Identity API v3¶
The Identity v3 Class¶
The identity high-level interface is available through the identity
member of a Connection
object. The
identity
member will only be added if the service is detected.
Agency Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
agencies
(**attrs) Retrieve a generator of agencies
When domain_id query parameter is not set - current domain_id will be used. Passing domain_id=None allow removing filtering.
- Parameters
attrs (dict) – Optional query parameters to be sent to limit the resources being returned. * domain_id: Current domain ID * name: Name of the agency * trust_domain_id: ID of the delegated domain.
- Returns
A generator of agencies
Agency
instances
-
create_agency
(**attrs) Create a new agency from attributes
-
get_agency
(agency) Get a agency
-
find_agency
(name_or_id, ignore_missing=True, **attrs) Find a single agency
- Parameters
name_or_id – The name or ID of a agency
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the agency does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent agency.
- Returns
None
-
delete_agency
(agency, ignore_missing=True) Delete a agency
- Parameters
agency – The value can be the ID of a agency or a
Agency
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the agency does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent agency.
- Returns
Agency been deleted
- Return type
-
update_agency
(agency, **attrs) Update agency attributes
-
agency_project_roles
(agency, project_id) Retrieve a generator of agency roles on a project
- Parameters
agency – The id or an instance of
Agency
project_id – ID of a project
- Returns
A generator of agencies
AgencyRole
instances
-
check_agency_project_role
(agency, project_id, role_id) Check whether role is granted on the project through agency
- Parameters
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to check
- Returns
-
grant_agency_project_role
(agency, project_id, role_id) Grant permission of agency on a project
- Parameters
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to revoke
- Returns
-
revoke_agency_project_role
(agency, project_id, role_id) Revoke permission of agency on a project
- Parameters
agency – The id or an instance of
Agency
project_id – ID of a project
role_id – ID of a role to revoke
- Returns
-
agency_domain_roles
(agency, domain_id) Retrieve a generator of agency roles on a domain
- Parameters
agency – The id or an instance of
Agency
domain_id – ID of a domain
- Returns
A generator of agencies
AgencyRole
instances
-
check_agency_domain_role
(agency, domain_id, role_id) Check whether role is granted on the domain through agency
- Parameters
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to check
- Returns
-
grant_agency_domain_role
(agency, domain_id, role_id) Grant permission of agency on a domain
- Parameters
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to revoke
- Returns
-
revoke_agency_domain_role
(agency, domain_id, role_id) Revoke permission of agency on a domain
- Parameters
agency – The id or an instance of
Agency
domain_id – ID of a domain
role_id – ID of a role to revoke
- Returns
-
Credential Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
credentials
(**attrs) Retrieve a generator of credentials
- Parameters
query (dict) – Optional query parameters to be sent to limit the resources being returned. * user_id: user_id
- Returns
A generator of credentials
Credential
instances
-
create_credential
(**attrs) Create a new credential from attributes
- Parameters
attrs (dict) – Keyword arguments which will be used to create a
Credential
, comprised of the properties on the Credential class.- Returns
The results of credential creation
- Return type
-
get_credential
(credential) Get a credential
- Parameters
credential – The value can be the ID of a credential or a
Credential
instance.- Returns
Credential instance
- Return type
-
find_credential
(name_or_id, ignore_missing=True, **attrs) Find a single credential
- Parameters
name_or_id – The name or ID of a credential
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the credential does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent credential.
- Returns
None
-
delete_credential
(credential, ignore_missing=True) Delete a credential
- Parameters
credential – The value can be the ID of a credential or a
Credential
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the credential does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent credential.
- Returns
Credential been deleted
- Return type
-
update_credential
(credential, **attrs) Update credential attributes
- Parameters
credential – The id or an instance of
Credential
attrs (dict) – attributes for update on
Credential
- Return type
-
Domain Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_domain
(**attrs) Create a new domain from attributes
-
delete_domain
(domain, ignore_missing=True) Delete a domain
- Parameters
domain – The value can be either the ID of a domain or a
Domain
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the domain does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent domain.
