Identity API v3

The Identity v3 Class

The identity high-level interface is available through the identity member of a Connection object. The identity member will only be added if the service is detected.

Agency Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
agencies(**attrs)

Retrieve a generator of agencies

When domain_id query parameter is not set - current domain_id will be used. Passing domain_id=None allow removing filtering.

Parameters:

attrs (dict) – Optional query parameters to be sent to limit the resources being returned. * domain_id: Current domain ID * name: Name of the agency * trust_domain_id: ID of the delegated domain.

Returns:

A generator of agencies Agency instances

create_agency(**attrs)

Create a new agency from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Agency, comprised of the properties on the Agency class.

Returns:

The results of agency creation

Return type:

Agency

get_agency(agency)

Get a agency

Parameters:

agency – The value can be the ID of a agency or a Agency instance.

Returns:

Agency instance

Return type:

Agency

find_agency(name_or_id, ignore_missing=True, **attrs)

Find a single agency

Parameters:
  • name_or_id – The name or ID of a agency

  • ignore_missing (bool) – When set to False ResourceNotFound will be raised when the agency does not exist. When set to True, no exception will be set when attempting to delete a nonexistent agency.

Returns:

None

delete_agency(agency, ignore_missing=True)

Delete a agency

Parameters:
  • agency – The value can be the ID of a agency or a Agency instance.

  • ignore_missing (bool) – When set to False ResourceNotFound will be raised when the agency does not exist. When set to True, no exception will be set when attempting to delete a nonexistent agency.

Returns:

Agency been deleted

Return type:

Agency

update_agency(agency, **attrs)

Update agency attributes

Parameters:
  • agency – The id or an instance of Agency

  • attrs (dict) – attributes for update on Agency

Return type:

Agency

agency_project_roles(agency, project_id)

Retrieve a generator of agency roles on a project

Parameters:
  • agency – The id or an instance of Agency

  • project_id – ID of a project

Returns:

A generator of agencies AgencyRole instances

check_agency_project_role(agency, project_id, role_id)

Check whether role is granted on the project through agency

Parameters:
  • agency – The id or an instance of Agency

  • project_id – ID of a project

  • role_id – ID of a role to check

Returns:

AgencyRole

grant_agency_project_role(agency, project_id, role_id)

Grant permission of agency on a project

Parameters:
  • agency – The id or an instance of Agency

  • project_id – ID of a project

  • role_id – ID of a role to revoke

Returns:

revoke_agency_project_role(agency, project_id, role_id)

Revoke permission of agency on a project

Parameters:
  • agency – The id or an instance of Agency

  • project_id – ID of a project

  • role_id – ID of a role to revoke

Returns:

agency_domain_roles(agency, domain_id)

Retrieve a generator of agency roles on a domain

Parameters:
  • agency – The id or an instance of Agency

  • domain_id – ID of a domain

Returns:

A generator of agencies AgencyRole instances

check_agency_domain_role(agency, domain_id, role_id)

Check whether role is granted on the domain through agency

Parameters:
  • agency – The id or an instance of Agency

  • domain_id – ID of a domain

  • role_id – ID of a role to check

Returns:

AgencyRole

grant_agency_domain_role(agency, domain_id, role_id)

Grant permission of agency on a domain

Parameters:
  • agency – The id or an instance of Agency

  • domain_id – ID of a domain

  • role_id – ID of a role to revoke

Returns:

revoke_agency_domain_role(agency, domain_id, role_id)

Revoke permission of agency on a domain

Parameters:
  • agency – The id or an instance of Agency

  • domain_id – ID of a domain

  • role_id – ID of a role to revoke

Returns:

Credential Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
credentials(**attrs)

Retrieve a generator of credentials

Parameters:

query (dict) – Optional query parameters to be sent to limit the resources being returned. * user_id: user_id

Returns:

A generator of credentials Credential instances

create_credential(**attrs)

Create a new credential from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Credential, comprised of the properties on the Credential class.

