Projects API
Before you start, make sure that the igz_mgmt package is installed and that you are logged in to the system with the igz_mgmt.Client API. If not, see Control plane API.
import igz_mgmt
client = igz_mgmt.Client(access_key="some-access-id")
Create a project
This example illustrates creating a project.
# creating user as project owner
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
new_project = igz_mgmt.Project.create(
client,
name="my-new-project",
description="my-project-description",
labels=[{"name": "dummy-name", "value": "dummy-value"}],
default_function_node_selector=[{"name": "dummy-name1", "value": "dummy-value1"}, {"name": "dummy-name2", "value": "dummy-value2"}],
owner=new_user,
)
print(new_project.id)
The default_function_node_selector
parameter requires the creation of a dictionary with a key and a value for each item.
For example, to construct a dictionary for dummy-name: dummy-value
, you would create {{"name": "dummy-name1", "value": "dummy-value1"}}
.
Get a project
Get a project by project id
project = igz_mgmt.Project.get(client, new_project.id)
Get a project by name
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
Update a project
Update a project’s attributes, in this example its description and default_function_node_selector:
project.description = "my new project description"
project.default_function_node_selector[0]["value"] = "dummy-value3"
updated_project = project.update(client)
Get project owner
user = project.get_owner(client)
Set project owner
By user id
project.set_owner(client, new_user.id)
By user instance
project.set_owner(client, new_user)
List projects
Example of listing projects:
# list all projects
projects = igz_mgmt.Project.list(client)
for project in projects:
print(f"ID: {project.id}, Name: {project.name}")
Delete a project
Set wait_for_job_deletion=False
to continue with the function’s flow without waiting for a response. The delete
function returns the job that was created.
Override the deletion_strategy
argument with any default of igz_mgmt.ProjectDeletionStrategies
enum.
job = project.delete(client, ignore_missing=False)
print(f"Job ID: {job.id}")
Project members API
Projects have 3 types of roles:
- Admin
- Editor
- Viewer
Each member has only one role.
When adding a member with the sdk (set_membership
, dd_members
), use the add_member_mode
argument to determine the outcome if the member is already defined:
- override - If member exists, override its role.
- best_effort - If member exists, warn and don’t override its role.
- fail_on_existing - If member exists, fail. (Default)
Get project members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
project.get_admin_users() # returns the list of admin users in this project
project.get_editor_users() # returns the list of editor users in this project
project.get_viewer_users() # returns the list of viewer users in this project
project.get_admin_groups() # returns the list of admin groups in this project
project.get_editor_groups() # returns the list of editor groups in this project
project.get_viewer_groups() # returns the list of viewer groups in this project
Get effective role of user in project
Get the effective role of user in project. If the user is a member of a role in the project and is part of a group that has a role in the project, then the higher level user is returned.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
new_group = igz_mgmt.Group.create(client, name="random-people")
new_user.add_to_group(client, new_group.id)
new_user.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.editor,)
new_group.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.viewer,)
# This function returns the effective role of the group, which is editor.
project.get_user_effective_role(client, new_user)
Set membership
This example adds the user named user
and overrides its role twice with add_member_mode=override
. Its final role is editor.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.editor,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
Pay Attention: User can only have one role. Because of that, add_member_mode
is set to override. At the end of the above operations the user is in the editor role.
Add multiple members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")
user2 = igz_mgmt.User.get_by_username(client, "example-user2")
group1 = igz_mgmt.Group.get_by_name(client, "example-group1")
project.add_members(
client,
[user1, user2, group1],
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
This example takes a list of users/groups that were returned by a query and adds them to the project as viewers. To prevent overriding existing membership roles, add_member_mode
is set to best_effort
.
project.add_members(
client,
igz_mgmt.User.list(client, filter_by={"department": "A"}),
igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
add_member_mode=igz_mgmt.constants.AddMemberMode.best_effort,
)
Set members
Overrides the existing role-members with the given members.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")
After this operation the only user with the admin role is example-user.
project.set_members(client, [user], igz_mgmt.constants.ProjectAuthorizationRoles.admin)
Remove one member
Remove a member from a project. If the user does not exist, no actions result.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")
project.remove_member(client, user1)
Remove multiple members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
Remove all viewers from project
all_viewers = project.get_viewer_users() + project.get_viewer_groups()
project.remove_members(client, all_viewers)
Apply authorization roles
You can use apply_authorization_roles
to perform several operations in a single API call.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
all_users_group = igz_mgmt.Group.get_by_name(client, "all_users")
with project.apply_authorization_roles(client) as role:
all_viewers = project.get_viewer_users() + project.get_viewer_groups()
project.remove_members(client, all_viewers)
project.set_membership(
client,
all_users_group,
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)