Using OpenStack Identity

Before working with the Identity service, you'll need to create a connection
to your OpenStack cloud by following the :doc:connect user guide. This will
provide you with the conn variable used in the examples below.
（在操作Identity服务之前，你需要建立连接。）
The OpenStack Identity service is the default identity management system for
OpenStack. The Identity service authentication process confirms the identity
of a user and an incoming request by validating a set of credentials that the
user supplies. Initially, these credentials are a user name and password or a
user name and API key. When the Identity service validates user credentials,
it issues an authentication token that the user provides in subsequent
requests. An authentication token is an alpha-numeric text string that enables
access to OpenStack APIs and resources. A token may be revoked at any time and
is valid for a finite duration.
（OpenStack Identity服务是默认的openstack身份管理系统。Identity服务认证过程确定一个用户的身份，
和验证一系列用户请求。最初，这些凭证是一个用户名和密码，或者一个用户名和API 密钥。
当Identity服务验证用户凭证的时候，它有一个问题就是用户提供的后续验证token请求。一个身份认证token是
一个数字字母字符串，有它才能去使用openstack API和资源。一个token可以在任意时间撤销，也是在固定时间段有效的。）
List Users

A user is a digital representation of a person, system, or service that
uses OpenStack cloud services. The Identity service validates that incoming
requests are made by the user who claims to be making the call. Users have
a login and can access resources by using assigned tokens. Users can be
directly assigned to a particular project and behave as if they are contained
in that project.
（user是指使用openstack云的一个人，一个系统或者一个服务的数字代表。身份认证服务验证用户进来的请求。
用户有一个Login，并且能够用分配的token去使用资源。用户可以被直接分配到一个特定的工程，就像在那个工程里面一样进行操作。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_users

Full example: identity resource list_

List Credentials

Credentials are data that confirms the identity of the user. For example,
user name and password, user name and API key, or an authentication token that
the Identity service provides.
（证书credentials 是用于确定用户身份的数据。比如，用户的用户名和密码，用户名和API密钥，或者一个其他的认证服务提供的认证令牌）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_credentials

Full example: identity resource list_

List Projects

A project is a container that groups or isolates resources or identity
objects.
（一个project就是一个容器 xxx）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_projects

Full example: identity resource list_

List Domains

A domain is an Identity service API v3 entity and represents a collection
of projects and users that defines administrative boundaries for the management
of Identity entities. Users can be granted the administrator role for a domain.
A domain administrator can create projects, users, and groups in a domain and
assign roles to users and groups in a domain.
（领域domain是一个身份服务API v3实体，并且代表一个项目的集合，xxx。为一个domain，用户可以被授予管理角色。
一个domain管理员可以创建项目，users，和组在一个domain中，和分配角色给用户和组。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_domains

Full example: identity resource list_

List Groups

A group is an Identity service API v3 entity and represents a collection of
users that are owned by a domain. A group role granted to a domain or project
applies to all users in the group. Adding users to, or removing users from, a
group respectively grants, or revokes, their role and authentication to the
associated domain or project.
（组group是一个身份服务API v3实体，并且代表一个用户的集合被一个domain持有。一个组角色授予xx给一个domain或者项目，增加用户，
或者从里面删除用户，一个分组分别地授予，或者撤销他们的domain或者项目相关的角色和认证）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_groups

Full example: identity resource list_

List Services

A service is an OpenStack service, such as Compute, Object Storage, or
Image service, that provides one or more endpoints through which users can
access resources and perform operations.
（service是一个openstack服务，比如compute，对象存储，或者镜像服务，提供一个或者多个endpoint，通过endpoint用户可以
操作资源和其他操作。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_services

Full example: identity resource list_

List Endpoints

An endpoint is a network-accessible address, usually a URL, through which
you can access a service.
（endpoint是一个通过网络可以访问的地址，通常是一个URL，通过它你可以操作一个service。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_endpoints

Full example: identity resource list_

List Regions

A region is an Identity service API v3 entity and represents a general
division in an OpenStack deployment. You can associate zero or more
sub-regions with a region to make a tree-like structured hierarchy.
（范围region是一个身份服务API v3的实例，代表一个通常的部门在openstack开发中。
你可以连接0个或者多个子region去实现一个树状层级）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_regions

Full example: identity resource list_

.. _identity resource list: http://git.openstack.org/cgit/openstack/python-openstacksdk/tree/examples/identity/list.py