Users API

On This Page

Before you start, make sure that the igz_mgmt package is installed and that you are logged in to the system with the igz_mgmt.Client API. If not, see Control plane API.

import igz_mgmt

client = igz_mgmt.Client(access_key="some-access-id")

Create a user

This example illustrates creating a user with default assigned policies (Developer, Application Read Only).

To set different policies, override the create arg - assigned_policies with any default of igz_mgmt.TenantManagementRoles enum.

new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="igz-sdk",
    last_name="test",
    uid=50,
)
print(new_user.id)

Check if user is operational

is_operational = new_user.is_operational(client)

Get a user

Get a user by user id

user = igz_mgmt.User.get(client, new_user.id)

Note: this function gets a user using its id that was already generated in the database, and not by its UID.

Get a user by username

user = igz_mgmt.User.get_by_username(client, "anewuser")

Update a user

Update a user attribute, in this example its last name:

user.last_name = "my name lastname"
updated_user = user.update(client)

List users

Two examples of listing users:

# List all users
users = igz_mgmt.User.list(client)
for user in users:
    print(f"ID: {user.id}, First Name: {user.first_name}")

# list users, filter by their first_name attribute
some_users = igz_mgmt.User.list(client, filter_by={"first_name": "Iguazio"})
print(f"ID: {some_users[0].id}")

Get self user

Getting the user object that correlates to the HTTP client created earlier:

running_user = igz_mgmt.User.self(client)
print(f"The client's username is {running_user.username}")

Enable / disable user

On user instance

new_user.enable(client)
new_user.disable(client)

By user id

igz_mgmt.User.enable_by_id(client, new_user.id)
igz_mgmt.User.disable_by_id(client, new_user.id)

By username

igz_mgmt.User.enable_by_username(client, new_user.username)
igz_mgmt.User.disable_by_username(client, new_user.username)

Delete a user

Set wait_for_job_deletion=False to continue with the functions flow without waiting for a response. The delete function returns the job that was created.

job = new_user.delete(client, ignore_missing=False)
print(f"Job ID: {job.id}")

Add/remove a user to/from group

# get or create group
group = igz_mgmt.Group.get_by_name(client, "random-people")
if not group:
    group = igz_mgmt.Group.create(client, name="random-people")

# create user
new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="someone",
    last_name="fromthepast",
)

# add user to group
new_user.add_to_group(client, group.id)

# get the group with its users
group = igz_mgmt.Group.get(client, group.id, include=["users"])

# make sure you see the user in group users
found = (
    len(
        list(
            filter(
                lambda user: user["id"] == new_user.id,
                group.relationships.get("users").get("data"),
            )
        )
    )
    > 0
)
print("User was added: " + str(found))

# remove user from group
new_user.remove_from_group(client, group.id)

Tips:

  • It is also possible to pass the group itself when adding a user to a group, e.g: new_user.add_to_group(client, group).
  • To remove a user from its primary group, add force=True to the remove_user function.

Check if user is part of group

# get or create group
group = igz_mgmt.Group.get_by_name(client, "random-people")
if not group:
    group = igz_mgmt.Group.create(client, name="random-people")

# create user
new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="someone",
    last_name="fromthepast",
)

# add user to group
new_user.add_to_group(client, group.id)

# check if user is in group - should return True
new_user.in_group(client, group.id)

# remove user from group
new_user.remove_from_group(client, group.id)

# check if user is in group - should return False
new_user.in_group(client, group.id)

Set a user’s primary group

Users can inherit their GID for linux POSIX/ACL permission management from their primary group.

user_primary_group = igz_mgmt.Group.create(client, "newgroup")
new_user.add_to_group(client, user_primary_group.id)
new_user.set_primary_group(client, group=user_primary_group)

# or, by using the group id with:
# new_user.set_primary_group(client, group="some-group-id")

Get a user's primary group

new_user.get_primary_group(client)

Ensure project membership

Ensure that the user has the given role in the given project. If the user is not a member of the project, it is added to the project with the given role. By default, this overrides the user’s current role in the project, if it is already a member.

user = igz_mgmt.User.get_by_name(client, "my-user")
user.ensure_project_membership(
    client,
    project_name="default",
    role=igz_mgmt.constants.ProjectAuthorizationRoles.admin,
)

Get effective role of user in project

Get the effective role of user in project. If the user is a member of a role in the project and is part of a group that has a role in the project, then the higher level user is returned.

new_user = igz_mgmt.User.create(
    client,
    username="anewuser",
    password="rePlaceme12@!",
    email="user@iguazio.com",
    first_name="someone",
    last_name="fromthepast",
)

new_group = igz_mgmt.Group.create(client, name="random-people")
new_user.add_to_group(client, new_group.id)

new_user.ensure_project_membership(
    client,
    project_name="default",
    role=igz_mgmt.constants.ProjectAuthorizationRoles.viewer,)

new_group.ensure_project_membership(
    client,
    project_name="default",
    role=igz_mgmt.constants.ProjectAuthorizationRoles.admin,)


# This function returns the effective role of the group, which is admin.
new_user.get_project_effective_role(
    client,
    project_name="default",
)

Remove a user as a member of a project

user = igz_mgmt.User.get_by_name(client, "my-user")
user.remove_from_project(client, project_name="default")