- Returns
None
-
domains
(**query) Retrieve a generator of domains
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of domain instances.
- Return type
-
find_domain
(name_or_id, ignore_missing=True) Find a single domain
- Parameters
name_or_id – The name or ID of a domain.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Domain
or None
-
get_domain
(domain) Get a single domain
-
Endpoint Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_endpoint
(**attrs) Create a new endpoint from attributes
-
delete_endpoint
(endpoint, ignore_missing=True) Delete an endpoint
- Parameters
endpoint – The value can be either the ID of an endpoint or a
Endpoint
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the endpoint does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent endpoint.
- Returns
None
-
endpoints
(**query) Retrieve a generator of endpoints
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of endpoint instances.
- Return type
-
find_endpoint
(name_or_id, ignore_missing=True) Find a single endpoint
- Parameters
name_or_id – The name or ID of a endpoint.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Endpoint
or None
-
get_endpoint
(endpoint) Get a single endpoint
-
Group Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_group
(**attrs) Create a new group from attributes
-
delete_group
(group, ignore_missing=True) Delete a group
- Parameters
group – The value can be either the ID of a group or a
Group
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the group does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent group.
- Returns
None
-
find_group
(name_or_id, ignore_missing=True, **query) Find a single group
- Parameters
name_or_id – The name or ID of a group.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Group
or None
-
get_group
(group) Get a single group
-
groups
(**query) Retrieve a generator of groups
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of group instances.
- Return type
-
Policy Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_policy
(**attrs) Create a new policy from attributes
-
delete_policy
(policy, ignore_missing=True) Delete a policy
- Parameters
policy – The value can be either the ID of a policy or a
Policy
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the policy does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent policy.
- Returns
None
-
find_policy
(name_or_id, ignore_missing=True) Find a single policy
- Parameters
name_or_id – The name or ID of a policy.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Policy
or None
-
get_policy
(policy) Get a single policy
-
policies
(**query) Retrieve a generator of policies
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of policy instances.
- Return type
-
Project Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_project
(**attrs) Create a new project from attributes
-
delete_project
(project, ignore_missing=True) Delete a project
- Parameters
project – The value can be either the ID of a project or a
Project
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the project does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent project.
- Returns
None
-
find_project
(name_or_id, ignore_missing=True, **query) Find a single project
- Parameters
name_or_id – The name or ID of a project.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Project
or None
-
get_project
(project) Get a single project
-
projects
(**query) Retrieve a generator of projects
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of project instances.
- Return type
-
Region Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_region
(**attrs) Create a new region from attributes
- Parameters
attrs (dict) – Keyword arguments which will be used to create a
Region
, comprised of the properties on the Region class.- Returns
The results of region creation.
- Return type
Region
-
delete_region
(region, ignore_missing=True) Delete a region
- Parameters
region – The value can be either the ID of a region or a
Region
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the region does not exist. When set toTrue
, no exception will be thrown when attempting to delete a nonexistent region.
- Returns
None
-
find_region
(name_or_id, ignore_missing=True) Find a single region
- Parameters
name_or_id – The name or ID of a region.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the region does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent region.
- Returns
One
Region
or None
-
get_region
(region) Get a single region
- Parameters
region – The value can be the ID of a region or a
Region
instance.- Returns
One
Region
- Raises
ResourceNotFound
when no matching region can be found.
-
regions
(**query) Retrieve a generator of regions
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the regions being returned.
- Returns
A generator of region instances.
- Return type
Region
-
update_region
(region, **attrs) Update a region
- Parameters
region – Either the ID of a region or a
Region
instance.attrs – The attributes to update on the region represented by
region
.
- Returns
The updated region.
