v2.0/extensions.
- <group name>.*. For example, a party
- named scheduler.host.example.com is
- considered a member of the scheduler group.
- This method is the same method that is used to name
- message queues in OpenStack.
- 2012-03-26T10:01:01.720000.
- esek payload to the destination party. The source and
- destination strings used when requesting the ticket also must be
- sent to the destination party to enable it to derive the shared
- signing end encryption keys. The messaging implementation is
- responsible for transferring this data to the destination party.
- expand function by using the information that it
- receives from the source party to complete derivation of the
- shared signing and encryption keys. The inputs to the HKDF
- expand function are:
- info input for the HKDF expand
- function is a string that concatenates the source, destination,
- and esek.timestamp strings by using a comma
- (,) separator between each element. The following
- example shows a valid info string where
- scheduler.host.example.com is the source,
- compute.host.example.com is the destination, and
- 2012-03-26T10:01:01.720000 is the
- esek.timestamp:
- keystone. A
- trust extension defines a relationship between a trustor and
- trustee. A trustor is the user who delegates a limited set of
- their own rights to another user, known as the trustee, for a
- limited time.
- X-Auth-Token
- request header.
- password or token, the credentials, and,
- optionally, the authorization scope. You can scope a token to a
- project or domain, or the token can be unscoped. You cannot scope
- a token to both a project and domain.
- X-Subject-Token response header.
- X-Auth-Token request header.
- | Response code | -Description | -
|---|---|
- Bad Request (400)
- |
-
- |
-
- Unauthorized (401)
- |
-
- X-Auth-Token
- header is not valid.
- |
-
- Forbidden (403)
- |
-
- |
-
- Not Found (404)
- |
-
- |
-
- Conflict (409)
- |
-
- /users request two times for the
- unique, user-defined name attribute for a user
- entity.
- |
-
identity and
- ldap groups. These groups override the default
- configuration settings for the storage of users and groups by the
- Identity server.
- password option within
- the ldap group.
- url option.
- identity or ldap
- groups, the Forbidden (403) response code is
- returned.
- type to
- application/json and specify policy rules as JSON
- strings in a blob. For example:
- us-east.
- include_subtree=true, you must
- also specify the scope.project.id. Otherwise,
- this call returns the Bad Request (400)
- response code.
- effective query parameter to list effective
- assignments at the user, project, and domain level. This parameter
- allows for the effects of group membership. The group role
- assignment entities themselves are not returned in the collection.
- This represents the effective role assignments that would be
- included in a scoped token.
- links entity section for
- entities for group members also contains a URL that enables access
- to the membership of the group.
- effective parameter, such as:
- os-server-external-events.
- passwordCredentials object. If you do not provide a
- password credentials, you must provide a token.
- passwordCredentials object. If you do not provide a
- password credentials, you must provide a token.
- tenantId and
- tenantName attributes are optional and mutually
- exclusive. If you specify both attributes, the call returns the
- Bad Request (400) response code.
- tenantId and
- tenantName attributes are optional and mutually
- exclusive. If you specify both attributes, the call returns the
- Bad Request (400) response code.
- /tokens/{tokenId} path. If
- the token is not valid, this call returns the HTTP
- itemNotFound (404) response code.
- token object. Required if you do not
- provide password credentials.
- token
- object.
- os-server-external-events.
- unauthorized (401) response code.
- my_id.
- tenant
- object.null.serviceCatalog object.endpoints objects. Each object shows the
- adminURL, region,
- internalURL, id, and publicURL
- for the endpoint.user
- object, which shows the username, roles_links,
- id, roles, and
- name.metadata
- object.trust
- object.user object.
- user objects.
- true) or
- disabled(false).
- The default value is true.
- true) or
- disabled(false).
- The default value is true.
- tenant object.
- true.
- user object.true to enable the user.
- users object.
- user object.
- users_links object.
- users object.
- roles
- object./tokens/{tokenId}
- path. If the token is not valid, this call
- throws the itemNotFound (404)
- fault.
- /tokens/{tokenId}. If the
- token is not valid, the call returns the itemNotFound
- (404) response code.
- X-Subject-Token
- header and internally call and pass in all headers and query
- parameters to the normal validation code for Identity.
- Consequently, this extension must support all existing
- /tokens/{tokenId} calls including extensions such
- as HP-IDM.
- /tokens/{tokenId}. If the
- token is not valid, the call returns the itemNotFound
- (404) response code.
