Skip to main content

Policy API Reference

View Markdown

Policy API Reference

Customer-hosted cloud features

note

Some features are only available on customer-hosted clouds. Reach out to support@anyscale.com for info.

Policy CLI

anyscale policy set

Usage

anyscale policy set [OPTIONS]

Set user group permission policy for a resource.

The config file should be in YAML format with bindings list.

Example policy.yaml:

 bindings:

  • role_name: collaborator principals:
    • ug_abc123
  • role_name: readonly principals:
    • ug_def456
    • ug_ghi789

Valid role_name values:

 Cloud: collaborator, readonly Project: collaborator, readonly Organization: owner, collaborator

Options

  • --resource-type: Resource type ('cloud', 'project', or 'organization').
  • --resource-id: Resource ID (e.g., cld_abc123, prj_xyz789, org_def456).
  • -f/--config-file: Path to a YAML config file with policy bindings.

Examples

$ anyscale policy set --resource-type cloud --resource-id cld_abc123 -f policy.yaml
(anyscale +0.5s) Setting policy for cloud cld_abc123...
(anyscale +1.2s) Policy for cloud cld_abc123 has been updated.

$ cat policy.yaml
bindings:
  - role_name: collaborator
    principals:
      - ug_abc123
  - role_name: readonly
    principals:
      - ug_def456
      - ug_ghi789

anyscale policy get

Usage

anyscale policy get [OPTIONS]

Get user group permission policy for a resource.

Options

  • --resource-type: Resource type ('cloud', 'project', or 'organization').
  • --resource-id: Resource ID (e.g., cld_abc123, prj_xyz789, org_def456).

Examples

$ anyscale policy get --resource-type cloud --resource-id cld_abc123
(anyscale +0.5s) Policy for cloud cld_abc123:
Role      Principal (User Group ID)  Process Status
--------  -------------------------  --------------
collaborator  ug_abc123              success
readonly  ug_def456                  success
readonly  ug_ghi789                  success

anyscale policy list

Usage

anyscale policy list [OPTIONS]

List permission policies for all resources of a specific type.

Only shows resources that have bindings configured.

Options

  • --resource-type: Resource type to list policies for ('cloud' or 'project').

Examples

$ anyscale policy list --resource-type cloud
(anyscale +0.6s) cloud: cld_abc123
Role      Principal (User Group ID)  Process Status
--------  -------------------------  --------------
collaborator  ug_abc123              success
readonly  ug_def456                  success

(anyscale +0.6s) cloud: cld_xyz789
Role      Principal (User Group ID)  Process Status
--------  -------------------------  --------------
collaborator  ug_ghi789              pending

Policy SDK

anyscale.policy.set

Set user group permission policy for a resource.

Valid role_name values by resource type:

Cloud:

  • collaborator: Read/write access (create, read, update, delete)
  • readonly: Read-only access

Project:

  • collaborator: Read/write access (create, read, update)
  • readonly: Read-only access

Organization:

  • owner: Full control (write + collaborator management)
  • collaborator: Read/write access to organization resources

Arguments

  • resource_type (str): Resource type ('cloud', 'project', or 'organization').
  • resource_id (str): Resource ID (e.g., cld_abc123, prj_xyz789, org_def456).
  • config (PolicyConfig): Policy configuration with role bindings.

Examples

import anyscale
from anyscale.policy.models import PolicyConfig, PolicyBinding

policy_config = PolicyConfig(
    bindings=[
        PolicyBinding(role_name="collaborator", principals=["ug_abc123"]),
        PolicyBinding(role_name="readonly", principals=["ug_def456", "ug_ghi789"]),
    ]
)
anyscale.policy.set(
    resource_type="cloud",
    resource_id="cld_abc123",
    config=policy_config,
)

anyscale.policy.get

Get user group permission policy for a resource.

Returns a Policy object with role bindings.

Arguments

  • resource_type (str): Resource type ('cloud', 'project', or 'organization').
  • resource_id (str): Resource ID (e.g., cld_abc123, prj_xyz789, org_def456).

Returns: Policy

Examples

import anyscale
from anyscale.policy.models import Policy

policy = anyscale.policy.get(resource_type="cloud", resource_id="cld_abc123")
for binding in policy.bindings:
    print(f"{binding.role_name}: {binding.principals}")

anyscale.policy.list

List permission policies for all resources of a specific type.

Returns a list of ResourcePolicy objects.

Arguments

  • resource_type (str): Resource type to list policies for ('cloud' or 'project').

Returns: List[ResourcePolicy]

Examples

import anyscale
from anyscale.policy.models import ResourcePolicy

policies = anyscale.policy.list(resource_type="cloud")
for policy in policies:
    print(f"{policy.resource_id}: {policy.bindings}")

Policy Models

Policy

Policy model representing the policy for a single resource.

Fields

  • bindings (List[PolicyBinding]): List of role bindings for the policy.
  • sync_status (PolicySyncStatus): Sync status of the policy (pending, success, or failed).

Python Methods

def to_dict(self) -> Dict[str, Any]
    """Return a dictionary representation of the model."""

Examples

import anyscale
from anyscale.policy.models import Policy

policy = anyscale.policy.get(resource_type="cloud", resource_id="cld_abc123")
print(f"Sync status: {policy.sync_status}")
for binding in policy.bindings:
    print(f"{binding.role_name}: {binding.principals}")

PolicyBinding

A binding of a role to a list of principals (user group IDs).

Fields

  • role_name (str): The role name. For cloud/project policies use 'collaborator' or 'readonly'. For organization policies use 'owner' or 'collaborator'.
  • principals (List[str]): List of user group IDs that have this role.

Python Methods

def to_dict(self) -> Dict[str, Any]
    """Return a dictionary representation of the model."""

Examples

from anyscale.policy.models import PolicyBinding

binding = PolicyBinding(role_name="collaborator", principals=["ug_abc123"])

PolicyConfig

Policy configuration with role bindings.

Fields

  • bindings (List[PolicyBinding]): List of role bindings for the policy.

Python Methods

def __init__(self, **fields) -> PolicyConfig
    """Construct a model with the provided field values set."""

def options(self, **fields) -> PolicyConfig
    """Return a copy of the model with the provided field values overwritten."""

def to_dict(self) -> Dict[str, Any]
    """Return a dictionary representation of the model."""

Examples

bindings:
  - role_name: collaborator
    principals:
      - ug_abc123
  - role_name: readonly
    principals:
      - ug_def456
      - ug_ghi789

PolicySyncStatus

Sync status for resource permission policies.

Values

  • pending: Policy is pending synchronization.
  • success: Policy has been successfully synchronized.
  • failed: Policy synchronization has failed.

ResourcePolicy

Resource policy model representing permissions for a resource.

Fields

  • resource_id (str): The ID of the resource.
  • resource_type (str): The type of the resource (e.g., 'cloud', 'project').
  • bindings (List[PolicyBinding]): List of role bindings for the policy.
  • sync_status (PolicySyncStatus): Sync status of the policy (pending, success, or failed).

Python Methods

def to_dict(self) -> Dict[str, Any]
    """Return a dictionary representation of the model."""

Examples

import anyscale
from anyscale.policy.models import ResourcePolicy

policies = anyscale.policy.list(resource_type="cloud")
for policy in policies:
    print(f"{policy.resource_id}: {policy.bindings} (sync_status: {policy.sync_status})")