remove identity APIs

The Identity APIs will be managed by the keystone team
in the keystone repo.

Change-Id: Ia10ff8e9e29d713c31a8eb1f9bc4d73a9502c34b
This commit is contained in:
Steve Martinelli 2016-07-05 13:34:33 -04:00
parent 67698fd16c
commit 878bd56cad
481 changed files with 2 additions and 47974 deletions

View File

@ -116,28 +116,6 @@
<pdfFilenameBase>api-ref-data-processing-v1.1</pdfFilenameBase> <pdfFilenameBase>api-ref-data-processing-v1.1</pdfFilenameBase>
</configuration> </configuration>
</execution> </execution>
<execution>
<id>os-api-ref-identity-v3</id>
<goals>
<goal>generate-pdf</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes> bk-api-ref-identity-v3.xml </includes>
<pdfFilenameBase>api-ref-identity-v3</pdfFilenameBase>
</configuration>
</execution>
<execution>
<id>os-api-ref-identity-v2</id>
<goals>
<goal>generate-pdf</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes> bk-api-ref-identity-v2.xml </includes>
<pdfFilenameBase>api-ref-identity-v2</pdfFilenameBase>
</configuration>
</execution>
<execution> <execution>
<id>os-api-ref-image-v2</id> <id>os-api-ref-image-v2</id>
<goals> <goals>

View File

@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<book xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:linkend="http://www.w3.org/1999/linkend"
xmlns:xref="http://www.w3.org/1999/xref"
xmlns:wadl="http://wadl.dev.java.net/2009/02"
version="5.0-extension RackBook-2.0" xml:id="api.openstack.org-identity-v2-pdf">
<info>
<title>OpenStack Identity API v2.0 Reference</title>
<titleabbrev>API Reference</titleabbrev>
<author>
<personname>
<firstname/>
<surname/>
</personname>
<affiliation>
<orgname>OpenStack Foundation</orgname>
</affiliation>
</author>
<copyright>
<year>2010-2016</year>
<holder>OpenStack Foundation</holder>
</copyright>
<productname>OpenStack Identity</productname>
<pubdate/>
<legalnotice role="apache2">
<annotation>
<remark>Copyright details are filled in by the
template.</remark>
</annotation>
</legalnotice>
</info>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v2.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-admin-v2.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v2-ext.xml"/>
</book>

View File

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<book xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:linkend="http://www.w3.org/1999/linkend"
xmlns:xref="http://www.w3.org/1999/xref"
xmlns:wadl="http://wadl.dev.java.net/2009/02"
version="5.0-extension RackBook-2.0" xml:id="api.openstack.org-identity-v3-pdf">
<info>
<title>OpenStack Identity API v3 Reference</title>
<titleabbrev>API Reference</titleabbrev>
<author>
<personname>
<firstname/>
<surname/>
</personname>
<affiliation>
<orgname>OpenStack Foundation</orgname>
</affiliation>
</author>
<copyright>
<year>2010-2016</year>
<holder>OpenStack Foundation</holder>
</copyright>
<productname>OpenStack Identity</productname>
<pubdate/>
<legalnotice role="apache2">
<annotation>
<remark>Copyright details are filled in by the
template.</remark>
</annotation>
</legalnotice>
</info>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v3.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v3-ext.xml"/>
</book>

View File

@ -38,11 +38,6 @@
<xi:include href="../../api-ref/src/docbkx/ch_clustering-v1.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_clustering-v1.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_database-v1.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_database-v1.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_data-processing-v1.1.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_data-processing-v1.1.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v3.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v3-ext.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v2.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-admin-v2.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_identity-v2-ext.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_images-v2.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_images-v2.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_images-v1.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_images-v1.xml"/>
<xi:include href="../../api-ref/src/docbkx/ch_networking-v2.xml"/> <xi:include href="../../api-ref/src/docbkx/ch_networking-v2.xml"/>

View File

@ -113,61 +113,6 @@
<pdfFilename>bk-api-ref-database-v1</pdfFilename> <pdfFilename>bk-api-ref-database-v1</pdfFilename>
</configuration> </configuration>
</execution> </execution>
<execution>
<id>os-api-ref-identity-v3</id>
<goals>
<goal>generate-html</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes>api-ref-identity-v3.xml</includes>
<pdfFilename>bk-api-ref-identity-v3</pdfFilename>
</configuration>
</execution>
<execution>
<id>os-api-ref-identity-v3-ext</id>
<goals>
<goal>generate-html</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes>api-ref-identity-v3-ext.xml</includes>
<pdfFilename>bk-api-ref-identity-v3-ext</pdfFilename>
</configuration>
</execution>
<execution>
<id>os-api-ref-identity-v2</id>
<goals>
<goal>generate-html</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes>api-ref-identity-v2.xml</includes>
<pdfFilename>bk-api-ref-identity-v2</pdfFilename>
</configuration>
</execution>
<execution>
<id>os-api-ref-identity-admin-v2</id>
<goals>
<goal>generate-html</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes>api-ref-identity-admin-v2.xml</includes>
<pdfFilename>bk-api-ref-identity-admin-v2</pdfFilename>
</configuration>
</execution>
<execution>
<id>os-api-ref-identity-v2-ext</id>
<goals>
<goal>generate-html</goal>
</goals>
<phase>generate-sources</phase>
<configuration>
<includes>api-ref-identity-v2-ext.xml</includes>
<pdfFilename>bk-api-ref-identity-v2-ext</pdfFilename>
</configuration>
</execution>
<execution> <execution>
<id>os-api-ref-image-v2</id> <id>os-api-ref-image-v2</id>
<goals> <goals>

View File

@ -1,10 +0,0 @@
.. -*- rst -*-
==========
Extensions
==========
For information about Identity API v2.0 extensions, see `Extensions
<http://developer.openstack.org/api-ref-identity-v2.html#identity-
api-extensions>`_.