- X-Subject-Token
- header and internally call and pass in all headers and query
- parameters to the normal validation code for Identity.
- Consequently, this extension must support all existing
- /tokens/{tokenId} calls including extensions such
- as HP-IDM.
- /tokens/{tokenId} path. If the
- token is not valid, this call returns the HTTP
- itemNotFound (404) response code.
- tenantId and
- tenantName attributes are
- optional and mutually exclusive. If you
- specify both attributes, the call returns the
- Bad Request (400) response code.
- tenantId and
- tenantName attributes are
- optional and mutually exclusive. If you
- specify both attributes, the call returns the
- Bad Request (400) response code.
- passwordCredentials object. To
- authenticate, you must provide either a user
- ID and password or a token.
- passwordCredentials object. If
- you do not provide a password credentials, you
- must provide a token.
- passwordCredentials
- object. If you do not provide a password
- credentials, you must provide a token.
- token object. Required if you
- do not provide password credentials.
- token object.
- v2.0/tokens as the path.
- Include a payload of credentials in the body.
- X-Auth-Token header. Clients obtain this token
- and the URL endpoints for other service APIs by supplying
- their valid credentials to the authentication service.
- unauthorized (401) response code.
- itemNotFound (404) response
- code.
- trust object, you need to set
- trust enable on the keystone configuration.
- access object.
- token object.
- my_id.
- tenant
- object.null.serviceCatalog object.
- endpoints objects.
- Each object shows the adminURL,
- region, internalURL,
- id, and publicURL for
- the endpoint.
- user object, which shows the
- username, roles_links,
- id, roles, and
- name.
- metadata
- object.trust
- object./tokens/{tokenId} path. If the
- token is not valid, this call returns the itemNotFound
- (404) response code.
- true) or disabled
- (false). Default is
- true.
- true) or disabled (false).true) or disabled
- (false). Default is
- true.
- name query parameter in the request.
- name query
- parameter as GET /v2.0/users?name={name}.
- 401 status code.
- 404 status code.
- trust object, you need to set
- trust enable on the keystone configuration.
- tenantId
- and tenantName attributes are
- optional and mutually exclusive. If you specify
- both attributes, the server returns the Bad
- Request (400) response code.
- tenantId
- and tenantName attributes are
- optional and mutually exclusive. If you specify
- both attributes, the server returns the Bad
- Request (400) response code.
- passwordCredentials object. To
- authenticate, you must provide either a user ID
- and password or a token.
- passwordCredentials object.
- Otherwise, you must provide a token.
- passwordCredentials object.
- Otherwise, you must provide a token.
- token object. Required if you do
- not provide a password credential.
- token object.
- access object.
- token object.
- my_id.
- tenant object.
- null.
- serviceCatalog objects.
- endpoints objects. Each
- object shows the adminURL,
- region, internalURL,
- id, and publicURL for
- the endpoint.
- user object, which shows the
- username, roles_links,
- id, roles, and
- name.
- metadata object.
- trust object.
- - A password attribute used when creating users. -
-- A list of services. -
-- A service. -
-- An extensible credentials type. -
-- A list of endpoint templates. -
-- An endpoint template. -
-- Version details. -
-- An ID uniquely identifying the endpoint template. -
-- The OpenStack-registered type (e.g. 'compute', 'object-store', etc). -
-- The commercial service name (e.g. 'My Nova Cloud Servers'). -
-- The region of the endpoint template. -
-- The public URL to access represented service. -
-- The internal version of the public URL. -
-- The admin URL. -
-- If true the endpoint template is automatically part of every account. -
-- True if the endpoint template is enabled (active). - An endpoint template cannot be added if it's disabled or inactive (false). -
-- This is the main index XML Schema document - for Common API Schema Types Version 1.0. -
-- Types related to extensions. -
-- Types related to API version details. -
-- This schema document describes the XML namespace, in a form - suitable for import by other schema documents. -
-- See - http://www.w3.org/XML/1998/namespace.html and - - http://www.w3.org/TR/REC-xml for information - about this namespace. -
-- Note that local names in this namespace are intended to be - defined only by the World Wide Web Consortium or its subgroups. - The names currently defined in this namespace are listed below. - They should not be used with conflicting semantics by any Working - Group, specification, or document instance. -
-- See further below in this document for more information about how to refer to this schema document from your own - XSD schema documents and about the - namespace-versioning policy governing this schema document. -
-- denotes an attribute whose value - is a language code for the natural language of the content of - any element; its value is inherited. This name is reserved - by virtue of its definition in the XML specification.