Returns:

The results of credential creation

Return type:

Credential

get_credential(credential)

Get a credential

Parameters:

credential – The value can be the ID of a credential or a Credential instance.

Returns:

Credential instance

Return type:

Credential

find_credential(name_or_id, ignore_missing=True, **attrs)

Find a single credential

Parameters:
  • name_or_id – The name or ID of a credential

  • ignore_missing (bool) – When set to False ResourceNotFound will be raised when the credential does not exist. When set to True, no exception will be set when attempting to delete a nonexistent credential.

Returns:

None

delete_credential(credential, ignore_missing=True)

Delete a credential

Parameters:
  • credential – The value can be the ID of a credential or a Credential instance.

  • ignore_missing (bool) – When set to False ResourceNotFound will be raised when the credential does not exist. When set to True, no exception will be set when attempting to delete a nonexistent credential.

Returns:

Credential been deleted

Return type:

Credential

update_credential(credential, **attrs)

Update credential attributes

Parameters:
  • credential – The id or an instance of Credential

  • attrs (dict) – attributes for update on Credential

Return type:

Credential

Domain Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_domain(**attrs)

Create a new domain from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Domain, comprised of the properties on the Domain class.

Returns:

The results of domain creation

Return type:

Domain

update_domain(domain, **attrs)

Update a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • attrs – The attributes to update on the domain represented by domain.

Returns:

The updated domain

Return type:

Domain

delete_domain(domain, ignore_missing=True)

Delete a domain

Parameters:
  • domain – The value can be either the ID of a domain or a Domain instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the domain does not exist. When set to True, no exception will be set when attempting to delete a nonexistent domain.

Returns:

None

get_domain(domain)

Get a single domain

Parameters:

domain – The value can be the ID of a domain or a Domain instance.

Returns:

One Domain

Raises:

NotFoundException when no resource can be found.

find_domain(name_or_id, ignore_missing=True)

Find a single domain

Parameters:
  • name_or_id – The name or ID of a domain.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Domain or None

domains(**query)

Retrieve a generator of domains

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of domain instances.

Return type:

Domain

Endpoint Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_endpoint(**attrs)

Create a new endpoint from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Endpoint, comprised of the properties on the Endpoint class.

Returns:

The results of endpoint creation

Return type:

Endpoint

update_endpoint(endpoint, **attrs)

Update a endpoint

Parameters:
  • endpoint – Either the ID of an endpoint or a Endpoint instance.

  • attrs – The attributes to update on the endpoint represented by endpoint.

Returns:

The updated endpoint

Return type:

Endpoint

delete_endpoint(endpoint, ignore_missing=True)

Delete an endpoint

Parameters:
  • endpoint – The value can be either the ID of an endpoint or a Endpoint instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the endpoint does not exist. When set to True, no exception will be set when attempting to delete a nonexistent endpoint.

Returns:

None

get_endpoint(endpoint)

Get a single endpoint

Parameters:

endpoint – The value can be the ID of an endpoint or a Endpoint instance.

Returns:

One Endpoint

Raises:

NotFoundException when no resource can be found.

find_endpoint(name_or_id, ignore_missing=True)

Find a single endpoint

Parameters:
  • name_or_id – The name or ID of a endpoint.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Endpoint or None

endpoints(**query)

Retrieve a generator of endpoints

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of endpoint instances.

Return type:

Endpoint

Group Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_group(**attrs)

Create a new group from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Group, comprised of the properties on the Group class.

Returns:

The results of group creation

Return type:

Group

update_group(group, **attrs)

Update a group

Parameters:
  • group – Either the ID of a group or a Group instance.

  • attrs – The attributes to update on the group represented by group.

Returns:

The updated group

Return type:

Group

delete_group(group, ignore_missing=True)

Delete a group

Parameters:
  • group – The value can be either the ID of a group or a Group instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the group does not exist. When set to True, no exception will be set when attempting to delete a nonexistent group.

Returns:

None

get_group(group)

Get a single group

Parameters:

group – The value can be the ID of a group or a Group instance.

