Using OpenStack Identity

Before working with the Identity service, you'll need to create a connection
to your OpenStack cloud by following the :doc:connect user guide. This will
provide you with the conn variable used in the examples below.
（在操作Identity服務之前，你需要建立連接。）
The OpenStack Identity service is the default identity management system for
OpenStack. The Identity service authentication process confirms the identity
of a user and an incoming request by validating a set of credentials that the
user supplies. Initially, these credentials are a user name and password or a
user name and API key. When the Identity service validates user credentials,
it issues an authentication token that the user provides in subsequent
requests. An authentication token is an alpha-numeric text string that enables
access to OpenStack APIs and resources. A token may be revoked at any time and
is valid for a finite duration.
（OpenStack Identity服務是默認的openstack身份管理系統。Identity服務認證過程確定一個用戶的身份，
和驗證一系列用戶請求。最初，這些憑證是一個用戶名和密碼，或者一個用戶名和API 密鑰。
當Identity服務驗證用戶憑證的時候，它有一個問題就是用戶提供的后續驗證token請求。一個身份認證token是
一個數字字母字符串，有它才能去使用openstack API和資源。一個token可以在任意時間撤銷，也是在固定時間段有效的。）
List Users

A user is a digital representation of a person, system, or service that
uses OpenStack cloud services. The Identity service validates that incoming
requests are made by the user who claims to be making the call. Users have
a login and can access resources by using assigned tokens. Users can be
directly assigned to a particular project and behave as if they are contained
in that project.
（user是指使用openstack云的一個人，一個系統或者一個服務的數字代表。身份認證服務驗證用戶進來的請求。
用戶有一個Login，并且能夠用分配的token去使用資源。用戶可以被直接分配到一個特定的工程，就像在那個工程里面一樣進行操作。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_users

Full example: identity resource list_

List Credentials

Credentials are data that confirms the identity of the user. For example,
user name and password, user name and API key, or an authentication token that
the Identity service provides.
（證書credentials 是用于確定用戶身份的數據。比如，用戶的用戶名和密碼，用戶名和API密鑰，或者一個其他的認證服務提供的認證令牌）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_credentials

Full example: identity resource list_

List Projects

A project is a container that groups or isolates resources or identity
objects.
（一個project就是一個容器 xxx）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_projects

Full example: identity resource list_

List Domains

A domain is an Identity service API v3 entity and represents a collection
of projects and users that defines administrative boundaries for the management
of Identity entities. Users can be granted the administrator role for a domain.
A domain administrator can create projects, users, and groups in a domain and
assign roles to users and groups in a domain.
（領域domain是一個身份服務API v3實體，并且代表一個項目的集合，xxx。為一個domain，用戶可以被授予管理角色。
一個domain管理員可以創建項目，users，和組在一個domain中，和分配角色給用戶和組。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_domains

Full example: identity resource list_

List Groups

A group is an Identity service API v3 entity and represents a collection of
users that are owned by a domain. A group role granted to a domain or project
applies to all users in the group. Adding users to, or removing users from, a
group respectively grants, or revokes, their role and authentication to the
associated domain or project.
（組group是一個身份服務API v3實體，并且代表一個用戶的集合被一個domain持有。一個組角色授予xx給一個domain或者項目，增加用戶，
或者從里面刪除用戶，一個分組分別地授予，或者撤銷他們的domain或者項目相關的角色和認證）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_groups

Full example: identity resource list_

List Services

A service is an OpenStack service, such as Compute, Object Storage, or
Image service, that provides one or more endpoints through which users can
access resources and perform operations.
（service是一個openstack服務，比如compute，對象存儲，或者鏡像服務，提供一個或者多個endpoint，通過endpoint用戶可以
操作資源和其他操作。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_services

Full example: identity resource list_

List Endpoints

An endpoint is a network-accessible address, usually a URL, through which
you can access a service.
（endpoint是一個通過網絡可以訪問的地址，通常是一個URL，通過它你可以操作一個service。）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_endpoints

Full example: identity resource list_

List Regions

A region is an Identity service API v3 entity and represents a general
division in an OpenStack deployment. You can associate zero or more
sub-regions with a region to make a tree-like structured hierarchy.
（范圍region是一個身份服務API v3的實例，代表一個通常的部門在openstack開發中。
你可以連接0個或者多個子region去實現一個樹狀層級）
.. literalinclude:: ../examples/identity/list.py
:pyobject: list_regions

Full example: identity resource list_

.. _identity resource list: http://git.openstack.org/cgit/openstack/python-openstacksdk/tree/examples/identity/list.py