Projects API
Before you start, make sure that the igz_mgmt package is installed and that you are logged in to the system with the igz_mgmt.Client API. If not, see Control plane API.
import igz_mgmt
client = igz_mgmt.Client(access_key="some-access-id")
Create a project
This example illustrates creating a project.
# creating user as project owner
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
new_project = igz_mgmt.Project.create(
client,
name="my-new-project",
description="my-project-description",
labels=[{"name": "dummy-name", "value": "dummy-value"}],
owner=new_user,
)
print(new_project.id)
Get a project
Get a project by project id
project = igz_mgmt.Project.get(client, new_project.id)
Get a project by name
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
Update a project
Update a project attribute, in this example its description:
project.description = "my new project description"
updated_project = project.update(client)
Get project owner
user = project.get_owner(client)
Set project owner
By user id
project.set_owner(client, new_user.id)
By user instance
project.set_owner(client, new_user)
List projects
Example of listing projects:
# list all projects
projects = igz_mgmt.Project.list(client)
for project in projects:
print(f"ID: {project.id}, Name: {project.name}")
Delete a project
Set wait_for_job_deletion=False to continue with the function’s flow without waiting for a response. The delete function returns the job that was created.
Override the deletion_strategy argument with any default of igz_mgmt.ProjectDeletionStrategies enum.
job = project.delete(client, ignore_missing=False)
print(f"Job ID: {job.id}")
Project members API
Projects have 3 types of roles:
- Admin
- Editor
- Viewer
Each member has only one role.
When adding a member with the sdk (set_membership, add_members), use the add_member_mode argument to determine the outcome if the member is already defined:
override- If member exists, override its role.best_effort- If member exists, warn and don’t override its role.fail- If member exists, fail. (Default)
Get project members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
project.get_admin_users() # returns the list of admin users in this project
project.get_editor_users() # returns the list of editor users in this project
project.get_viewer_users() # returns the list of viewer users in this project
project.get_admin_groups() # returns the list of admin groups in this project
project.get_editor_groups() # returns the list of editor groups in this project
project.get_viewer_groups() # returns the list of viewer groups in this project
Get effective role of user in project
Get the effective role of user in project. If the user is a member of a role in the project and is part of a group that has a role in the project, then the higher level user is returned.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
new_user = igz_mgmt.User.create(
client,
username="anewuser",
password="rePlaceme12@!",
email="user@iguazio.com",
first_name="someone",
last_name="fromthepast",
)
new_group = igz_mgmt.Group.create(client, name="random-people")
new_user.add_to_group(client, new_group.id)
new_user.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.editor,)
new_group.ensure_project_membership(
client,
project_name="default",
role=igz_mgmt.constants.ProjectAuthorizationRoles.viewer,)
# This function will return the effective role of the group, which is editor
project.get_user_effective_role(client, new_user)
Set membership
This example adds the user named user and overrides its role twice with add_member_mode=override. Its final role is editor.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
project.set_membership(
client,
user,
igz_mgmt.constants.ProjectAuthorizationRoles.editor,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
Pay Attention: User can only have one role. Because of that, we set add_member_mode to override. At the end of the above operations the user will be in the editor role.
Add multiple members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")
user2 = igz_mgmt.User.get_by_username(client, "example-user2")
group1 = igz_mgmt.Group.get_by_name(client, "example-group1")
project.add_members(
client,
[user1, user2, group1],
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
This example takes a list of users/groups that were returned by a query and adds them to the project as viewers. To prevent overriding existing membership roles, add_member_mode is set to best_effort.
project.add_members(
client,
igz_mgmt.User.list(client, filter_by={"department": "A"}),
igz_mgmt.constants.ProjectAuthorizationRoles.viewer,
add_member_mode=igz_mgmt.constants.AddMemberMode.best_effort,
)
Set members
Overrides the existing role-members with the given members.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user = igz_mgmt.User.get_by_username(client, "example-user")
After this operation the only user with the admin role is example-user.
project.set_members(client, [user], igz_mgmt.constants.ProjectAuthorizationRoles.admin)
Remove one member
Remove a member from a project. If the user does not exist, no actions result.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
user1 = igz_mgmt.User.get_by_username(client, "example-user1")
project.remove_member(client, user1)
Remove multiple members
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
# Remove all viewers from project
all_viewers = project.get_viewer_users() + project.get_viewer_groups()
project.remove_members(client, all_viewers)
Apply authorization roles
You can use apply_authorization_roles to perform several operations in a single API call.
project = igz_mgmt.Project.get_by_name(client, "my-new-project")
all_users_group = igz_mgmt.Group.get_by_name(client, "all-users")
with project.apply_authorization_roles(client) as role:
all_viewers = project.get_viewer_users() + project.get_viewer_groups()
project.remove_members(client, all_viewers)
project.set_membership(
client,
all_users_group,
igz_mgmt.constants.ProjectAuthorizationRoles.admin,
add_member_mode=igz_mgmt.constants.AddMemberMode.override,
)
```