View File

@ -1,175 +0,0 @@
.. -*- rst -*-
=======
Tenants
=======
Show tenant details, by ID
==========================
.. rest_method:: GET /v2.0/tenants/{tenantId}
Shows details for a tenant, by ID.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- tenantId: tenantId
Response Example
----------------
.. literalinclude:: ../samples/admin/tenant-show-response.json
:language: javascript
List roles for user
===================
.. rest_method:: GET /v2.0/tenants/{tenantId}/users/{userId}/roles
Lists roles for a user on a tenant. Excludes global roles.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- userId: userId
- tenantId: tenantId
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- roles_links: roles_links
- roles: roles
- description: description
- name: name
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/roles-list-response.json
:language: javascript
List tenants
============
.. rest_method:: GET /v2.0/tenants
Lists all tenants.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/admin/tenants-list-response.json
:language: javascript
Show tenant details, by name
============================
.. rest_method:: GET /v2.0/tenants
Shows details for a tenant, by name.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/tenant-show-response.json
:language: javascript

View File

@ -1,255 +0,0 @@
.. -*- rst -*-
======
Tokens
======
List endoints for token
=======================
.. rest_method:: GET /v2.0/tokens/{tokenId}/endpoints
Lists the endpoints associated with a token.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- tokenId: tokenId
Response Example
----------------
.. literalinclude:: ../samples/admin/endpoints-list-response.json
:language: javascript
Authenticate for admin API
==========================
.. rest_method:: POST /v2.0/tokens
Authenticates and generates a token.
A REST interface provides client authentication by using the POST
method with ``v2.0/tokens`` as the path. Include a payload of
credentials in the body.
The Identity API is a RESTful web service. It is the entry point to
all service APIs. To access the Identity API, you must know its
URL.
Each REST request against the Identity Service requires the ``X
-Auth-Token`` header. Clients obtain this token and the URL
endpoints for other service APIs by supplying their valid
credentials to the authentication service.
If the authentication token has expired, this call returns the HTTP
``unauthorized (401)`` response code.
If the token has expired, this call returns the ``itemNotFound
(404)`` response code.
The Identity API treats expired tokens as no longer valid tokens.
The deployment determines how long expired tokens are stored.
To view the ``trust`` object, you need to set ``trust`` enable on
the keystone configuration.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/admin/authenticate-token-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- impersonation: impersonation
- endpoints_links: endpoints_links
- serviceCatalog: serviceCatalog
- description: description
- type: type
- expires: expires
- enabled: enabled
- name: name
- access: access
- trustee_user_id: trustee_user_id
- token: token
- user: user
- issued_at: issued_at
- trustor_user_id: trustor_user_id
- endpoints: endpoints
- trust: trust
- id: id
- tenant: tenant
- metadata: metadata
Response Example
----------------
.. literalinclude:: ../samples/admin/authenticate-response.json
:language: javascript
Validate token
==============
.. rest_method:: GET /v2.0/tokens/{tokenId}
Validates a token and confirms that it belongs to a tenant.
Returns the permissions relevant to a particular client. Valid
tokens are in the ``/tokens/{tokenId}`` path. If the token is not
valid, this call returns the ``itemNotFound (404)`` response code.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- tokenId: tokenId
Response Example
----------------
.. literalinclude:: ../samples/admin/token-validate-response.json
:language: javascript
Validate token (admin)
======================
.. rest_method:: HEAD /v2.0/tokens/{tokenId}
Validates a token and confirms that it belongs to a tenant, for performance.
Normal response codes: 200
Error response codes:203,204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- tokenId: tokenId
Response Example
----------------
.. literalinclude::
:language: javascript
Delete token
============
.. rest_method:: DELETE /v2.0/tokens/{tokenId}
Deletes a token.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- tokenId: tokenId

View File

@ -1,313 +0,0 @@
.. -*- rst -*-
=====
Users
=====
List user global roles
======================
.. rest_method:: GET /v2.0/users/{userId}/roles
Lists global roles for a user. Excludes tenant roles.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- userId: userId
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- roles_links: roles_links
- roles: roles
- description: description
- name: name
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/roles-list-response.json
:language: javascript
Create user
===========
.. rest_method:: POST /v2.0/users
Creates a user.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- tenantId: tenantId
- password: password
- enabled: enabled
- email: email
- name: name
- X-Auth-Token: X-Auth-Token
Request Example
---------------
.. literalinclude:: ../samples/admin/user-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- username: username
- enabled: enabled
- email: email
- name: name
- id: id
List users
==========
.. rest_method:: GET /v2.0/users
Lists all users.
To show detailed information about a user by name, include the
``name`` query parameter in the request.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- username: username
- users: users
- enabled: enabled
- id: id
- email: email
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/user-show-response.json
:language: javascript
Update user
===========
.. rest_method:: PUT /v2.0/users/{userId}
Updates a user.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- username: username
- enabled: enabled
- email: email
- name: name
- userId: userId
Request Example
---------------
.. literalinclude:: ../samples/admin/user-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- enabled: enabled
- email: email
- name: name
- id: id
Delete user
===========
.. rest_method:: DELETE /v2.0/users/{userId}
Deletes a user.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- userId: userId
Show user details
=================
.. rest_method:: GET /v2.0/users/{userId}
Shows details for a user, by ID.
The `openstack user show <http://docs.openstack.org/cli-
reference/openstack.html#openstack-user-show>`_ command supports
showing user details by name or ID. However, the command actually
looks up the user ID for a user name and queries the user by ID.
As a workaround, complete these steps to show details for a user by
name:
- `List all users <http://developer.openstack.org/api-ref-identity-
admin-v2.html#admin-listUsers>`_.
- In the response, find the user name for which you want to show
details and note its corresponding user ID.
- `Show details for user <http://developer.openstack.org/api-ref-
identity-admin-v2.html#admin-showUser>`_.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- userId: userId
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- username: username
- enabled: enabled
- email: email
- name: name
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/user-show-response.json
:language: javascript