- -- Attempting to install the relevant ISO 2- and 3-letter - codes as the enumerated possible values is probably never - going to be a realistic possibility. -
-- See BCP 47 at - http://www.rfc-editor.org/rfc/bcp/bcp47.txt - and the IANA language subtag registry at - - http://www.iana.org/assignments/language-subtag-registry - for further information. -
-- The union allows for the 'un-declaration' of xml:lang with - the empty string. -
-- denotes an attribute whose - value is a keyword indicating what whitespace processing - discipline is intended for the content of the element; its - value is inherited. This name is reserved by virtue of its - definition in the XML specification.
- -- denotes an attribute whose value - provides a URI to be used as the base for interpreting any - relative URIs in the scope of the element on which it - appears; its value is inherited. This name is reserved - by virtue of its definition in the XML Base specification.
- -- See http://www.w3.org/TR/xmlbase/ - for information about this attribute. -
-- denotes an attribute whose value - should be interpreted as if declared to be of type ID. - This name is reserved by virtue of its definition in the - xml:id specification.
- -- See http://www.w3.org/TR/xml-id/ - for information about this attribute. -
-- denotes Jon Bosak, the chair of - the original XML Working Group. This name is reserved by - the following decision of the W3C XML Plenary and - XML Coordination groups: -
---- In appreciation for his vision, leadership and - dedication the W3C XML Plenary on this 10th day of - February, 2000, reserves for Jon Bosak in perpetuity - the XML name "xml:Father". -
-
- This schema defines attributes and an attribute group suitable
- for use by schemas wishing to allow xml:base,
- xml:lang, xml:space or
- xml:id attributes on elements they define.
-
- To enable this, such a schema must import this schema for - the XML namespace, e.g. as follows: -
-- <schema . . .> - . . . - <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2001/xml.xsd"/> --
- or -
-- <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2009/01/xml.xsd"/> --
- Subsequently, qualified reference to any of the attributes or the - group defined below will have the desired effect, e.g. -
-- <type . . .> - . . . - <attributeGroup ref="xml:specialAttrs"/> --
- will define a type which will schema-validate an instance element - with any of those attributes. -
-- In keeping with the XML Schema WG's standard versioning - policy, this schema document will persist at - - http://www.w3.org/2009/01/xml.xsd. -
-- At the date of issue it can also be found at - - http://www.w3.org/2001/xml.xsd. -
-- The schema document at that URI may however change in the future, - in order to remain compatible with the latest version of XML - Schema itself, or with the XML namespace itself. In other words, - if the XML Schema or XML namespaces change, the version of this - document at - http://www.w3.org/2001/xml.xsd - - will change accordingly; the version at - - http://www.w3.org/2009/01/xml.xsd - - will not change. -
-- Previous dated (and unchanging) versions of this schema - document are at: -
- -Base type for credential in the Identity Service. -
-Both the tenantId and tenantName are optional, but - should not be specified together. If both - attributes are specified, the server SHOULD - respond with a 400 Bad Request.
-An Endpoint.
-A list of endpoints.
-Version details.
-An ID uniquely identifying the Endpoint.
-The OpenStack-registered type (such as, 'compute', - 'object-store', and so on).
-The commercial service name (such as, 'My Nova - Cloud Servers').
-The region of endpoint template.
-The public URL to access represented service. -
-The internal version of the public URL.
-The admin URL.
-Tenant ID to which the endpoints belong.
-This schema file defines types related to API - extensions.
-A list of supported extensions.
-Details about a specific extension.
-A list of extensions.
-Details about a specific extension.
-A short description of what the extension - does.
-A human readable extension name.
-Extension namespace used for XML - representations.
-A vendor prefix alias used for non-XML - representations.
-The time that the extension was added or - modified.
- There should be at least one atom link with a
- describedby relation. This relation provides
- developer info for the extension.
Vendor aliases are used to differentiate
- extensions in non-XML representations as well as
- in HTTP headers and in the URL path. An alias is
- made of a vendor prefix, followed be a dash (-)
- followed be a short extension ID. For example:
- RAX-PIE.
- A human readable message that is appropriate for display - to the end user. -
-- The optional <details> element may contain useful - information for tracking down errors (e.g a stack - trace). This information may or may not be appropriate - for display to an end user. -
-- The HTTP status code associated with the current fault. -
-- An optional dateTime denoting when an operation should - be retried. -
-- A list of roles. -
-- A role. -
-An extensible service type allows all of the - strings defined in ServiceType or an alias prefixed status. -
-The type for an OpenStack Compute API 1.1 - compatible service.
