Projects API

On This Page

Before you start, make sure that the igz_mgmt package is installed and that you are logged in to the system with the igz_mgmt.Client API. If not, see Control plane API.

import igz_mgmt

client = igz_mgmt.Client(access_key="some-access-id")

Create a project

This example illustrates creating a project.

# creating user as project owner
new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="someone",
    last_name="fromthepast",
)

new_project = igz_mgmt.Project.create(
    client,
    name="my-new-project",
    description="my-project-description",
    labels=[{"name": "dummy-name", "value": "dummy-value"}],
    default_function_node_selector=[{"name": "dummy-name1", "value": "dummy-value1"}, {"name": "dummy-name2", "value": "dummy-value2"}],
    owner=new_user,
)
print(new_project.id)

The default_function_node_selector parameter requires the creation of a dictionary with a key and a value for each item. For example, to construct a dictionary for dummy-name: dummy-value, you would create {{"name": "dummy-name1", "value": "dummy-value1"}}.

Get a project

Get a project by project id

project = igz_mgmt.Project.get(client, new_project.id)

Get a project by name

project = igz_mgmt.Project.get_by_name(client, "my-new-project")

Update a project

Update a project’s attributes, in this example its description and default_function_node_selector:

project.description = "my new project description"
project.default_function_node_selector[0]["value"] = "dummy-value3"
updated_project = project.update(client)

Get project owner

user = project.get_owner(client)

Set project owner

By user id

project.set_owner(client, new_user.id)

By user instance

project.set_owner(client, new_user)

List projects

Example of listing projects:

# list all projects
projects = igz_mgmt.Project.list(client)
for project in projects:
    print(f"ID: {project.id}, Name: {project.name}")

Delete a project

Set wait_for_job_deletion=False to continue with the function’s flow without waiting for a response. The delete function returns the job that was created.

Override the deletion_strategy argument with any default of igz_mgmt.ProjectDeletionStrategies enum.

job = project.delete(client, ignore_missing=False)
print(f"Job ID: {job.id}")

Project members API

Projects have 3 types of roles:

  • Admin
  • Editor
  • Viewer

Each member has only one role.

When adding a member with the sdk (set_membership, dd_members), use the add_member_mode argument to determine the outcome if the member is already defined:

  • override - If member exists, override its role.
  • best_effort - If member exists, warn and don’t override its role.
  • fail_on_existing - If member exists, fail. (Default)

Get project members

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
project.get_admin_users()  # returns the list of admin users in this project
project.get_editor_users()  # returns the list of editor users in this project
project.get_viewer_users()  # returns the list of viewer users in this project

project.get_admin_groups()  # returns the list of admin groups in this project
project.get_editor_groups()  # returns the list of editor groups in this project
project.get_viewer_groups()  # returns the list of viewer groups in this project

Get effective role of user in project

Get the effective role of user in project. If the user is a member of a role in the project and is part of a group that has a role in the project, then the higher level user is returned.

project = igz_mgmt.Project.get_by_name(client, "my-new-project")

new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="someone",
    last_name="fromthepast",
)

new_group = igz_mgmt.Group.create(client, name="random-people")
new_user.add_to_group(client, new_group.id)

new_user.ensure_project_membership(
    client,
    project_name="default",
    role=igz_mgmt.constants.ProjectAuthorizationRoles.editor,)

new_group.ensure_project_membership(
    client,
    project_name="default",
    role=igz_mgmt.constants.ProjectAuthorizationRoles.viewer,)

# This function returns the effective role of the group, which is editor.
project.get_user_effective_role(client, new_user)

Set membership

This example adds the user named user and overrides its role twice with add_member_mode=override. Its final role is editor.

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")

project.set_membership(
    client,
    user,
    igz_mgmt.constants.ProjectAuthorizationRoles.admin,
    add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
    client,
    user,
    igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
    add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
    client,
    user,
    igz_mgmt.constants.ProjectAuthorizationRoles.editor,
    add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)

Pay Attention: User can only have one role. Because of that, add_member_mode is set to override. At the end of the above operations the user is in the editor role.

Add multiple members

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")
user2 = igz_mgmt.User.get_by_username(client, "example-user2")
group1 = igz_mgmt.Group.get_by_name(client, "example-group1")

project.add_members(
    client,
    [user1, user2, group1],
    igz_mgmt.constants.ProjectAuthorizationRoles.admin,
    add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)

This example takes a list of users/groups that were returned by a query and adds them to the project as viewers. To prevent overriding existing membership roles, add_member_mode is set to best_effort.

project.add_members(
    client,
    igz_mgmt.User.list(client, filter_by={"department": "A"}),
    igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
    add_member_mode=igz_mgmt.constants.AddMemberMode.best_effort,
)

Set members

Overrides the existing role-members with the given members.

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")

After this operation the only user with the admin role is example-user.

project.set_members(client, [user], igz_mgmt.constants.ProjectAuthorizationRoles.admin)

Remove one member

Remove a member from a project. If the user does not exist, no actions result.

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")

project.remove_member(client, user1)

Remove multiple members

project = igz_mgmt.Project.get_by_name(client, "my-new-project")

Remove all viewers from project

all_viewers = project.get_viewer_users() + project.get_viewer_groups()
project.remove_members(client, all_viewers)

Apply authorization roles

You can use apply_authorization_roles to perform several operations in a single API call.

project = igz_mgmt.Project.get_by_name(client, "my-new-project")
all_users_group = igz_mgmt.Group.get_by_name(client, "all_users")
with project.apply_authorization_roles(client) as role:
    all_viewers = project.get_viewer_users() + project.get_viewer_groups()
    project.remove_members(client, all_viewers)
    project.set_membership(
        client,
        all_users_group,
        igz_mgmt.constants.ProjectAuthorizationRoles.admin,
        add_member_mode=igz_mgmt.constants.AddMemberMode.override,
    )