Module `tripleblind.agreement`

Agreements allow organizations to customize permissions for using specific assets for partners. When agreements are in place, partner teams and organizations can use the asset without requesting permission.

Global variables

var NAMESPACE_DEFAULT_USER: Special UUID which represents the current user

Functions

def has_agreement_permissions(session: Optional[Session] = None)

Verify that the user has permission to create and delete agreements

Args

session (optional):

Returns

bool: True if the user has write permission, false if read-only

Classes

class Agreement (id: UUID, asset_id: UUID)

Points to an Agreement object on the TripleBlind Router.

Agreements allow other teams to use an Asset at will without requiring express permission for each access. Agreements also specify the price the partner team pays for each access.

Class variables

var asset_id : uuid.UUID: Asset Identifier associated with this Agreement.
var id : uuid.UUID: Identifier for this Agreement.

Static methods

def create(to_team: int, asset_id: "Union[UUID, 'Asset']", asset_restricted: bool = True, expiration: str = None, run_limit: int = None, algorithm: "Union[UUID, 'Asset']" = None, algorithm_security: str = None, protocol: "Union[UUID, 'Asset']" = None, custom_protocol: "Union[UUID, str, 'Asset']" = None, only_visible: bool = False, session: Optional[Session] = None)

Create an Agreement between your team and another.

Agreements are only valid for the Asset specified unless asset restricted is explicitly set to False. If it is False, the Agreement created is valid for all of the team's Assets. If the Asset specified is an algorithm, the default security level is set to SMPC. If FED is acceptable, the user can set the algorithm_security parameter to "fed".

Agreements must specify an operation that is allowed under the terms of the Agreement. The user must specify either a TripleBlind supplied protocol or a custom Algorithm.

Expiration and Run Limit allow other teams to use your Asset at will within the bounds of those terms without requiring express permission for each access.

Only Visible overrides expiration and run limit auto-grant permission properties. Making an unpublished Asset visible to another team while still requiring permission requests for each Job.

NOTE: If an Agreement already exists, it will be returned. To modify properties you must delete the existing Agreement and create a new one.

Args

to_team : int: ID of the partner team, or "ANY" to make an Asset available to everyone without explicit permission.
asset_id : Union[Asset, UUID]: The Asset that will be governed by the Agreement.
asset_restricted : bool: Limits Agreement to only govern the asset specified. If False, the Agreement applies to any of the Team's Assets (Defaults to True).
expiration : str: ISO formatted date on which the Agreement becomes invalid.
run_limit : int: The number of jobs that can be created under the Agreement before it becomes invalid.
algorithm : UUID: ID of the algorithm that is allowed to be used on the given Asset.
algorithm_security : str: "smpc" or "fed". Specifies the level of algorithm security required to run the operation.
protocol : UUID: ID of the Protocol that is allowed under the Agreement.
custom_protocol : UUID: ID of the CustomProtocol.
only_visible : bool: If True, overrides any auto grant permission parameters, making an private Asset visible to the counterparty and usable with permission requests being granted.
session : Session, Optional: A connection session. If not specified the default session is used

Raises

TripleblindPermissionError: User is doesn't have permission to create agreements for their team or is not Asset owner.
TripleblindAssetError: Invalid parameters sent.

Returns

Agreement: The created Agreement object

Instance variables

var algorithm : UUID
var algorithm_security : str
var asset : UUID
var asset_restricted : bool
var custom_protocol : UUID
var expiration : str
var from_team : str: str: Name of the team granting access
var from_team_id : UUID: Int: ID of the teamgranting access
var is_valid : bool: Is this Agreement object valid? Forces sync with the Router.
var only_visible : bool
var protocol : UUID
var run_limit : int
var to_team : str: str: Name of the team receiving access
var to_team_id : UUID: Int: ID of the team receiving access

Methods

def remove(self, session: Optional[Session] = None)

Remove the Agreement between two teams from the associated Asset. The team can still access the asset if it is listed as discoverable, but they will require express permission with each access.

Args

session : Session, optional: A connection session. If not specified the default session is used

Returns

bool: True if the Agreement is removed from the Asset