Identity API v3¶
The Identity v3 Class¶
The identity high-level interface is available through the identity
member of a Connection
object. The
identity
member will only be added if the service is detected.
Agency Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- agencies(**attrs)
Retrieve a generator of agencies
When domain_id query parameter is not set - current domain_id will be used. Passing domain_id=None allow removing filtering.
- Parameters:
attrs (dict) – Optional query parameters to be sent to limit the resources being returned. * domain_id: Current domain ID * name: Name of the agency * trust_domain_id: ID of the delegated domain.
- Returns:
A generator of agencies
Agency
instances
- create_agency(**attrs)
Create a new agency from attributes
- get_agency(agency)
Get a agency
- find_agency(name_or_id, ignore_missing=True, **attrs)
Find a single agency
- Parameters:
name_or_id – The name or ID of a agency
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the agency does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent agency.
- Returns:
None
- delete_agency(agency, ignore_missing=True)
Delete a agency
- Parameters:
agency – The value can be the ID of a agency or a
Agency
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the agency does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent agency.
- Returns:
Agency been deleted
- Return type:
- update_agency(agency, **attrs)
Update agency attributes
- agency_project_roles(agency, project_id)
Retrieve a generator of agency roles on a project
- Parameters:
agency – The id or an instance of
Agency
project_id – ID of a project
- Returns:
A generator of agencies
AgencyRole
instances
- check_agency_project_role(agency, project_id, role_id)
Check whether role is granted on the project through agency
- Parameters:
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to check
- Returns:
- grant_agency_project_role(agency, project_id, role_id)
Grant permission of agency on a project
- Parameters:
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to revoke
- Returns:
- revoke_agency_project_role(agency, project_id, role_id)
Revoke permission of agency on a project
- Parameters:
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to revoke
- Returns:
- agency_domain_roles(agency, domain_id)
Retrieve a generator of agency roles on a domain
- Parameters:
agency – The id or an instance of
Agency
domain_id – ID of a domain
- Returns:
A generator of agencies
AgencyRole
instances
- check_agency_domain_role(agency, domain_id, role_id)
Check whether role is granted on the domain through agency
- Parameters:
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to check
- Returns:
- grant_agency_domain_role(agency, domain_id, role_id)
Grant permission of agency on a domain
- Parameters:
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to revoke
- Returns:
- revoke_agency_domain_role(agency, domain_id, role_id)
Revoke permission of agency on a domain
- Parameters:
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to revoke
- Returns:
Credential Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- credentials(**attrs)
Retrieve a generator of credentials
- Parameters:
query (dict) – Optional query parameters to be sent to limit the resources being returned. * user_id: user_id
- Returns:
A generator of credentials
Credential
instances
- create_credential(**attrs)
Create a new credential from attributes
- Parameters:
attrs (dict) – Keyword arguments which will be used to create a
Credential
, comprised of the properties on the Credential class.- Returns:
The results of credential creation
- Return type:
- get_credential(credential)
Get a credential
- Parameters:
credential – The value can be the ID of a credential or a
Credential
instance.- Returns:
Credential instance
- Return type:
- find_credential(name_or_id, ignore_missing=True, **attrs)
Find a single credential
- Parameters:
name_or_id – The name or ID of a credential
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the credential does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent credential.
- Returns:
None
- delete_credential(credential, ignore_missing=True)
Delete a credential
- Parameters:
credential – The value can be the ID of a credential or a
Credential
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the credential does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent credential.
- Returns:
Credential been deleted
- Return type:
- update_credential(credential, **attrs)
Update credential attributes
- Parameters:
credential – The id or an instance of
Credential
attrs (dict) – attributes for update on
Credential
- Return type:
Domain Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_domain(**attrs)
Create a new domain from attributes
- update_domain(domain, **attrs)
Update a domain
- delete_domain(domain, ignore_missing=True)
Delete a domain
- Parameters:
domain – The value can be either the ID of a domain or a
Domain
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the domain does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent domain.