View File

@ -1,53 +0,0 @@
.. -*- rst -*-
========
Versions
========
Get version details
===================
.. rest_method:: GET /v2.0
Gets detailed information about a version of the Identity API.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- location: location
Response Example
----------------
.. literalinclude:: ../samples/admin/version-show-response.json
:language: javascript

View File

@ -1,258 +0,0 @@
# variables in header
X-Auth-Token:
description: |
A valid authentication token for an
administrative user.
in: header
required: true
type: string
# variables in path
tenantId_1:
description: |
The tenant ID.
in: path
required: false
type: string
tokenId:
description: |
The authentication token for which to perform the
operation.
in: path
required: false
type: string
userId:
description: |
The user ID.
in: path
required: false
type: string
# variables in query
name_2:
description: |
Filters the response by a tenant name.
in: query
required: true
type: string
# variables in body
access:
description: |
An ``access`` object.
in: body
required: true
type: string
description:
description: |
The description of the tenant. If not set, this
value is ``null``.
in: body
required: true
type: string
email:
description: |
The user email.
in: body
required: false
type: string
email_1:
description: |
The user email.
in: body
required: true
type: string
enabled:
description: |
Indicates whether the tenant is enabled or
disabled.
in: body
required: true
type: boolean
enabled_1:
description: |
Indicates whether the user is enabled (``true``)
or disabled (``false``). Default is ``true``.
in: body
required: false
type: boolean
enabled_2:
description: |
Indicates whether the user is enabled (``true``)
or disabled(``false``). The default value is ``true``.
in: body
required: true
type: boolean
endpoints:
description: |
One or more ``endpoints`` objects. Each object
shows the ``adminURL``, ``region``, ``internalURL``, ``id``, and
``publicURL`` for the endpoint.
in: body
required: true
type: string
endpoints_links:
description: |
Links for the endpoint.
in: body
required: true
type: string
expires:
description: |
The date and time when the token expires.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
A ``null`` value indicates that the token never expires.
in: body
required: true
type: string
id:
description: |
The ID of the trust.
in: body
required: false
type: string
id_1:
description: |
The user ID.
in: body
required: true
type: string
impersonation:
description: |
The impersonation flag.
in: body
required: false
type: string
issued_at:
description: |
The date and time when the token was issued.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
in: body
required: true
type: string
location:
format: uri
in: body
required: true
type: string
metadata:
description: |
A ``metadata`` object.
in: body
required: true
type: string
name:
description: |
Endpoint name.
in: body
required: true
type: string
name_1:
description: |
The user name.
in: body
required: true
type: string
password:
description: |
The user password.
in: body
required: false
type: string
serviceCatalog:
description: |
A ``serviceCatalog`` object.
in: body
required: true
type: string
tenant:
description: |
A ``tenant`` object.
in: body
required: true
type: string
tenantId:
description: |
The tenant ID.
in: body
required: false
type: string
token:
description: |
A ``token`` object.
in: body
required: true
type: string
trust:
description: |
A ``trust`` object.
in: body
required: false
type: string
trustee_user_id:
description: |
The trustee user ID.
in: body
required: false
type: string
trustor_user_id:
description: |
The trustor user ID.
in: body
required: false
type: string
type:
description: |
Endpoint type.
in: body
required: true
type: string
user:
description: |
A ``user`` object, which shows the ``username``,
``roles_links``, ``id``, ``roles``, and ``name``.
in: body
required: true
type: string
username:
description: |
The user name of the user.
in: body
required: true
type: string
username_1:
description: |
The username of user.
in: body
required: true
type: string
users:
description: |
One or more ``user`` objects.
in: body
required: true
type: array

File diff suppressed because it is too large Load Diff

View File

@ -1,357 +0,0 @@
.. -*- rst -*-
============================
OS-KSCATALOG admin extension
============================
Supports CRUD operations for endpoint templates and endpoints.
Requires administrator privileges.
Update endpoint template
========================
.. rest_method:: PUT /v2.0/OS-KSCATALOG/endpointTemplates/{endpointTemplateId}
Updates endpoint template.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- endpointTemplateId: endpointTemplateId
Request Example
---------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplate-create-request.json
:language: javascript
Response Example
----------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplate-show-response.json
:language: javascript
Delete endpoint template.
=========================
.. rest_method:: DELETE /v2.0/OS-KSCATALOG/endpointTemplates/{endpointTemplateId}
Deletes an endpoint template.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- endpointTemplateId: endpointTemplateId
Create endpoint
===============
.. rest_method:: POST /v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints
Creates endpoint to a tenant.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplateWithOnlyId-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- Location: Location
List endpoints
==============
.. rest_method:: GET /v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints
Lists endpoints for a tenant.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpoints-list-response.json
:language: javascript
Get endpoint
============
.. rest_method:: GET /v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints
Gets endpoint for a tenant.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpoint-show-response.json
:language: javascript
List endpoint templates
=======================
.. rest_method:: GET /v2.0/OS-KSCATALOG/endpointTemplates
Lists endpoint templates.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplates-list-response.json
:language: javascript
Get endpoint template
=====================
.. rest_method:: GET /v2.0/OS-KSCATALOG/endpointTemplates
Gets endpoint templates.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplate-show-response.json
:language: javascript
Create endpoint template
========================
.. rest_method:: POST /v2.0/OS-KSCATALOG/endpointTemplates
Creates endpoint template.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSCATALOG/endpointTemplate-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- Location: Location
Delete endpoint
===============
.. rest_method:: DELETE /v2.0/tenants/{tenantId}/OS-KSCATALOG/endpoints/{endpointId}
Deletes an endpoint from a tenant.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml

