openstack-attic
/
identity-api
Code Issues Proposed changes

API documentation for Hierarchical Multitenancy 

Changes regarding the functionality of Hierarchical Multitenancy

- Changes in the Keystone API considering projects hierarchy.

Co-Authored-By: Rodrigo Duarte <rodrigods@lsd.ufcg.edu.br>
Depends On: blueprint hierarchical-multitenancy

Change-Id: Ieecb24c07e5e9d5e7215398244057a6d87501cfc
This commit is contained in:
Rodrigo Duarte Sousa 2014-10-18 19:16:19 -03:00
parent f127f394bb
commit 79c2944b37
1 changed files with 216 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

219
v3/src/markdown/identity-api-v3.md
View File

@ -9,6 +9,12 @@ The Identity API also provides endpoint discovery through a service catalog,
identity management, project management, and a centralized repository for
policy engine rule sets.
What's New in Version 3.4
-------------------------
- Addition of `parent_id` optional attribute to projects. It enables the
possibility to have a project's hierarchy.
What's New in Version 3.3
-------------------------
@ -732,6 +738,12 @@ Optional attributes:
the client, the Identity service implementation will default it to the domain
to which the client's token is scoped.
- `parent_id` (string) *New in version 3.4*
References the parent project; if a parent project is not specified by the
client, the Identity service implementation will consider as the project is
a top-level project (without any parents).
- `description` (string)
- `enabled` (boolean)
@ -749,6 +761,7 @@ Example entity:
"enabled": true,
"id": "263fd9",
"name": "project-x",
"parent_id": "183tp2",
"links": {
"self": "http://identity:35357/v3/projects/263fd9"
}
@ -2660,22 +2673,203 @@ Response:
Relationship: `http://docs.openstack.org/api/openstack-identity/3/rel/project`
*New in version 3.4*
Optional query parameters:
- `subtree` (key-only, no value expected)
- `parents` (key-only, no value expected)
If no query parameters are specified, then this API will return a regular
project object without any additional information about the projects hierarchy.
Response:
Status: 200 OK
{
"project": {
"domain_id": "1789d1",
"enabled": true,
"id": "263fd9",
"links": {
"self": "https://identity:35357/v3/projects/263fd9"
"self": "http://identity:35357/v3/projects/263fd9"
},
"id": "263fd9",
"parent_id": "183tp2",
"domain_id": "default",
"name": "Dev Group A"
}
}
If additional information about the project's hierarchy is required. This API
has two query parameters to handle such cases.
`GET /projects/{project_id}?parents`
Will be returned the regular information about the project and a list with
the projects traversing up its hierarchy until the top-level project.
Response:
{
"project": {
"enabled": true,
"links": {
"self": "http://identity:35357/v3/projects/263fd9"
},
"id": "263fd9",
"parent_id": "183tp2",
"domain_id": "default",
"name": "Dev Group A",
"parents": [
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/183tp2"
},
"id": "183tp2",
"parent_id": null,
"domain_id": "default",
"name": "Dev Group A Parent"
}
}
]
}
}
`GET /projects/{project_id}?subtree`
Will be returned the regular information about the project and a list with
projects subtree below its hierarchy.
Response:
{
"project": {
"enabled": true,
"links": {
"self": "http://identity:35357/v3/projects/263fd9"
},
"id": "263fd9",
"parent_id": "183tp2",
"domain_id": "default",
"name": "Dev Group A",
"subtree": [
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/9n1jhb"
},
"id": "9n1jhb",
"parent_id": "263fd9",
"domain_id": "default",
"name": "Dev Group A Child 1"
}
},
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/4g6jg1"
},
"id": "4g6jg1",
"parent_id": "263fd9",
"domain_id": "default",
"name": "Dev Group A Child 2"
}
},
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/b76xq8"
},
"id": "b76xq8",
"parent_id": "4g6jg1",
"domain_id": "default",
"name": "Dev Group A Grandchild"
}
}
]
}
}
Note that the query parameters are not mutually exclusive. The API accept both
parameters at the same time:
`GET /projects/{project_id}?parents&subtree`
Will be returned the regular information about the project and a list with
the projects traversing up its hierarchy and the subtree below it.
Response:
{
"project": {
"enabled": true,
"links": {
"self": "http://identity:35357/v3/projects/263fd9"
},
"id": "263fd9",
"parent_id": "183tp2",
"domain_id": "default",
"name": "Dev Group A",
"parents": [
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/183tp2"
},
"id": "183tp2",
"parent_id": null,
"domain_id": "default",
"name": "Dev Group A Parent"
}
}
],
"subtree": [
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/9n1jhb"
},
"id": "9n1jhb",
"parent_id": "263fd9",
"domain_id": "default",
"name": "Dev Group A Child 1"
}
},
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/4g6jg1"
},
"id": "4g6jg1",
"parent_id": "263fd9",
"domain_id": "default",
"name": "Dev Group A Child 2"
}
},
{
"project": {
"enabled": true,
"links": {
"self": "identity:35357/v3/projects/b76xq8"
},
"id": "b76xq8",
"parent_id": "4g6jg1",
"domain_id": "default",
"name": "Dev Group A Grandchild"
}
}
]
}
}
#### Create project: `POST /projects`
Relationship: `http://docs.openstack.org/api/openstack-identity/3/rel/projects`
@ -2686,6 +2880,7 @@ Request:
"project": {
"description": "Project space for Test Group",
"domain_id": "1789d1",
"parent_id": "7ha612",
"enabled": true,
"name": "Test Group"
}
@ -2699,6 +2894,7 @@ Response:
"project": {
"description": "Project space for Test Group",
"domain_id": "1789d1",
"parent_id": "7ha612",
"enabled": true,
"id": "d52e32",
"links": {
@ -2708,6 +2904,11 @@ Response:
}
}
* New in version 3.4 *
* Adding a project with a parent_id pointing to a project that
does not exist should fail with a `404 Not Found`
#### Update project: `PATCH /projects/{project_id}`
Relationship: `http://docs.openstack.org/api/openstack-identity/3/rel/project`
@ -2732,6 +2933,7 @@ Response:
"project": {
"description": "Project space for Build Group",
"domain_id": "1789d1",
"parent_id": "7ha612",
"enabled": true,
"id": "d52e32",
"links": {
@ -2741,12 +2943,23 @@ Response:
}
}
* New in version 3.4 *
* The update from the parent_id is not allowed and should fail
with a `403 Forbidden Action`
#### Delete project: `DELETE /projects/{project_id}`
Relationship: `http://docs.openstack.org/api/openstack-identity/3/rel/project`
Status: 204 No Content
* New in version 3.4 *
* The deletion of a project that is not a leaf in the project's
hierarchy, thus it is a parent from one or more projects,
should fail with a `403 Forbidden Action`
### Users
#### List users: `GET /users`