-The type for a Swift-compatible service. -
-The type for a Glance-compatible service -
-The type for an Identity - Service-compatible service.
-The type for a Block-Storage-compatible - service.
-The type for an Amazon EC2-compatible - service.
-A non-core service type, which must contain an - extension prefix.
-- A container used to group or isolate resources and/or identity - objects. Depending on the service operator, a tenant may map to a customer, - account, organization, or project. -
-- A list of tenants. -
-- An free text description of the tenant. -
-- An ID uniquely identifying the tenant. This usually comes from the back-end store. - This value is guaranteed to be unique and immutable (it will never change). -
-- The name of the tenant. This is guaranteed to be unique, but may change. -
-- An boolean signifying if a tenant is enabled or not. A disabled tenant - cannot be authenticated against. -
-- A human-readable, friendly name for use in user interfaces. -
-- A time-stamp identifying the modification time of the - tenant. -
-- A creation time-stamp for the tenant. -
-A token is an arbitrary bit of text that is used - to access resources. Each token has a scope which - describes which resources are accessible with it. - A token may be revoked at anytime and is valid for - a finite duration.
-While the Identity Service supports token-based - authentication in this release, the intention is - for it to support additional protocols in the - future. The desire is for it to be an integration - service, and not a full-fledged identity store and - management solution.
-The service catalog lists the services you have - access to
-We optimized for future flexibility around the - hierarchy. So we left the design as a flat - list of endpoints with attributes and the - consumer can categorize as they need. This - results in potential duplication (such as with - the version/@list) but we acceopt that - normalization cost in order to not force an - artificial hierarchy (suchas on region, which - can be optional).
-A list of services.
-A list of endpoints.
-The OpenStack-registered type (e.g. 'compute', - 'object-store', etc).
-The commercial service name (e.g. 'My Nova - Cloud Servers').
-Version details.
-The name of the region where the endpoint - lives. Example: airport codes; LHR (UK), STL - (Saint Louis)
-Tenant id to which the endpoints belong.
-Public accessible service URL.
-A service URL, accessible only locally within - that cloud (generally over a high bandwidth, - low latency, free of charge link).
-An Admin URL (used for administration using - privileged calls). This may expose additional - functionality not found in the public and - internal URL.
-Id of the version.
-URI to get the information specific to this - version.
-URI to get the information about all versions. -
-A list of Users.
-An Identity Service user.
-An automatically generated, unique, immutable - (it will never change) identifier for the - user. This is generated by the back end where this - user is stored.
-A unique, mutable (it can change) user name - that may be used by the user an identifier - when presenting credentials.
-- A true or false value that determines whether the - user can authenticate. If enabled (true), the user - can authenticate. If disabled (false), the user - cannot authenticate. The back end in use determines - how this value is stored or generated. -
-A human-readable, friendly name for use in - user interfaces.
-A time-stamp identifying the modification time - of the user.
-A creation time-stamp for the user.
-- This schema file defines all types related to versioning. -
-- This element is returned when the version of the - resource cannot be determined. The element - provides a list of choices for the resource. -
-- Provides a list of supported versions. -
-- This element provides detailed meta information - regarding the status of the current API version. - This is the XSD 1.0 compatible element definition. -
-- This element provides detailed meta information - regarding the status of the current API - version. The description should include a pointer - to both a human readable and a machine processable - description of the API service. -
-Loading...-
- Your browser does not seem to have support for - namespace nodes in XPath. If you're a Firefox - user, please consider voting to get this issue - resolved: - - https://bugzilla.mozilla.org/show_bug.cgi?id=94270 - -
-|
- |
-
-
-
-
-
-
-
- |
-
|
-
-
-
-
-
-
- |
-
| enum values | -|
| - |
;) character to
- separate multiple schemes. See Accept.
- Accept request header value is
- application/json-home, the call returns a JSON
- Home document. The JSON Home document includes all core
- components and the resources for any enabled extensions and excludes
- the resources for disabled extensions.
- Content-Type
- header value in the response because earlier servers return a
- normal JSON response rather than a JSON Home document.
- ldap or
- identity.
- ldap group, a valid value is
- url or user_tree_dn. For the
- identity group, a valid value is driver.
- Conflict (409)
- status code.
- true) or
- disabled (false) domains.
- true) or
- disabled (false) groups.