View File

@ -1,236 +0,0 @@
.. -*- rst -*-
========================
OS-KSEC2 admin extension
========================
Supports Amazon Elastic Compute (EC2) style authentication.
Grant credential to user
========================
.. rest_method:: POST /v2.0/users/{userId}/OS-KSADM/credentials
Grants a credential to a user.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSEC2/ec2Credentials-create-request.json
:language: javascript
List credentials
================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSADM/credentials
Lists credentials.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSEC2/credentialswithec2-list-response.json
:language: javascript
Update user credentials
=======================
.. rest_method:: POST /v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials
Updates credentials for a user.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSEC2/ec2Credentials-create-request.json
:language: javascript
Response Example
----------------
.. literalinclude:: ../samples/OS-KSEC2/ec2Credentials-show-response.json
:language: javascript
Delete user credentials
=======================
.. rest_method:: DELETE /v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials
Deletes user credentials.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Get user credentials
====================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials
Gets user credentials.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSEC2/ec2Credentials-show-response.json
:language: javascript
List credentials by type
========================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSADM/credentials/OS-KSEC2:ec2Credentials/{type}
Lists credentials by type.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- type: type
Response Example
----------------
.. literalinclude:: ../samples/OS-KSADM/credentials-show-response.json
:language: javascript

View File

@ -1,235 +0,0 @@
.. -*- rst -*-
=======================
OS-KSS3 admin extension
=======================
List credentials by type
========================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSS3/credentials/s3credentials/{type}
Lists credentials by type.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSS3/credentialswiths3-list-response.json
:language: javascript
Update user credentials
=======================
.. rest_method:: POST /v2.0/users/{userId}/OS-KSS3/credentials/s3credentials
Updates credentials.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSS3/s3Credentials-create-request.json
:language: javascript
Response Example
----------------
.. literalinclude:: ../samples/OS-KSS3/s3Credentials-show-response.json
:language: javascript
Revoke user credentials
=======================
.. rest_method:: DELETE /v2.0/users/{userId}/OS-KSS3/credentials/s3credentials
Revokes user credentials.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Get user credentials
====================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSS3/credentials/s3credentials
Gets user credentials.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSS3/s3Credentials-show-response.json
:language: javascript
Grant credential to user
========================
.. rest_method:: POST /v2.0/users/{userId}/OS-KSS3/credentials
Grants a credential to a user.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-KSS3/s3Credentials-create-request.json
:language: javascript
List credentials
================
.. rest_method:: GET /v2.0/users/{userId}/OS-KSS3/credentials
Lists credentials.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSS3/credentialswiths3-list-response.json
:language: javascript

View File

@ -1,140 +0,0 @@
.. -*- rst -*-
=============================
OS-KSVALIDATE admin extension
=============================
List endpoints for token
========================
.. rest_method:: GET /v2.0/OS-KSVALIDATE/token/endpoints
Lists endpoints for a token.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSVALIDATE/endpoints-list-response.json
:language: javascript
Validate token
==============
.. rest_method:: GET /v2.0/OS-KSVALIDATE/token/validate
Checks that a token is valid and that it belongs to the tenant and any service IDs. Returns the permissions for a particular client.
Behavior is similar to ``/tokens/{tokenId}``. If the token is not
valid, the call returns the ``itemNotFound (404)`` response code.
This extension might decrypt the ``X-Subject-Token`` header and
internally call and pass in all headers and query parameters to the
normal validation code for Identity. Consequently, this extension
must support all existing ``/tokens/{tokenId}`` calls including
extensions such as HP-IDM.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-KSVALIDATE/token-validate-response.json
:language: javascript
Check token
===========
.. rest_method:: HEAD /v2.0/OS-KSVALIDATE/token/validate
Checks that a token is valid and that it belongs to the tenant and any service IDs, for performance.
Behavior is similar to ``/tokens/{tokenId}``. If the token is not
valid, the call returns the ``itemNotFound (404)`` response code.
This extension might decrypt the ``X-Subject-Token`` header and
internally call and pass in all headers and query parameters to the
normal validation code for Identity. Consequently, this extension
must support all existing ``/tokens/{tokenId}`` calls including
extensions such as HP-IDM.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude::
:language: javascript

View File

@ -1,167 +0,0 @@
# variables in header
Location:
format: uri
in: header
required: false
type: string
Location_1:
description: |
The location.
format: uri
in: header
required: false
type: string
# variables in path
endpointTemplateId:
description: |
The endpoint template ID.
in: path
required: false
type: string
roleId:
description: |
The role ID.
in: path
required: false
type: string
serviceId:
description: |
The service ID.
in: path
required: false
type: string
tenantId:
description: |
The tenant ID.
in: path
required: false
type: string
type_1:
description: |
The credential type.
in: path
required: false
type: string
userId:
description: |
The user ID.
in: path
required: false
type: string
# variables in query
{}
# variables in body
description:
description: |
Description about the service.
in: body
required: true
type: string
description_1:
description: |
Description about the tenant.
in: body
required: true
type: string
description_2:
description: |
The role description.
in: body
required: true
type: string
email:
description: |
The user email.
in: body
required: true
type: string
enabled:
description: |
Indicates whether the tenant is enabled or
disabled. Default is ``true``.
in: body
required: true
type: boolean
enabled_1:
description: |
Indicates whether the user is enabled (``true``)
or disabled(``false``). The default value is ``true``.
in: body
required: true
type: boolean
id:
description: |
The UUID of the service.
in: body
required: true
type: string
id_1:
description: |
The tenant ID.
in: body
required: true
type: string
id_2:
description: |
The user ID.
in: body
required: true
type: string
id_3:
description: |
The role ID.
in: body
required: true
type: integer
name:
description: |
The service name.
in: body
required: true
type: string
name_1:
description: |
The tenant name.
in: body
required: true
type: string
name_2:
description: |
The user name.
in: body
required: true
type: string
name_3:
description: |
The role name.
in: body
required: true
type: string
roles:
description: |
A ``roles`` object.
in: body
required: true
type: string
roles_links:
description: |
Role links.
in: body
required: true
type: object
type:
description: |
The type of the service.
in: body
required: true
type: string
users:
description: |
The ``users`` object.
in: body
required: true
type: array