Returns:

One Group

Raises:

NotFoundException when no resource can be found.

find_group(name_or_id, ignore_missing=True, **query)

Find a single group

Parameters:
  • name_or_id – The name or ID of a group.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Group or None

groups(**query)

Retrieve a generator of groups

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of group instances.

Return type:

Group

Policy Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_policy(**attrs)

Create a new policy from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Policy, comprised of the properties on the Policy class.

Returns:

The results of policy creation

Return type:

Policy

update_policy(policy, **attrs)

Update a policy

Parameters:
  • policy – Either the ID of a policy or a Policy instance.

  • attrs – The attributes to update on the policy represented by policy.

Returns:

The updated policy

Return type:

Policy

delete_policy(policy, ignore_missing=True)

Delete a policy

Parameters:
  • policy – The value can be either the ID of a policy or a Policy instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the policy does not exist. When set to True, no exception will be set when attempting to delete a nonexistent policy.

Returns:

None

get_policy(policy)

Get a single policy

Parameters:

policy – The value can be the ID of a policy or a Policy instance.

Returns:

One Policy

Raises:

NotFoundException when no resource can be found.

find_policy(name_or_id, ignore_missing=True)

Find a single policy

Parameters:
  • name_or_id – The name or ID of a policy.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Policy or None

policies(**query)

Retrieve a generator of policies

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of policy instances.

Return type:

Policy

Project Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_project(**attrs)

Create a new project from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Project, comprised of the properties on the Project class.

Returns:

The results of project creation

Return type:

Project

update_project(project, **attrs)

Update a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • attrs – The attributes to update on the project represented by project.

Returns:

The updated project

Return type:

Project

delete_project(project, ignore_missing=True)

Delete a project

Parameters:
  • project – The value can be either the ID of a project or a Project instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the project does not exist. When set to True, no exception will be set when attempting to delete a nonexistent project.

Returns:

None

get_project(project)

Get a single project

Parameters:

project – The value can be the ID of a project or a Project instance.

Returns:

One Project

Raises:

NotFoundException when no resource can be found.

find_project(name_or_id, ignore_missing=True, **query)

Find a single project

Parameters:
  • name_or_id – The name or ID of a project.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Project or None

projects(**query)

Retrieve a generator of projects

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of project instances.

Return type:

Project

Region Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_region(**attrs)

Create a new region from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Region, comprised of the properties on the Region class.

Returns:

The results of region creation.

Return type:

Region

update_region(region, **attrs)

Update a region

Parameters:
  • region – Either the ID of a region or a Region instance.

  • attrs – The attributes to update on the region represented by region.

Returns:

The updated region.

Return type:

Region

delete_region(region, ignore_missing=True)

Delete a region

Parameters:
  • region – The value can be either the ID of a region or a Region instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the region does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent region.

Returns:

None

get_region(region)

Get a single region

Parameters:

region – The value can be the ID of a region or a Region instance.

Returns:

One Region

Raises:

NotFoundException when no matching region can be found.

find_region(name_or_id, ignore_missing=True)

Find a single region

Parameters:
  • name_or_id – The name or ID of a region.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the region does not exist. When set to True, None will be returned when attempting to find a nonexistent region.

Returns:

One Region or None

regions(**query)

Retrieve a generator of regions

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the regions being returned.

Returns:

A generator of region instances.

Return type:

Region

Role Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_role(**attrs)

Create a new role from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Role, comprised of the properties on the Role class.

Returns:

The results of role creation.

Return type:

Role

update_role(role, **attrs)

Update a role

Parameters:
  • role – Either the ID of a role or a Role instance.

  • kwargs (dict) – The attributes to update on the role represented by value. Only name can be updated

Returns:

The updated role.

Return type:

Role

delete_role(role, ignore_missing=True)

Delete a role

Parameters:
  • role – The value can be either the ID of a role or a Role instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the role does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent role.

Returns:

None

get_role(role)

Get a single role

Parameters:

role – The value can be the ID of a role or a Role instance.

