Users API
Before you start, make sure that the igz_mgmt package is installed and that you are logged in to the system with the igz_mgmt.Client API. If not, see Control plane API.
import igz_mgmt
client = igz_mgmt.Client(access_key="some-access-id")
Create a user
This example illustrates creating a user with default assigned policies (Developer, Application Read Only).
To set different policies, override the create
arg - assigned_policies
with any default of igz_mgmt.TenantManagementRoles
enum.
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="igz-sdk",
last_name="test",
uid=50,
)
print(new_user.id)
Check if user is operational
is_operational = new_user.is_operational(client)
Get a user
Get a user by user id
user = igz_mgmt.User.get(client, new_user.id)
Note: this function gets a user using its id that was already generated in the database, and not by its UID.
Get a user by username
user = igz_mgmt.User.get_by_username(client, "anewuser")
Update a user
Update a user attribute, in this example its last name:
user.last_name = "my name lastname"
updated_user = user.update(client)
List users
Two examples of listing users:
# List all users
users = igz_mgmt.User.list(client)
for user in users:
print(f"ID: {user.id}, First Name: {user.first_name}")
# list users, filter by their first_name attribute
some_users = igz_mgmt.User.list(client, filter_by={"first_name": "Iguazio"})
print(f"ID: {some_users[0].id}")
Get self user
Getting the user object that correlates to the HTTP client created earlier:
running_user = igz_mgmt.User.self(client)
print(f"The client's username is {running_user.username}")
Enable / disable user
On user instance
new_user.enable(client)
new_user.disable(client)
By user id
igz_mgmt.User.enable_by_id(client, new_user.id)
igz_mgmt.User.disable_by_id(client, new_user.id)
By username
igz_mgmt.User.enable_by_username(client, new_user.username)
igz_mgmt.User.disable_by_username(client, new_user.username)
Delete a user
Set wait_for_job_deletion=False
to continue with the functions flow without waiting for a response. The delete
function returns the job that was created.
job = new_user.delete(client, ignore_missing=False)
print(f"Job ID: {job.id}")
Add/remove a user to/from group
# get or create group
group = igz_mgmt.Group.get_by_name(client, "random-people")
if not group:
group = igz_mgmt.Group.create(client, name="random-people")
# create user
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
# add user to group
new_user.add_to_group(client, group.id)
# get the group with its users
group = igz_mgmt.Group.get(client, group.id, include=["users"])
# make sure you see the user in group users
found = (
len(
list(
filter(
lambda user: user["id"] == new_user.id,
group.relationships.get("users").get("data"),
)
)
)
> 0
)
print("User was added: " + str(found))
# remove user from group
new_user.remove_from_group(client, group.id)
Tips:
- It is also possible to pass the group itself when adding a user to a group, e.g:
new_user.add_to_group(client, group)
. - To remove a user from its primary group, add
force=True
to theremove_user
function.
Check if user is part of group
# get or create group
group = igz_mgmt.Group.get_by_name(client, "random-people")
if not group:
group = igz_mgmt.Group.create(client, name="random-people")
# create user
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
# add user to group
new_user.add_to_group(client, group.id)
# check if user is in group - should return True
new_user.in_group(client, group.id)
# remove user from group
new_user.remove_from_group(client, group.id)
# check if user is in group - should return False
new_user.in_group(client, group.id)
Set a user’s primary group
Users can inherit their GID for linux POSIX/ACL permission management from their primary group.
user_primary_group = igz_mgmt.Group.create(client, "newgroup")
new_user.add_to_group(client, user_primary_group.id)
new_user.set_primary_group(client, group=user_primary_group)
# or, by using the group id with:
# new_user.set_primary_group(client, group="some-group-id")
Get a user's primary group
new_user.get_primary_group(client)
Ensure project membership
Ensure that the user has the given role in the given project. If the user is not a member of the project, it is added to the project with the given role. By default, this overrides the user’s current role in the project, if it is already a member.
user = igz_mgmt.User.get_by_name(client, "my-user")
user.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.admin,
)
Get effective role of user in project
Get the effective role of user in project. If the user is a member of a role in the project and is part of a group that has a role in the project, then the higher level user is returned.
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
new_group = igz_mgmt.Group.create(client, name="random-people")
new_user.add_to_group(client, new_group.id)
new_user.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.viewer,)
new_group.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.admin,)
# This function returns the effective role of the group, which is admin.
new_user.get_project_effective_role(
client,
project_name="default",
)
Remove a user as a member of a project
user = igz_mgmt.User.get_by_name(client, "my-user")
user.remove_from_project(client, project_name="default")