- Returns:
None
- get_domain(domain)
Get a single domain
- find_domain(name_or_id, ignore_missing=True)
Find a single domain
- Parameters:
name_or_id – The name or ID of a domain.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Domain
or None
- domains(**query)
Retrieve a generator of domains
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of domain instances.
- Return type:
Endpoint Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_endpoint(**attrs)
Create a new endpoint from attributes
- update_endpoint(endpoint, **attrs)
Update a endpoint
- delete_endpoint(endpoint, ignore_missing=True)
Delete an endpoint
- Parameters:
endpoint – The value can be either the ID of an endpoint or a
Endpoint
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the endpoint does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent endpoint.
- Returns:
None
- get_endpoint(endpoint)
Get a single endpoint
- find_endpoint(name_or_id, ignore_missing=True)
Find a single endpoint
- Parameters:
name_or_id – The name or ID of a endpoint.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Endpoint
or None
- endpoints(**query)
Retrieve a generator of endpoints
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of endpoint instances.
- Return type:
Group Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_group(**attrs)
Create a new group from attributes
- update_group(group, **attrs)
Update a group
- delete_group(group, ignore_missing=True)
Delete a group
- Parameters:
group – The value can be either the ID of a group or a
Group
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the group does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent group.
- Returns:
None
- get_group(group)
Get a single group
- find_group(name_or_id, ignore_missing=True, **query)
Find a single group
- Parameters:
name_or_id – The name or ID of a group.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Group
or None
- groups(**query)
Retrieve a generator of groups
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of group instances.
- Return type:
Policy Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_policy(**attrs)
Create a new policy from attributes
- update_policy(policy, **attrs)
Update a policy
- delete_policy(policy, ignore_missing=True)
Delete a policy
- Parameters:
policy – The value can be either the ID of a policy or a
Policy
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the policy does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent policy.
- Returns:
None
- get_policy(policy)
Get a single policy
- find_policy(name_or_id, ignore_missing=True)
Find a single policy
- Parameters:
name_or_id – The name or ID of a policy.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Policy
or None
- policies(**query)
Retrieve a generator of policies
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of policy instances.
- Return type:
Project Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_project(**attrs)
Create a new project from attributes
- update_project(project, **attrs)
Update a project
- delete_project(project, ignore_missing=True)
Delete a project
- Parameters:
project – The value can be either the ID of a project or a
Project
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the project does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent project.
- Returns:
None
- get_project(project)
Get a single project
- find_project(name_or_id, ignore_missing=True, **query)
Find a single project
- Parameters:
name_or_id – The name or ID of a project.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Project
or None
- projects(**query)
Retrieve a generator of projects
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of project instances.
- Return type:
Region Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_region(**attrs)
Create a new region from attributes
- Parameters:
attrs (dict) – Keyword arguments which will be used to create a
Region
, comprised of the properties on the Region class.- Returns:
The results of region creation.
- Return type:
Region
- update_region(region, **attrs)
Update a region
- Parameters:
region – Either the ID of a region or a
Region
instance.attrs – The attributes to update on the region represented by
region
.
- Returns:
The updated region.
- Return type:
Region
- delete_region(region, ignore_missing=True)
Delete a region
- Parameters:
region – The value can be either the ID of a region or a
Region
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the region does not exist. When set toTrue
, no exception will be thrown when attempting to delete a nonexistent region.
- Returns:
None
- get_region(region)
Get a single region
- Parameters:
region – The value can be the ID of a region or a
Region
instance.- Returns:
One
Region
- Raises:
NotFoundException
when no matching region can be found.
- find_region(name_or_id, ignore_missing=True)
Find a single region
- Parameters:
name_or_id – The name or ID of a region.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the region does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent region.
- Returns:
One
Region
or None
- regions(**query)
Retrieve a generator of regions
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the regions being returned.
- Returns:
A generator of region instances.