- Return type
Region
-
Role Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_role
(**attrs) Create a new role from attributes
- Parameters
attrs (dict) – Keyword arguments which will be used to create a
Role
, comprised of the properties on the Role class.- Returns
The results of role creation.
- Return type
Role
-
delete_role
(role, ignore_missing=True) Delete a role
- Parameters
role – The value can be either the ID of a role or a
Role
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the role does not exist. When set toTrue
, no exception will be thrown when attempting to delete a nonexistent role.
- Returns
None
-
find_role
(name_or_id, ignore_missing=True, **query) Find a single role
- Parameters
name_or_id – The name or ID of a role.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the role does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent role.
- Returns
One
Role
or None
-
get_role
(role) Get a single role
- Parameters
role – The value can be the ID of a role or a
Role
instance.- Returns
One
Role
- Raises
ResourceNotFound
when no matching role can be found.
-
roles
(**query) Retrieve a generator of roles
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: domain_id, name.
- Returns
A generator of role instances.
- Return type
Role
-
update_role
(role, **attrs) Update a role
- Parameters
role – Either the ID of a role or a
Role
instance.kwargs (dict) – The attributes to update on the role represented by
value
. Only name can be updated
- Returns
The updated role.
- Return type
Role
-
Role Assignment Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
assign_project_role_to_group
(project, group, role) Assign role to group on a project
-
assign_project_role_to_user
(project, user, role) Assign role to user on a project
-
role_assignments
(**query) Retrieve a generator of role assignments
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: group_id, role_id, scope_domain_id, scope_project_id, user_id, include_names, include_subtree.
- Returns
RoleAssignment
-
role_assignments_filter
(domain=None, project=None, system=None, group=None, user=None) Retrieve a generator of roles assigned to user/group
- Parameters
- Returns
A generator of role instances.
- Return type
Role
-
unassign_project_role_from_group
(project, group, role) Unassign role from group on a project
-
Service Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_service
(**attrs) Create a new service from attributes
-
delete_service
(service, ignore_missing=True) Delete a service
- Parameters
service – The value can be either the ID of a service or a
Service
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the service does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent service.
- Returns
None
-
find_service
(name_or_id, ignore_missing=True) Find a single service
- Parameters
name_or_id – The name or ID of a service.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
Service
or None
-
get_service
(service) Get a single service
-
services
(**query) Retrieve a generator of services
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of service instances.
- Return type
-
User Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_user
(**attrs) Create a new user from attributes
-
delete_user
(user, ignore_missing=True) Delete a user
- Parameters
user – The value can be either the ID of a user or a
User
instance.ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the user does not exist. When set toTrue
, no exception will be set when attempting to delete a nonexistent user.
- Returns
None
-
find_user
(name_or_id, ignore_missing=True, **query) Find a single user
- Parameters
name_or_id – The name or ID of a user.
ignore_missing (bool) – When set to
False
ResourceNotFound
will be raised when the resource does not exist. When set toTrue
, None will be returned when attempting to find a nonexistent resource.
- Returns
One
User
or None
-
get_user
(user) Get a single user
-
update_user
(user, **attrs) Update a user
-
user_projects
(user, **query) - Retrieve a generator of projects to which the user has authorization
to access.
- Parameters
user – Either the user id or an instance of
User
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of project instances.
- Return type
UserProject
-
users
(**query) Retrieve a generator of users
- Parameters
query (kwargs) – Optional query parameters to be sent to limit the resources being returned.
- Returns
A generator of user instances.
- Return type
-
Security Token Operations¶
-
class
otcextensions.sdk.identity.v3._proxy.
Proxy
(session, *args, **kwargs) -
create_security_token
(duration, method='token', **attrs) Create a new temporary AK/SK
- Parameters
duration (int) – Duration in seconds for the token validity.
method (str) – Authorization method (token or agency)
attrs (dict) – Keyword arguments which will be used to create a
SecurityToken
, comprised of the properties on the SecurityToken class.
- Returns
The results of temporary security token creation
- Return type
SecurityToken
-