# quilt3.admin Python API

## quilt3.admin.types

### Permission(bucket: str, level: quilt3.\_graphql\_client.enums.BucketPermissionLevel) -> None <a href="#permission" id="permission"></a>

### PolicySummary(id: str, title: str, arn: str, managed: bool, permissions: list\[quilt3.admin.types.Permission]) -> None <a href="#policysummary" id="policysummary"></a>

Policy without back-references to roles (avoids circular nesting).

### ManagedRole(id: str, name: str, arn: str, policies: list\[quilt3.admin.types.PolicySummary], permissions: list\[quilt3.admin.types.Permission], typename\_\_: Literal\['ManagedRole']) -> None <a href="#managedrole" id="managedrole"></a>

### UnmanagedRole(id: str, name: str, arn: str, typename\_\_: Literal\['UnmanagedRole']) -> None <a href="#unmanagedrole" id="unmanagedrole"></a>

### Policy(id: str, title: str, arn: str, managed: bool, permissions: list\[quilt3.admin.types.Permission], roles: list\[quilt3.admin.types.ManagedRole]) -> None <a href="#policy" id="policy"></a>

### User(name: str, email: str, date\_joined: datetime.datetime, last\_login: datetime.datetime, is\_active: bool, is\_admin: bool, is\_sso\_only: bool, is\_service: bool, role: Optional\[Annotated\[Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole], FieldInfo(annotation=NoneType, required=True, discriminator='typename\_\_')]], extra\_roles: list\[typing.Annotated\[typing.Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole], FieldInfo(annotation=NoneType, required=True, discriminator='typename\_\_')]]) -> None <a href="#user" id="user"></a>

### SSOConfig(text: str, timestamp: datetime.datetime, uploader: quilt3.admin.types.User) -> None <a href="#ssoconfig" id="ssoconfig"></a>

### TabulatorTable(name: str, config: str) -> None <a href="#tabulatortable" id="tabulatortable"></a>

### Bucket(name: str, title: str, icon\_url: Optional\[str], description: Optional\[str], overview\_url: Optional\[str], tags: Optional\[list\[str]], relevance\_score: int, last\_indexed: Optional\[datetime.datetime], sns\_notification\_arn: Optional\[str], scanner\_parallel\_shards\_depth: Optional\[int], skip\_meta\_data\_indexing: Optional\[bool], file\_extensions\_to\_index: Optional\[list\[str]], index\_content\_bytes: Optional\[int], prefixes: list\[str]) -> None <a href="#bucket" id="bucket"></a>

## quilt3.admin.api\_keys

Admin API for managing API keys.

### list(email: Optional\[str] = None, key\_name: Optional\[str] = None, fingerprint: Optional\[str] = None, status: Optional\[Literal\['ACTIVE', 'EXPIRED']] = None) -> List\[quilt3.api\_keys.APIKey] <a href="#list" id="list"></a>

List API keys. Optionally filter by user email, key name, fingerprint, or status.

**Arguments**

* **email**: Filter by user email.
* **key\_name**: Filter by key name.
* **fingerprint**: Filter by key fingerprint.
* **status**: Filter by "ACTIVE" or "EXPIRED". None returns all.

**Returns**

List of API keys matching the filters.

### get(id: str) -> Optional\[quilt3.api\_keys.APIKey] <a href="#get" id="get"></a>

Get a specific API key by ID.

**Arguments**

* **id**: The API key ID.

**Returns**

The API key, or None if not found.

### revoke(id: str) -> None <a href="#revoke" id="revoke"></a>

Revoke an API key.

**Arguments**

* **id**: The API key ID to revoke.

**Raises**

* `Quilt3AdminError`: If the operation fails.

## quilt3.admin.buckets

### get(name: str) -> Optional\[quilt3.admin.types.Bucket] <a href="#get" id="get"></a>

Get a specific bucket configuration from the registry. Returns `None` if the bucket does not exist.

**Arguments**

* **name**: Name of the bucket to get.

### list() -> list\[quilt3.admin.types.Bucket] <a href="#list" id="list"></a>

List all bucket configurations in the registry.

### add(name: str, title: str, \*, description: Optional\[str] = None, icon\_url: Optional\[str] = None, overview\_url: Optional\[str] = None, tags: Optional\[List\[str]] = None, relevance\_score: Optional\[int] = None, sns\_notification\_arn: Optional\[str] = None, scanner\_parallel\_shards\_depth: Optional\[int] = None, skip\_meta\_data\_indexing: Optional\[bool] = None, file\_extensions\_to\_index: Optional\[List\[str]] = None, index\_content\_bytes: Optional\[int] = None, delay\_scan: Optional\[bool] = None, browsable: Optional\[bool] = None, prefixes: Optional\[List\[str]] = None) -> quilt3.admin.types.Bucket <a href="#add" id="add"></a>

Add a new bucket to the registry.