- Return type:
Region
Role Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_role(**attrs)
Create a new role from attributes
- Parameters:
attrs (dict) – Keyword arguments which will be used to create a
Role
, comprised of the properties on the Role class.- Returns:
The results of role creation.
- Return type:
Role
- update_role(role, **attrs)
Update a role
- Parameters:
role – Either the ID of a role or a
Role
instance.kwargs (dict) – The attributes to update on the role represented by
value
. Only name can be updated
- Returns:
The updated role.
- Return type:
Role
- delete_role(role, ignore_missing=True)
Delete a role
- Parameters:
role – The value can be either the ID of a role or a
Role
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the role does not exist. When set toTrue
, no exception will be thrown when attempting to delete a nonexistent role.
- Returns:
None
- get_role(role)
Get a single role
- Parameters:
role – The value can be the ID of a role or a
Role
instance.- Returns:
One
Role
- Raises:
NotFoundException
when no matching role can be found.
- find_role(name_or_id, ignore_missing=True, **query)
Find a single role
- Parameters:
name_or_id – The name or ID of a role.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the role does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent role.
- Returns:
One
Role
or None
- roles(**query)
Retrieve a generator of roles
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: domain_id, name.
- Returns:
A generator of role instances.
- Return type:
Role
Role Assignment Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- role_assignments(**query)
Retrieve a generator of role assignments
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: group_id, role_id, scope_domain_id, scope_project_id, inherited_to, user_id, include_names, include_subtree.
- Returns:
RoleAssignment
- role_assignments_filter(domain=None, project=None, system=None, group=None, user=None)
Retrieve a generator of roles assigned to user/group
- Parameters:
- Returns:
A generator of role instances.
- Return type:
Role
- assign_project_role_to_user(project, user, role, *, inherited=False)
Assign role to user on a project
- unassign_project_role_from_user(project, user, role, *, inherited=False)
Unassign role from user on a project
- assign_project_role_to_group(project, group, role, *, inherited=False)
Assign role to group on a project
- unassign_project_role_from_group(project, group, role, *, inherited=False)
Unassign role from group on a project
Service Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_service(**attrs)
Create a new service from attributes
- update_service(service, **attrs)
Update a service
- delete_service(service, ignore_missing=True)
Delete a service
- Parameters:
service – The value can be either the ID of a service or a
Service
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the service does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent service.
- Returns:
None
- get_service(service)
Get a single service
- find_service(name_or_id, ignore_missing=True)
Find a single service
- Parameters:
name_or_id – The name or ID of a service.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
Service
or None
- services(**query)
Retrieve a generator of services
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of service instances.
- Return type:
User Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_user(**attrs)
Create a new user from attributes
- update_user(user, **attrs)
Update a user
- delete_user(user, ignore_missing=True)
Delete a user
- Parameters:
user – The value can be either the ID of a user or a
User
instance.ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the user does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent user.
- Returns:
None
- get_user(user)
Get a single user
- find_user(name_or_id, ignore_missing=True, **query)
Find a single user
- Parameters:
name_or_id – The name or ID of a user.
ignore_missing (bool) – When set to
False
NotFoundException
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns:
One
User
or None
- users(**query)
Retrieve a generator of users
- Parameters:
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of user instances.
- Return type:
- user_projects(user, **query)
- Retrieve a generator of projects to which the user has authorization
to access.
- Parameters:
user – Either the user id or an instance of
User
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns:
A generator of project instances.
- Return type:
UserProject
Security Token Operations¶
- class otcextensions.sdk.identity.v3._proxy.Proxy(session, *args, **kwargs)
- create_security_token(duration, method='token', **attrs)
Create a new temporary AK/SK
- Parameters:
duration (int) – Duration in seconds for the token validity.
method (str) – Authorization method (token or agency)
attrs (dict) – Keyword arguments which will be used to create a
SecurityToken
, comprised of the properties on the SecurityToken class.
- Returns:
The results of temporary security token creation
- Return type:
SecurityToken