View File

@ -1,107 +0,0 @@
.. -*- rst -*-
==========
Extensions
==========
Show extension details
======================
.. rest_method:: GET /v2.0/extensions/{alias}
Shows details for an extension, by alias.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- alias: alias
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- x-openstack-request-id: x-openstack-request-id
- alias: alias
- updated: updated
- description: description
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/extension-show-response.json
:language: javascript
List extensions
===============
.. rest_method:: GET /v2.0/extensions
Lists available extensions.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- x-openstack-request-id: x-openstack-request-id
- alias: alias
- updated: updated
- description: description
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/extensions-list-response.json
:language: javascript

View File

@ -1,160 +0,0 @@
.. -*- rst -*-
==================
Tokens and tenants
==================
List tenants
============
.. rest_method:: GET /v2.0/tenants
Lists tenants to which the token has access.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- description: description
- tenants_links: tenants_links
- enabled: enabled
- tenants: tenants
- id: id
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/tenants-list-response.json
:language: javascript
Authenticate
============
.. rest_method:: POST /v2.0/tokens
Authenticates and generates a token.
The Identity API is a RESTful web service. It is the entry point to
all service APIs. To access the Identity API, you must know its
URL.
Each REST request against Identity requires the X-Auth-Token
header. Clients obtain this token, along with the URL to other
service APIs, by first authenticating against Identity with valid
credentials.
To authenticate, you must provide either a user ID and password or
a token.
If the authentication token has expired, this call returns the HTTP
``401`` status code.
If the token has expired, this call returns the HTTP ``404`` status
code.
The Identity API treats expired tokens as no longer valid tokens.
The deployment determines how long expired tokens are stored.
To view the ``trust`` object, you need to set ``trust`` enable on
the keystone configuration.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- username: username
- passwordCredentials: passwordCredentials
- tenantId: tenantId
- token: token
- tenantName: tenantName
- password: password
- id: id
Request Example
---------------
.. literalinclude:: ../samples/admin/authenticate-token-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- impersonation: impersonation
- endpoints_links: endpoints_links
- serviceCatalog: serviceCatalog
- description: description
- type: type
- expires: expires
- enabled: enabled
- name: name
- access: access
- trustee_user_id: trustee_user_id
- token: token
- user: user
- issued_at: issued_at
- trustor_user_id: trustor_user_id
- endpoints: endpoints
- trust: trust
- id: id
- tenant: tenant
- metadata: metadata
Response Example
----------------
.. literalinclude:: ../samples/client/authenticate-response.json
:language: javascript

View File

@ -1,271 +0,0 @@
# variables in header
x-openstack-request-id:
description: |
A unique request ID that provides tracking for
the request. Provider must configure middleware to return a
request ID header in a response.
in: header
required: false
type: string
# variables in path
alias_1:
description: |
An alias for the extension name. For example,
``os-server-external- events``.
in: path
required: false
type: string
# variables in query
{}
# variables in body
access:
description: |
An ``access`` object.
in: body
required: true
type: object
alias:
description: |
The alias for the extension. For example,
"FOXNSOX", "os- availability-zone", "os-extended-quotas", "os-
share-unmanage" or "os-used-limits."
in: body
required: true
type: string
description:
description: |
The description of the tenant. If not set, this
value is ``null``.
in: body
required: true
type: string
description_1:
description: |
The extension description.
in: body
required: true
type: string
description_2:
description: |
Description about the tenant.
in: body
required: true
type: string
enabled:
description: |
Indicates whether the tenant is enabled or
disabled.
in: body
required: true
type: boolean
endpoints:
description: |
One or more ``endpoints`` objects. Each object
shows the ``adminURL``, ``region``, ``internalURL``, ``id``, and
``publicURL`` for the endpoint.
in: body
required: true
type: array
endpoints_links:
description: |
Links for the endpoint.
in: body
required: true
type: array
expires:
description: |
The date and time when the token expires.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
A ``null`` value indicates that the token never expires.
in: body
required: true
type: string
id:
description: |
The token ID. This field is required in the
``token`` object.
in: body
required: false
type: string
id_1:
description: |
The tenant ID.
in: body
required: true
type: string
impersonation:
description: |
The impersonation flag.
in: body
required: false
type: boolean
issued_at:
description: |
The date and time when the token was issued.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
For example, ``2015-08-27T09:49:58-05:00``.
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC. In the previous example, the offset value is ``-05:00``.
in: body
required: true
type: string
metadata:
description: |
A ``metadata`` object.
in: body
required: true
type: object
name:
description: |
Endpoint name.
in: body
required: true
type: string
name_1:
description: |
The name of the extension. For example, "Fox In
Socks."
in: body
required: true
type: string
name_2:
description: |
The tenant name.
in: body
required: true
type: string
password:
description: |
The password of the user. Required if you include
the ``passwordCredentials`` object. Otherwise, you must provide a
token.
in: body
required: false
type: string
passwordCredentials:
description: |
A ``passwordCredentials`` object. To
authenticate, you must provide either a user ID and password or a
token.
in: body
required: false
type: string
serviceCatalog:
description: |
List of ``serviceCatalog`` objects.
in: body
required: true
type: array
tenant:
description: |
A ``tenant`` object.
in: body
required: true
type: object
tenantId:
description: |
The tenant ID. Both the ``tenantId`` and
``tenantName`` attributes are optional and mutually exclusive. If
you specify both attributes, the server returns the ``Bad Request
(400)`` response code.
in: body
required: false
type: string
tenantName:
description: |
The tenant name. Both the ``tenantId`` and
``tenantName`` attributes are optional and mutually exclusive. If
you specify both attributes, the server returns the ``Bad Request
(400)`` response code.
in: body
required: false
type: string
tenants:
description: |
One or more tenant Objects.
in: body
required: true
type: array
tenants_links:
description: |
Links of the tenants.
in: body
required: true
type: array
token:
description: |
A ``token`` object. Required if you do not
provide a password credential.
in: body
required: false
type: object
trust:
description: |
A ``trust`` object.
in: body
required: false
type: object
trustee_user_id:
description: |
The trustee user ID.
in: body
required: false
type: string
trustor_user_id:
description: |
The trustor user ID.
in: body
required: false
type: string
type:
description: |
Endpoint type.
in: body
required: true
type: string
updated:
description: |
The date and time stamp when the extension was
last updated.
in: body
required: true
type: string
user:
description: |
A ``user`` object, which shows the ``username``,
``roles_links``, ``id``, ``roles``, and ``name``.
in: body
required: true
type: object
username:
description: |
The user name. Required if you include the
``passwordCredentials`` object. Otherwise, you must provide a
token.
in: body
required: false
type: string