- true) or
- disabled (false) projects.
- true) or
- disabled (false) roles.
- true) or
- disabled (false) users.
- application/json.
- compute, ec2, identity,
- image, network, or volume.
- v3.4.
- stable or deprecated.
- version object.
- versions object.
- credential object.
- credentials object.
- ec2 or
- cert. The implementation determines the list of
- supported types.
- ec2 or
- cert. The implementation determines the list of
- supported types.
- ec2 or
- cert. The implementation determines the list of
- supported types.
- credential resource.
- credentials resource.
- domain object.
- domains object.
- true. To disable the domain,
- set to false. Default is true.
- true, the domain is enabled. Users can
- authorize against an enabled domain and any of its projects. Users
- that are owned by an enabled domain can authenticate and receive
- additional authorization.
- false, the domain is disabled. Users cannot
- authorize against a disabled domain or any of its projects. Users
- that are owned by a disabled domain cannot authenticate or receive
- additional authorization. All tokens that are authorized for a
- disabled domain or its projects become no longer valid. If you
- reenable the domain, these tokens are not re-enabled.
- domain resource.
- domains resource.
- config object.
- identity object. Required to set the identity
- group configuration options.
- ldap object. Required to set the LDAP group
- configuration options.
- ou=Users,dc=root,dc=org.
- ou=Users,dc=root,dc=org.
- endpoint object.
- endpoints object.
- false. The endpoint does not appear
- in the service catalog.
- true. The endpoint appears in the service
- catalog.
- true.
- public. Visible by end users on a
- publicly available network interface.
- internal. Visible by end users on
- an unmetered internal network interface.
- admin. Visible by administrative users on a
- secure network interface.
- region_id parameter instead.
- false. The endpoint does not appear
- in the service catalog.
- true. The endpoint appears in the service
- catalog.
- public. Visible by end users on a
- publicly available network interface.
- internal. Visible by end users on
- an unmetered internal network interface.
- admin. Visible by administrative users on a
- secure network interface.
- endpoint resource.
- next relative link for the endpoint resource.
- previous relative link for the endpoint resource.
- self relative link for the endpoint resource.
- endpoints resource.
- next relative link for the endpoints resource.
- previous relative link for the endpoints resource.
- self relative link for the endpoints resource.
- group object.
- groups object.
- true, the domain is enabled. If
- false, the domain is disabled.
- group resource.
- groups resource.
- policy object.
- policies object.
- policy.json blob
- (type="application/json") is the conventional
- solution. However, you might want to use an alternative policy
- engine that uses a different policy language type. For example,
- type="application/xacml+xml".
- policy resource.
- policies resource.
- policy.json blob
- (type="application/json") is the conventional
- solution. However, you might want to use an alternative policy
- engine that uses a different policy language type. For example,
- type="application/xacml+xml".
- project object.
- projects object.
- true. To disable the project,
- set to false. Default is true.
- true.
- To disable the project and its subtree, set to false.
- Default is true.
- true to define this project as both a project
- and domain. As a domain, the project provides a name space in
- which you can create users, groups, and other projects.
- false to define this project as a regular
- project that contains only resources.
- false.
- true, project is enabled. If set to
- false, project is disabled.
- true, this project acts as both a project
- and domain. As a domain, the project provides a name space in
- which you can create users, groups, and other projects.
- project resource.
- projects resource.
- null,
- the project is a top-level project.
- region object.
- regions object.
- region resource.
- regions resource.
- null.
- role object.
- roles object.
- role resource.
- roles resource.
- service object.
- services object.
- false. The service and its endpoints do not appear
- in the service catalog.
- true. The service and its endpoints appear in the service
- catalog.
- true.
- compute, ec2,
- identity, image, network,
- or volume.
- false. The service and its endpoints do not appear
- in the service catalog.
- true. The service and its endpoints appear in the service
- catalog.
- service resource.
- services resource.
- compute, ec2,
- identity, image, network,
- or volume.
- auth object.
- token.
- password.
- project to scope to a project, by ID
- or name. If you specify the project by name, you must also
- specify the project domain to uniquely identify the
- project. Because a project can have the same name as its
- owning domain, the scope is determined, as follows:
- domain to scope to a domain, by ID
- or name with equivalent results to project scoping. The
- catalog returned from a domain-scoped request contains all
- endpoints of a project-scoped catalog, excluding ones that
- require a project ID as part of their URL.