**Arguments**

* **name**: S3 bucket name.
* **title**: Display title for the bucket.
* **description**: Optional description.
* **icon\_url**: Optional URL for bucket icon.
* **overview\_url**: Optional URL for bucket overview page.
* **tags**: Optional list of tags.
* **relevance\_score**: Optional relevance score for bucket ordering.
* **sns\_notification\_arn**: Optional SNS topic ARN for notifications.
* **scanner\_parallel\_shards\_depth**: Optional depth for parallel scanning.
* **skip\_meta\_data\_indexing**: If True, skip metadata indexing.
* **file\_extensions\_to\_index**: Optional list of file extensions to index content.
* **index\_content\_bytes**: Optional max bytes of content to index.
* **delay\_scan**: If True, delay initial bucket scan.
* **browsable**: If True, bucket is browsable.
* **prefixes**: Optional list of S3 prefixes to scope bucket access to. If provided, only these prefixes will be indexed and verified for access.

### update(name: str, title: str, \*, description: Optional\[str] = None, icon\_url: Optional\[str] = None, overview\_url: Optional\[str] = None, tags: Optional\[List\[str]] = None, relevance\_score: Optional\[int] = None, sns\_notification\_arn: Optional\[str] = None, scanner\_parallel\_shards\_depth: Optional\[int] = None, skip\_meta\_data\_indexing: Optional\[bool] = None, file\_extensions\_to\_index: Optional\[List\[str]] = None, index\_content\_bytes: Optional\[int] = None, browsable: Optional\[bool] = None, prefixes: Optional\[List\[str]] = None) -> quilt3.admin.types.Bucket <a href="#update" id="update"></a>

Update an existing bucket configuration.

**Arguments**

* **name**: S3 bucket name.
* **title**: Display title for the bucket.
* **description**: Optional description.
* **icon\_url**: Optional URL for bucket icon.
* **overview\_url**: Optional URL for bucket overview page.
* **tags**: Optional list of tags.
* **relevance\_score**: Optional relevance score for bucket ordering.
* **sns\_notification\_arn**: Optional SNS topic ARN for notifications.
* **scanner\_parallel\_shards\_depth**: Optional depth for parallel scanning.
* **skip\_meta\_data\_indexing**: If True, skip metadata indexing.
* **file\_extensions\_to\_index**: Optional list of file extensions to index content.
* **index\_content\_bytes**: Optional max bytes of content to index.
* **browsable**: If True, bucket is browsable.
* **prefixes**: Optional list of S3 prefixes to scope bucket access to. If provided, only these prefixes will be indexed and verified for access. Changing prefixes will trigger permission re-verification.

### remove(name: str) -> None <a href="#remove" id="remove"></a>

Remove a bucket from the registry.

**Arguments**

* **name**: Name of the bucket to remove.

## quilt3.admin.roles

### get(id\_or\_name: str) -> Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole, NoneType] <a href="#get" id="get"></a>

Get a role by ID or name. Return `None` if the role does not exist.

**Arguments**

* **id\_or\_name**: Role ID or name.

### get\_default() -> Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole, NoneType] <a href="#get_default" id="get_default"></a>

Get the default role from the registry. Return `None` if no default role is set.

### list() -> List\[Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole]] <a href="#list" id="list"></a>

Get a list of all roles in the registry.

### create\_managed(name: str, policies: List\[str] = ()) -> quilt3.admin.types.ManagedRole <a href="#create_managed" id="create_managed"></a>

Create a managed role in the registry.

**Arguments**

* **name**: Role name.
* **policies**: Policy IDs to attach to the role.

### create\_unmanaged(name: str, arn: str) -> quilt3.admin.types.UnmanagedRole <a href="#create_unmanaged" id="create_unmanaged"></a>

Create an unmanaged role in the registry.

**Arguments**

* **name**: Role name.
* **arn**: Existing IAM role ARN.

### update\_managed(id\_or\_name: str, \*, name: str, policies: List\[str]) -> quilt3.admin.types.ManagedRole <a href="#update_managed" id="update_managed"></a>

Update a managed role in the registry (full replacement).

**Arguments**

* **id\_or\_name**: Role ID or name.
* **name**: New role name.
* **policies**: Policy IDs to attach to the role.

### update\_unmanaged(id\_or\_name: str, \*, name: str, arn: str) -> quilt3.admin.types.UnmanagedRole <a href="#update_unmanaged" id="update_unmanaged"></a>

Update an unmanaged role in the registry (full replacement).

**Arguments**

* **id\_or\_name**: Role ID or name.
* **name**: New role name.
* **arn**: Existing IAM role ARN.

### patch\_managed(id\_or\_name: str, \*, name: Optional\[str] = None, policies: Optional\[List\[str]] = None) -> quilt3.admin.types.ManagedRole <a href="#patch_managed" id="patch_managed"></a>

Partially update a managed role — only specified fields are changed.

**Arguments**

* **id\_or\_name**: Role ID or name.
* **name**: New role name (keeps current if not specified).
* **policies**: Policy IDs to attach (keeps current if not specified).