View File

@ -1,11 +0,0 @@
{
"credentials": [
{
"passwordCredentials": {
"username": "test_user",
"password": "secretsecret"
}
}
],
"credentials_links": []
}

View File

@ -1,7 +0,0 @@
{
"role": {
"id": "123",
"name": "Guest",
"description": "Guest Access"
}
}

View File

@ -1,7 +0,0 @@
{
"role": {
"id": "123",
"name": "Guest",
"description": "Guest Access"
}
}

View File

@ -1,10 +0,0 @@
{
"roles": [
{
"id": "123",
"name": "compute:admin",
"description": "Nova Administrator"
}
],
"roles_links": []
}

View File

@ -1,8 +0,0 @@
{
"OS-KSADM:service": {
"id": "123",
"name": "nova",
"type": "compute",
"description": "OpenStack Compute Service"
}
}

View File

@ -1,8 +0,0 @@
{
"OS-KSADM:service": {
"id": "123",
"name": "nova",
"type": "compute",
"description": "OpenStack Compute Service"
}
}

View File

@ -1,17 +0,0 @@
{
"OS-KSADM:services": [
{
"id": "123",
"name": "nova",
"type": "compute",
"description": "OpenStack Compute Service"
},
{
"id": "234",
"name": "glance",
"type": "image",
"description": "OpenStack Image Service"
}
],
"OS-KSADM:services_links": []
}

View File

@ -1,8 +0,0 @@
{
"tenant": {
"id": "1234",
"name": "ACME corp",
"description": "A description ...",
"enabled": true
}
}

View File

@ -1,8 +0,0 @@
{
"tenant": {
"id": "1234",
"name": "ACME corp",
"description": "A description ...",
"enabled": true
}
}

View File

@ -1,7 +0,0 @@
{
"tenant": {
"name": "ACME corp",
"description": "A description ...",
"enabled": true
}
}

View File

@ -1,12 +0,0 @@
{
"roles": [
{
"id": "8341d3603a1d4d5985bff09f10704d4d",
"name": "service"
},
{
"id": "2e66d57df76946fdbe034bc4da6fdec0",
"name": "admin"
}
]
}

View File

@ -1,8 +0,0 @@
{
"user": {
"id": "u1000",
"name": "jqsmith",
"email": "john.smith@example.org",
"enabled": true
}
}

View File

@ -1,8 +0,0 @@
{
"user": {
"id": "u1000",
"name": "jqsmith",
"email": "john.smith@example.org",
"enabled": true
}
}

View File

@ -1,17 +0,0 @@
{
"users": [
{
"id": "u1000",
"name": "jqsmith",
"email": "john.smith@example.org",
"enabled": true
},
{
"id": "u1001",
"name": "jqsmith",
"email": "john.smith@example.org",
"enabled": true
}
],
"users_links": []
}

View File

@ -1,5 +0,0 @@
{
"user": {
"enabled": true
}
}

View File

@ -1,5 +0,0 @@
{
"user": {
"enabled": true
}
}

View File

@ -1,8 +0,0 @@
{
"user": {
"name": "jqsmith",
"email": "john.smith@example.org",
"enabled": true,
"OS-KSADM:password": "secretsecret"
}
}

View File

@ -1,11 +0,0 @@
{
"endpoint": {
"id": 1,
"tenantId": 1,
"region": "North",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
}
}

View File

@ -1,14 +0,0 @@
{
"OS-KSCATALOG:endpointTemplate": {
"id": 1,
"region": "North",
"global": true,
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"versionId": "1",
"versionInfo": "https://compute.north.public.com/v1/",
"versionList": "https://compute.north.public.com/",
"enabled": true
}
}

View File

@ -1,11 +0,0 @@
{
"OS-KSCATALOG:endpointTemplate": {
"id": 1,
"region": "North",
"global": true,
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"enabled": true
}
}