- unscoped to make an explicit
- unscoped token request, which returns an unscoped response without any
- authorization. This request behaves the same as a token request with no scope
- where the user has no default project defined.
- unscoped token request
- and your role has a default project, the response might return a
- project-scoped token. If a default project is not defined, a token
- is issued without an explicit scope of authorization, which is the
- same as asking for an explicit unscoped token.
- identity object.
- password object.
- password object. The password authentication method
- is used.
- token object. The token authentication method is
- used. This method is typically used in combination with a request
- to change authorization scope.
- token object.
- domain object. Required if you specify a user name.
- id or name to uniquely
- identify the domain.
- domain resource.
- password,
- token, or both methods.
- password.
- Later, if the token is exchanged by using the token authentication
- method one or more times, the subsequently created tokens contain
- both password and token in their
- methods attribute.
- methods
- attribute merely indicates the methods that were used to
- authenticate the user in exchange for a token. The client is
- responsible for determining the total number of authentication
- factors.
- catalog object.
- roles object.
- user resource.
- user object.
- domain object.
- user object.
- users object.
- true. To disable the user,
- set to false. Default is true.
- true. If the
- user is disabled, this value is false.
- user resource.
- users resource.
- group.id={group_id}.
- role.id={role_id}.
- scope.domain.id={domain_id}.
- scope.project.id={project_id}.
- user.id={user_id}.
- effective parameter.
- inherited_to_projects flag in a
- project.
- inherited_to_projects flag in a
- project.
- GET /role_assignments?user.id={user_id}
- lists all role assignments for a
- user.GET
- /role_assignments?scope.project.id={project_id}
- lists all role assignments for a
- project.effective query parameter to list effective
- assignments at the user, project, and domain level. This parameter
- allows for the effects of group membership as well as inheritance
- from the parent domain or project, for role assignments that were
- made using OS-INHERIT assignment APIs.
- effective parameter.
- GET
- /role_assignments?user.id={user_id}&effectiveGET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
- links
- section for entities that are included by virtue of
- group members also contains a url that you can use to
- access the membership of the group.scope.OS-INHERIT:inherited_to query parameter
- to filter the response by inherited role assignments. The
- scope.OS-INHERIT:inherited_to value of
- projects is currently supported. This value indicates
- that this role is inherited to all projects of the owning domain
- or parent project.
- effective query string:
- source. The identity who
- is requesting a ticket.
- destination. The target
- for which the ticket will be valid.
- timestamp. The current
- time stamp from the requester.
- nonce. Random, single-use
- data. See Cryptographic
- nonce.
- Base64encode(HMAC(SigningKey,
- RequestMetadata))
- source from the request
- metadata to look up the associated long-term key
- to use to verify the signature. The KDS should not
- access any other data contained in the request
- metadata before verifying the signature. If the
- KDS fails to verify the signature, it risks
- issuing a ticket to a party who is impersonating
- the source.
- source. The identity who
- requests the ticket.
- destination. The target
- for which the ticket will be valid.
- timestamp. The current
- time stamp from the requester.
- nonce. Random, single-use
- data.
- skey. The newly-generated
- Base64-encoded message signing key.
- ekey. The newly-generated
- Base64-encoded message encryption key.
- esek. Encrypted signing and
- encryption key pair for the receiver.
- esek value. The
- esek value contains a Base64-encoded
- JSON object that contains the following key and
- value pairs:
- key. The Base64-encoded
- random key that is used to generate the signing and
- encryption keys.
- timestamp. The time stamp when the
- key was created.
- ttl. An integer value that
- specifies the validity length of the key,
- in seconds.
- key and timestamp values
- are used as inputs to the HKDF expand
- function to generate the signing and encryption keys,
- as described in the overview on this page.
- timestamp and ttl values
- must equal the expiration time stamp
- value that is contained in the response metadata.
- Base64encode(HMAC(SigningKey,
- RequestMetadata))
- source value from the
- request metadata to look up the associated long-term
- key to use to verify the signature. The KDS should not
- access any other data that is contained in the request
- metadata before verifying the signature. If the KDS
- fails to verify the signature, it risks issuing a
- ticket to a party who is impersonating the source.
- scheduler group implicitly includes any party
- name that starts with scheduler. For example, a
- member named scheduler.host.example.com.
- requested_role_ids=a3b29b,49993e.
- requested_project_id=b9fca3.role objects. Includes
- id, name, and
- links for any roles. Roles define
- which actions users can perform.
- next,
- previous, and self links
- for roles.
- group.id={group_id}.