Returns:

One Role

Raises:

NotFoundException when no matching role can be found.

find_role(name_or_id, ignore_missing=True, **query)

Find a single role

Parameters:
  • name_or_id – The name or ID of a role.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the role does not exist. When set to True, None will be returned when attempting to find a nonexistent role.

Returns:

One Role or None

roles(**query)

Retrieve a generator of roles

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: domain_id, name.

Returns:

A generator of role instances.

Return type:

Role

Role Assignment Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
role_assignments(**query)

Retrieve a generator of role assignments

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: group_id, role_id, scope_domain_id, scope_project_id, inherited_to, user_id, include_names, include_subtree.

Returns:

RoleAssignment

role_assignments_filter(domain=None, project=None, system=None, group=None, user=None)

Retrieve a generator of roles assigned to user/group

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • project – Either the ID of a project or a Project instance.

  • system – Either the system name or a System instance.

  • group – Either the ID of a group or a Group instance.

  • user – Either the ID of a user or a User instance.

Returns:

A generator of role instances.

Return type:

Role

assign_project_role_to_user(project, user, role, *, inherited=False)

Assign role to user on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_project_role_from_user(project, user, role, *, inherited=False)

Unassign role from user on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

assign_project_role_to_group(project, group, role, *, inherited=False)

Assign role to group on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_project_role_from_group(project, group, role, *, inherited=False)

Unassign role from group on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

Service Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_service(**attrs)

Create a new service from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Service, comprised of the properties on the Service class.

Returns:

The results of service creation

Return type:

Service

update_service(service, **attrs)

Update a service

Parameters:
  • service – Either the ID of a service or a Service instance.

  • attrs – The attributes to update on the service represented by service.

Returns:

The updated service

Return type:

Service

delete_service(service, ignore_missing=True)

Delete a service

Parameters:
  • service – The value can be either the ID of a service or a Service instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the service does not exist. When set to True, no exception will be set when attempting to delete a nonexistent service.

Returns:

None

get_service(service)

Get a single service

Parameters:

service – The value can be the ID of a service or a Service instance.

Returns:

One Service

Raises:

NotFoundException when no resource can be found.

find_service(name_or_id, ignore_missing=True)

Find a single service

Parameters:
  • name_or_id – The name or ID of a service.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Service or None

services(**query)

Retrieve a generator of services

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of service instances.

Return type:

Service

User Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_user(**attrs)

Create a new user from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a User, comprised of the properties on the User class.

Returns:

The results of user creation

Return type:

User

update_user(user, **attrs)

Update a user

Parameters:
  • user – Either the ID of a user or a User instance.

  • attrs – The attributes to update on the user represented by attrs.

Returns:

The updated user

Return type:

User

delete_user(user, ignore_missing=True)

Delete a user

Parameters:
  • user – The value can be either the ID of a user or a User instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the user does not exist. When set to True, no exception will be set when attempting to delete a nonexistent user.

Returns:

None

get_user(user)

Get a single user

Parameters:

user – The value can be the ID of a user or a User instance.

Returns:

One User

Raises:

NotFoundException when no resource can be found.

find_user(name_or_id, ignore_missing=True, **query)

Find a single user

Parameters:
  • name_or_id – The name or ID of a user.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One User or None

users(**query)

Retrieve a generator of users

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of user instances.

Return type:

User

user_projects(user, **query)
Retrieve a generator of projects to which the user has authorization

to access.

Parameters:
  • user – Either the user id or an instance of User

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of project instances.

Return type:

UserProject

Security Token Operations

class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
create_security_token(duration, method='token', **attrs)

Create a new temporary AK/SK

Parameters:
  • duration (int) – Duration in seconds for the token validity.

  • method (str) – Authorization method (token or agency)

  • attrs (dict) – Keyword arguments which will be used to create a SecurityToken, comprised of the properties on the SecurityToken class.

Returns:

The results of temporary security token creation

Return type:

SecurityToken