View File

@ -1,5 +0,0 @@
{
"OS-KSCATALOG:endpointTemplate": {
"id": 1
}
}

View File

@ -1,44 +0,0 @@
{
"OS-KSCATALOG:endpointsTemplates": [
{
"id": 1,
"region": "North",
"global": true,
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"enabled": true
},
{
"id": 2,
"region": "South",
"type": "compute",
"publicURL": "https://compute.south.public.com/v1",
"internalURL": "https://compute.south.internal.com/v1",
"enabled": false
},
{
"id": 3,
"region": "North",
"global": true,
"type": "object-store",
"publicURL": "https://object-store.north.public.com/v1.0",
"enabled": true
},
{
"id": 4,
"region": "South",
"type": "object-store",
"publicURL": "https://object-store.south.public.com/v2",
"enabled": true
},
{
"id": 5,
"global": true,
"type": "OS-DNS:DNS",
"publicURL": "https://dns.public.com/v3.2",
"enabled": true
}
],
"OS-KSCATALOG:endpointsTemplates_links": []
}

View File

@ -1,50 +0,0 @@
{
"endpoints": [
{
"id": 1,
"tenantId": "1",
"region": "North",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 2,
"tenantId": "1",
"region": "South",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 3,
"tenantId": "1",
"region": "East",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 4,
"tenantId": "1",
"region": "West",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 5,
"tenantId": "1",
"region": "Global",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
}
],
"endpoints_links": []
}

View File

@ -1,18 +0,0 @@
{
"credentials": [
{
"passwordCredentials": {
"username": "test_user",
"password": "secretsecret"
}
},
{
"OS-KSEC2-ec2Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}
],
"credentials_links": []
}

View File

@ -1,7 +0,0 @@
{
"OS-KSEC2-ec2Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}

View File

@ -1,7 +0,0 @@
{
"OS-KSEC2-ec2Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}

View File

@ -1,18 +0,0 @@
{
"credentials": [
{
"passwordCredentials": {
"username": "test_user",
"password": "secretsecret"
}
},
{
"OS-KSS3:s3Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}
],
"credentials_links": []
}

View File

@ -1,7 +0,0 @@
{
"OS-KSS3:s3Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}

View File

@ -1,7 +0,0 @@
{
"OS-KSS3:s3Credentials": {
"username": "test_user",
"secret": "secretsecret",
"signature": "bbb"
}
}

View File

@ -1,50 +0,0 @@
{
"endpoints": [
{
"id": 1,
"tenantId": "1",
"region": "North",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 2,
"tenantId": "1",
"region": "South",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 3,
"tenantId": "1",
"region": "East",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 4,
"tenantId": "1",
"region": "West",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
},
{
"id": 5,
"tenantId": "1",
"region": "Global",
"type": "compute",
"publicURL": "https://compute.north.public.com/v1",
"internalURL": "https://compute.north.internal.com/v1",
"adminURL": "https://compute.north.internal.com/v1"
}
],
"endpoints_links": []
}

View File

@ -1,28 +0,0 @@
{
"access": {
"token": {
"id": "ab48a9efdfedb23ty3494",
"expires": "2010-11-01T03:32:15-05:00",
"tenant": {
"id": "345",
"name": "My Project"
}
},
"user": {
"id": "123",
"name": "jqsmith",
"roles": [
{
"id": "234",
"name": "compute:admin"
},
{
"id": "234",
"name": "object-store:admin",
"tenantId": "1"
}
],
"roles_links": []
}
}
}

View File

@ -1,6 +0,0 @@
{
"user": {
"password": "old_secretsecret",
"original_password": "secretsecret"
}
}

View File

@ -1,9 +0,0 @@
{
"auth": {
"tenantName": "admin",
"passwordCredentials": {
"username": "admin",
"password": "secretsecret"
}
}
}

View File

@ -1,184 +0,0 @@
{
"access": {
"token": {
"issued_at": "2014-01-30T17:09:57.647795",
"expires": "2014-01-31T17:09:57Z",
"id": "admin_id",
"tenant": {
"description": null,
"enabled": true,
"id": "73f0aa26640f4971864919d0eb0f0880",
"name": "admin"
}
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
"id": "2dad48f09e2a447a9bf852bcd93548ef",
"publicURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880"
}
],
"endpoints_links": [],
"type": "compute",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9696/",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9696/",
"id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
"publicURL": "http://23.253.72.207:9696/"
}
],
"endpoints_links": [],
"type": "network",
"name": "neutron"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
"id": "93f86dfcbba143a39a33d0c2cd424870",
"publicURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880"
}
],
"endpoints_links": [],
"type": "volumev2",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v3",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v3",
"id": "3eb274b12b1d47b2abc536038d87339e",
"publicURL": "http://23.253.72.207:8774/v3"
}
],
"endpoints_links": [],
"type": "computev3",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:3333",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:3333",
"id": "957f1e54afc64d33a62099faa5e980a2",
"publicURL": "http://23.253.72.207:3333"
}
],
"endpoints_links": [],
"type": "s3",
"name": "s3"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9292",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9292",
"id": "27d5749f36864c7d96bebf84a5ec9767",
"publicURL": "http://23.253.72.207:9292"
}
],
"endpoints_links": [],
"type": "image",
"name": "glance"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
"id": "37c83a2157f944f1972e74658aa0b139",
"publicURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880"
}
],
"endpoints_links": [],
"type": "volume",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8773/services/Admin",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8773/services/Cloud",
"id": "289b59289d6048e2912b327e5d3240ca",
"publicURL": "http://23.253.72.207:8773/services/Cloud"
}
],
"endpoints_links": [],
"type": "ec2",
"name": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8080",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880",
"id": "16b76b5e5b7d48039a6e4cc3129545f3",
"publicURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880"
}
],
"endpoints_links": [],
"type": "object-store",
"name": "swift"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:35357/v2.0",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:5000/v2.0",
"id": "26af053673df4ef3a2340c4239e21ea2",
"publicURL": "http://23.253.72.207:5000/v2.0"
}
],
"endpoints_links": [],
"type": "identity",
"name": "keystone"
}
],
"user": {
"username": "admin",
"roles_links": [],
"id": "1f568815cb8148688e6ee9b2f7527dcc",
"roles": [
{
"name": "service"
},
{
"name": "admin"
}
],
"name": "admin"
},
"metadata": {
"is_admin": 0,
"roles": [
"8341d3603a1d4d5985bff09f10704d4d",
"2e66d57df76946fdbe034bc4da6fdec0"
]
},
"trust": {
"id": "394998fa61f14736b1f0c1f322882949",
"trustee_user_id": "269348fdd9374b8885da1418e0730af1",
"trustor_user_id": "3ec3164f750146be97f21559ee4d9c51",
"impersonation": false
}
}
}