- role.id={role_id}.
- scope.domain.id={domain_id}.
- scope.project.id={project_id}.
- user.id={user_id}.
- effective parameter.
- GET /role_assignments?scope.project.id={project_id}?include_subtree=trueinclude_subtree=true only in
- combination with scope.project.id. If you do not
- include the project ID, this call returns the Bad Request
- (400) response code.
- access and
- secret keys. This format is required when you
- specify the ec2 type. To specify other credentials,
- such as access_key, change the type and contents of
- the data blob.
- user_id query
- parameter in the URI to filter the response by a user.
- Bad
- Request (400) response code.
- Forbidden (403) response code.
- identity and
- ldap groups.
- identity and
- ldap groups. If you try to set configuration
- options for other groups, this call fails with the
- Forbidden (403) response code.
- identity and
- ldap groups.
- identity and
- ldap groups. For the ldap group, a
- valid value is url or user_tree_dn.
- For the identity group, a valid value is
- driver.
- identity and
- ldap groups. For the ldap group, a
- valid value is url or user_tree_dn.
- For the identity group, a valid value is
- driver.
- identity and
- ldap groups. For the ldap group, a
- valid value is url or user_tree_dn.
- For the identity group, a valid value is
- driver.
- Not Implemented (501)
- response code.
- enabled
- attribute, this call fails and returns the Bad Request
- (400) response code.
- is_domain is set to true,
- this call fails and returns the Forbidden (403)
- response code.
- Not Found (404). The parent
- region ID does not exist.
- Conflict (409). The
- parent region ID would form a circular relationship.
- Conflict (409). The user-defined
- region ID is not unique to the OpenStack deployment.
- Not Found (404). The parent
- region ID does not exist.
- Conflict (409). The region
- cannot be deleted because it has child regions.
- role_assignments object.
- password, and
- the user, by ID or name, and password credentials.
- password authentication method, the credentials,
- and the project or domain
- authorization scope.
- password authentication method, the credentials,
- and the unscoped authorization scope.
- project or
- domain authorization scope.
- X-Auth-Token request header.
- X-Subject-Token
- request header.
- GET /auth/tokens but no
- response body is provided even in the X-Subject-Token
- header.
- POST /auth/tokens
- even if an error occurs because the token is not valid. An
- HTTP 204 response code indicates that the
- X-Subject-Token is valid.
- /auth/tokens
- call except that the X-Subject-Token token is
- immediately not valid, regardless of the expires_at
- attribute value. An additional X-Auth-Token is not
- required.
- Not Implemented (501)
- response code.
- - This is the main index XML Schema document - for Common API Schema Types Version 1.0. -
-- This schema document describes the XML namespace, in a form - suitable for import by other schema documents. -
-- See - http://www.w3.org/XML/1998/namespace.html and - - http://www.w3.org/TR/REC-xml for information - about this namespace. -
-- Note that local names in this namespace are intended to be - defined only by the World Wide Web Consortium or its subgroups. - The names currently defined in this namespace are listed below. - They should not be used with conflicting semantics by any Working - Group, specification, or document instance. -
-- See further below in this document for more information about how to refer to this schema document from your own - XSD schema documents and about the - namespace-versioning policy governing this schema document. -
-- denotes an attribute whose value - is a language code for the natural language of the content of - any element; its value is inherited. This name is reserved - by virtue of its definition in the XML specification.
- -- Attempting to install the relevant ISO 2- and 3-letter - codes as the enumerated possible values is probably never - going to be a realistic possibility. -
-- See BCP 47 at - http://www.rfc-editor.org/rfc/bcp/bcp47.txt - and the IANA language subtag registry at - - http://www.iana.org/assignments/language-subtag-registry - for further information. -
-- The union allows for the 'un-declaration' of xml:lang with - the empty string. -
-- denotes an attribute whose - value is a keyword indicating what whitespace processing - discipline is intended for the content of the element; its - value is inherited. This name is reserved by virtue of its - definition in the XML specification.
- -- denotes an attribute whose value - provides a URI to be used as the base for interpreting any - relative URIs in the scope of the element on which it - appears; its value is inherited. This name is reserved - by virtue of its definition in the XML Base specification.
- -- See http://www.w3.org/TR/xmlbase/ - for information about this attribute. -
-- denotes an attribute whose value - should be interpreted as if declared to be of type ID. - This name is reserved by virtue of its definition in the - xml:id specification.
