the asset if it is listed as discoverable, but they will require express permission with each access.

Args

session : Session, optional
A connection session. If not specified the default session is used

Returns

bool
True if the Agreement is removed from the Asset