### patch\_unmanaged(id\_or\_name: str, \*, name: Optional\[str] = None, arn: Optional\[str] = None) -> quilt3.admin.types.UnmanagedRole <a href="#patch_unmanaged" id="patch_unmanaged"></a>

Partially update an unmanaged role — only specified fields are changed.

**Arguments**

* **id\_or\_name**: Role ID or name.
* **name**: New role name (keeps current if not specified).
* **arn**: New IAM role ARN (keeps current if not specified).

### delete(id\_or\_name: str) -> None <a href="#delete" id="delete"></a>

Delete a role from the registry.

**Arguments**

* **id\_or\_name**: Role ID or name.

### set\_default(id\_or\_name: str) -> Union\[quilt3.admin.types.ManagedRole, quilt3.admin.types.UnmanagedRole] <a href="#set_default" id="set_default"></a>

Set the default role in the registry.

**Arguments**

* **id\_or\_name**: Role ID or name.

## quilt3.admin.users

### get(name: str) -> Optional\[quilt3.admin.types.User] <a href="#get" id="get"></a>

Get a specific user from the registry. Return `None` if the user does not exist.

**Arguments**

* **name**: Username of user to get.

### list() -> List\[quilt3.admin.types.User] <a href="#list" id="list"></a>

Get a list of all users in the registry.

### create(name: str, email: str, role: str, extra\_roles: Optional\[List\[str]] = None) -> quilt3.admin.types.User <a href="#create" id="create"></a>

Create a new user in the registry.

**Arguments**

* **name**: Username of user to create.
* **email**: Email of user to create.
* **role**: Active role of the user.
* **extra\_roles**: Additional roles to assign to the user.

### delete(name: str) -> None <a href="#delete" id="delete"></a>

Delete user from the registry.

**Arguments**

* **name**: Username of user to delete.

### set\_email(name: str, email: str) -> quilt3.admin.types.User <a href="#set_email" id="set_email"></a>

Set the email for a user.

**Arguments**

* **name**: Username of user to update.
* **email**: Email to set for the user.

### set\_admin(name: str, admin: bool) -> quilt3.admin.types.User <a href="#set_admin" id="set_admin"></a>

Set the admin status for a user.

**Arguments**

* **name**: Username of user to update.
* **admin**: Admin status to set for the user.

### set\_active(name: str, active: bool) -> quilt3.admin.types.User <a href="#set_active" id="set_active"></a>

Set the active status for a user.

**Arguments**

* **name**: Username of user to update.
* **active**: Active status to set for the user.

### reset\_password(name: str) -> None <a href="#reset_password" id="reset_password"></a>

Reset the password for a user.

**Arguments**

* **name**: Username of user to update.

### set\_role(name: str, role: str, extra\_roles: Optional\[List\[str]] = None, \*, append: bool = False) -> quilt3.admin.types.User <a href="#set_role" id="set_role"></a>

Set the active and extra roles for a user.

**Arguments**

* **name**: Username of user to update.
* **role**: Role to be set as the active role.
* **extra\_roles**: Additional roles to assign to the user.
* **append**: If True, append the extra roles to the existing roles. If False, replace the existing roles.

### add\_roles(name: str, roles: List\[str]) -> quilt3.admin.types.User <a href="#add_roles" id="add_roles"></a>

Add roles to a user.

**Arguments**

* **name**: Username of user to update.
* **roles**: Roles to add to the user.

### remove\_roles(name: str, roles: List\[str], fallback: Optional\[str] = None) -> quilt3.admin.types.User <a href="#remove_roles" id="remove_roles"></a>

Remove roles from a user.

**Arguments**

* **name**: Username of user to update.
* **roles**: Roles to remove from the user.
* **fallback**: If set, the role to assign to the user if the active role is removed.

## quilt3.admin.sso\_config

### get() -> Optional\[quilt3.admin.types.SSOConfig] <a href="#get" id="get"></a>

Get the current SSO configuration.

### set(config: Optional\[str]) -> Optional\[quilt3.admin.types.SSOConfig] <a href="#set" id="set"></a>

Set the SSO configuration. Pass `None` to remove SSO configuration.

## quilt3.admin.tabulator

### list\_tables(bucket\_name: str) -> list\[quilt3.admin.types.TabulatorTable] <a href="#list_tables" id="list_tables"></a>

List all tabulator tables in a bucket.

### set\_table(bucket\_name: str, table\_name: str, config: Optional\[str]) -> None <a href="#set_table" id="set_table"></a>

Set the tabulator table configuration. Pass `None` to remove the table.

### rename\_table(bucket\_name: str, table\_name: str, new\_table\_name: str) -> None <a href="#rename_table" id="rename_table"></a>

Rename tabulator table.

### get\_open\_query() -> bool <a href="#get_open_query" id="get_open_query"></a>

Get the **open query** status.

### set\_open\_query(enabled: bool) -> None <a href="#set_open_query" id="set_open_query"></a>

Set the **open query** status.