- -- See http://www.w3.org/TR/xml-id/ - for information about this attribute. -
-- denotes Jon Bosak, the chair of - the original XML Working Group. This name is reserved by - the following decision of the W3C XML Plenary and - XML Coordination groups: -
---- In appreciation for his vision, leadership and - dedication the W3C XML Plenary on this 10th day of - February, 2000, reserves for Jon Bosak in perpetuity - the XML name "xml:Father". -
-
- This schema defines attributes and an attribute group suitable
- for use by schemas wishing to allow xml:base,
- xml:lang, xml:space or
- xml:id attributes on elements they define.
-
- To enable this, such a schema must import this schema for - the XML namespace, e.g. as follows: -
-- <schema . . .> - . . . - <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2001/xml.xsd"/> --
- or -
-- <import namespace="http://www.w3.org/XML/1998/namespace" - schemaLocation="http://www.w3.org/2009/01/xml.xsd"/> --
- Subsequently, qualified reference to any of the attributes or the - group defined below will have the desired effect, e.g. -
-- <type . . .> - . . . - <attributeGroup ref="xml:specialAttrs"/> --
- will define a type which will schema-validate an instance element - with any of those attributes. -
-- In keeping with the XML Schema WG's standard versioning - policy, this schema document will persist at - - http://www.w3.org/2009/01/xml.xsd. -
-- At the date of issue it can also be found at - - http://www.w3.org/2001/xml.xsd. -
-- The schema document at that URI may however change in the future, - in order to remain compatible with the latest version of XML - Schema itself, or with the XML namespace itself. In other words, - if the XML Schema or XML namespaces change, the version of this - document at - http://www.w3.org/2001/xml.xsd - - will change accordingly; the version at - - http://www.w3.org/2009/01/xml.xsd - - will not change. -
-- Previous dated (and unchanging) versions of this schema - document are at: -
- -- Base type for credential in OpenStack Identity. -
-- A list of endpoints. -
-- The OpenStack-registered type (e.g. 'compute', 'object-store', etc). -
-- The service id -
-- An authentication credential. -
-- A list of authentication credentials. -
-- A list of domains. -
-- An ID uniquely identifying the Endpoint. -
-- An internal name for the endPoint. -
-- Public/Internal/Admin -
-- The region of Endpoint Template. -
-- The URL to access represented service. -
-- Service Id whose endpoint is represented. -
-- An Endpoint. -
-- A list of Endpoints. -
-- Base type for an identity entity. -
-- An ID uniquely identifying the entity. This usually comes from the back-end store. - This value is guaranteed to be unique and immutable (it will never change). -
-- The name of the entity -
-- An boolean signifying if the entity is enabled or not. -
-This schema file defines types related to API - extensions.
-A list of supported extensions.
-Details about a specific extension.
-A list of extensions.
-Details about a specific extension.
-A short description of what the extension - does.
-A human readable extension name.
-Extension namespace used for XML - representations.
-A vendor prefix alias used for non-XML - representations.
-The time when the extension was added or - modified.
-
- There should be at least one atom link with a
- describedby relation. This relation
- provides developer info for the extension.
-
Vendor aliases are used to differentiate
- extensions in non-XML representations as well as
- in HTTP headers and in the URL path. An alias is
- made of a vendor prefix, followed be a dash (-)
- followed be a short extension ID. For example:
- RAX-PIE.
- The HTTP status code associated with the current fault. -
-- The HTTP status code associated with the current fault. -
-- The HTTP status code associated with the current fault. -
-- A list of groups. -
-- A container used to group or isolate resources. -
-- A list of projects. -
-- A list of roles. -
-- A role. -
-- A list of Services. -
-- A list of Users. -
-- An Identity User. -
-- This schema file defines all types related to versioning. -
-- This element is returned when the version of the - resource cannot be determined. The element - provides a list of choices for the resource. -
-- Provides a list of supported versions. -
-- This element provides detailed meta information - regarding the status of the current API version. - This is the XSD 1.0 compatible element definition. -
-- This element provides detailed meta information - regarding the status of the current API - version. The description should include a pointer - to both a human readable and a machine processable - description of the API service. -
-Loading...-
- Your browser does not seem to have support for - namespace nodes in XPath. If you're a Firefox - user, please consider voting to get this issue - resolved: - - https://bugzilla.mozilla.org/show_bug.cgi?id=94270 - -
-|
- |
-
-
-
-
-
-
-
- |
-
|
-
-
-
-
-
-
- |
-
| enum values | -|
| - |