ZITADEL IAM for Machine Learning Platform Users
PythonZITADEL is a cloud-native identity and access management solution that allows you to manage users, machine users, organizations, and authentication in a centralized way. When you have a Machine Learning Platform, you often need to manage access for various kinds of users – be they human operators or automated processes (referred to as "machine users").
In order to create a Pulumi program to manage ZITADEL IAM for Machine Learning Platform Users, you would typically need to set up Human Users for the platform's operators and Machine Users for the automated processes that require access to the platform. Additionally, you may want to structure these users within projects, assign roles, and potentially manage access keys for machine users for secure API access.
Below is a Python program using Pulumi with the ZITADEL provider, which demonstrates how to create a human user, a machine user, a project, and assign roles to these users within the project context. Note that this is a basic example and a real-world setup would likely require more advanced configuration and security considerations.
First, you need to import the required ZITADEL and Pulumi packages:
import pulumi import pulumi_zitadel as zitadelNext, you can create a new project:
# Create a new ZITADEL project representing the machine learning platform workspace ml_project = zitadel.Project("mlProject", name="machine-learning-platform", # The orgId is optional and can be provided if you want to create this project within a specific ZITADEL organization # orgId="your-organization-id", )Subsequently, you can create a human user and a machine user associated with this project:
# Create a human user for operational access to the machine learning platform human_user = zitadel.HumanUser("humanUser", firstName="Jane", lastName="Doe", userName="jane.doe", email="jane.doe@example.com", isEmailVerified=True, # Optional fields like 'phone', 'displayName', etc., can be added as needed ) # Create a machine user for automated tasks in the machine learning platform machine_user = zitadel.MachineUser("machineUser", userName="ml-bot", name="Machine Learning Bot", # 'accessTokenType' specifies what type of access token the machine user should use # This depends on your Machine Learning platform's requirements for token authentication accessTokenType="JWT", # Example token type # Optionally, you can provide a description to document the machine user’s purpose description="Bot user for machine learning tasks automation", )After setting up the users, you may want to assign roles within the project:
# Assign a human user as a member of the machine learning project with specific roles project_member = zitadel.ProjectMember("projectMember", roles=["ml-operator", "data-scientist"], # Example role keys userId=human_user.id, projectId=ml_project.id, ) # For a machine user, you may need to create a machine key used for accessing the platform machine_key = zitadel.MachineKey("machineKey", keyType="Asymmetric", # Example key type expirationDate="2025-01-01T00:00:00Z", # Set expiration date for the key userId=machine_user.id, # Associate the key with the machine user created earlier orgId=ml_user_name.id, )Finally, it's always good practice to export any important URLs or IDs created during the process:
# Export useful outputs that might be required elsewhere pulumi.export("machine_learning_project_id", ml_project.id) pulumi.export("human_user_id", human_user.id) pulumi.export("machine_user_id", machine_user.id)Putting it all together, here’s the full Pulumi program for creating users within ZITADEL IAM for a Machine Learning Platform:
import pulumi import pulumi_zitadel as zitadel # Create a new ZITADEL project for the machine learning platform ml_project = zitadel.Project("mlProject", name="machine-learning-platform", # The orgId is optional and can be provided if you want to create this project within a specific ZITADEL organization # orgId="your-organization-id", ) # Create a human user for the machine learning platform human_user = zitadel.HumanUser("humanUser", firstName="Jane", lastName="Doe", userName="jane.doe", email="jane.doe@example.com", isEmailVerified=True, # Optional fields like 'phone', 'displayName', etc., can be added as needed ) # Create a machine user for the machine learning platform machine_user = zitadel.MachineUser("machineUser", userName="ml-bot", name="Machine Learning Bot", accessTokenType="JWT", # Example token type description="Bot user for machine learning tasks automation", ) # Assign the human user to the machine learning project with specific roles project_member = zitadel.ProjectMember("projectMember", roles=["ml-operator", "data-scientist"], # Example role keys userId=human_user.id, projectId=ml_project.id, ) # Create a key for the machine user machine_key = zitadel.MachineKey("machineKey", keyType="Asymmetric", # Example key type expirationDate="2025-01-01T00:00:00Z", # Set expiration date for the key userId=machine_user.id, orgId=ml_user_name.id, # Optionally provide the organization ID if specific scoping is required ) # Export outputs pulumi.export("machine_learning_project_id", ml_project.id) pulumi.export("human_user_id", human_user.id) pulumi.export("machine_user_id", machine_user.id)This program defines your machine learning platform’s project space, adds human and machine users, assigns roles, and creates access keys for machine users. When running this program with Pulumi, it will provision the resources with ZITADEL as defined by the code.
Remember to replace placeholder fields like
"your-organization-id"with actual IDs as required, and review the ZITADEL Pulumi provider documentation for more information on additional options and settings.