View File

@ -1,8 +0,0 @@
{
"auth": {
"tenantName": "demo",
"token": {
"id": "cbc36478b0bd8e67e89469c7749d4127"
}
}
}

View File

@ -1,122 +0,0 @@
{
"endpoints_links": [],
"endpoints": [
{
"name": "nova",
"adminURL": "https://nova.region-one.internal.com/v2/be1319401cfa4a0aa590b97cc7b64d8d",
"region": "RegionOne",
"internalURL": "https://nova.region-one.internal.com/v2/be1319401cfa4a0aa590b97cc7b64d8d",
"type": "compute",
"id": "11b41ee1b00841128b7333d4bf1a6140",
"publicURL": "https://nova.region-one.public.com/v2/be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "neutron",
"adminURL": "https://neutron.region-one.internal.com/",
"region": "RegionOne",
"internalURL": "https://neutron.region-one.internal.com/",
"type": "network",
"id": "cdbfa3c416d741a9b5c968f2dc628acb",
"publicURL": "https://neutron.region-one.public.com/"
},
{
"name": "cinderv2",
"adminURL": "https://cinderv2.region-one.internal.com/v2/be1319401cfa4a0aa590b97cc7b64d8d",
"region": "RegionOne",
"internalURL": "https://cinderv2.region-one.internal.com/v2/be1319401cfa4a0aa590b97cc7b64d8d",
"type": "cinderv2v2",
"id": "6de282e4132747ecb48f6fd8c525c6f6",
"publicURL": "https://cinderv2.region-one.public.com/v2/be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "trove",
"adminURL": "https://trove.region-one.internal.com/v1.0/be1319401cfa4a0aa590b97cc7b64d8d",
"region": "RegionOne",
"internalURL": "https://trove.region-one.internal.com/v1.0/be1319401cfa4a0aa590b97cc7b64d8d",
"type": "database",
"id": "4bfad53a0c684bd981d093099eb7799b",
"publicURL": "https://trove.region-one.public.com/v1.0/be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "s3",
"adminURL": "https://s3.region-one.internal.com",
"region": "RegionOne",
"internalURL": "https://s3.region-one.internal.com",
"type": "s3",
"id": "50fb6b43cde44bb6b0e471a682dc42dd",
"publicURL": "https://s3.region-one.public.com"
},
{
"name": "glance",
"adminURL": "https://glance.region-one.internal.com",
"region": "RegionOne",
"internalURL": "https://glance.region-one.internal.com",
"type": "glance",
"id": "838a338171164c3c8f56e6b5882267ff",
"publicURL": "https://glance.region-one.public.com"
},
{
"name": "novav3",
"adminURL": "https://novav3.region-one.internal.com/v3",
"region": "RegionOne",
"internalURL": "https://novav3.region-one.internal.com/v3",
"type": "computev3",
"id": "b437edd03d244bf4be605b9b8c8689e0",
"publicURL": "https://novav3.region-one.public.com/v3"
},
{
"name": "heat",
"adminURL": "https://heat.region-one.internal.comv1",
"region": "RegionOne",
"internalURL": "https://heat.region-one.internal.comv1",
"type": "cloudformation",
"id": "7a0f6f37344d488fa596a1325e0fcf10",
"publicURL": "https://heat.region-one.public.comv1"
},
{
"name": "cinder",
"adminURL": "https://cinder.region-one.internal.com/v1/be1319401cfa4a0aa590b97cc7b64d8d",
"region": "RegionOne",
"internalURL": "https://cinder.region-one.internal.com/v1/be1319401cfa4a0aa590b97cc7b64d8d",
"type": "cinderv2",
"id": "d4f251065dce4ce3946d3c1b87e167f2",
"publicURL": "https://cinder.region-one.public.com/v1/be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "ec2",
"adminURL": "https://ec2.region-one.internal.com/services/Admin",
"region": "RegionOne",
"internalURL": "https://ec2.region-one.internal.com/services/Cloud",
"type": "ec2",
"id": "44c6bf28d9bd4d63bfb00d66f22439a8",
"publicURL": "https://ec2.region-one.public.com/services/Cloud"
},
{
"name": "heat",
"adminURL": "https://heat.region-one.internal.com/v1/be1319401cfa4a0aa590b97cc7b64d8d",
"region": "RegionOne",
"internalURL": "https://heat.region-one.internal.com/v1/be1319401cfa4a0aa590b97cc7b64d8d",
"type": "orchestration",
"id": "21aaace3f33c46b8aaea2b17d41ffd54",
"publicURL": "https://heat.region-one.public.com/v1/be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "swift",
"adminURL": "https://swift.region-one.internal.com",
"region": "RegionOne",
"internalURL": "https://swift.region-one.internal.com/v1/AUTH_be1319401cfa4a0aa590b97cc7b64d8d",
"type": "object-store",
"id": "35f7aca3be384580a3b1df43a97c2eb2",
"publicURL": "https://swift.region-one.public.com/v1/AUTH_be1319401cfa4a0aa590b97cc7b64d8d"
},
{
"name": "keystone",
"adminURL": "https://keystone.region-one.internal.com/v2.0",
"region": "RegionOne",
"internalURL": "https://keystone.region-one.internal.com/v2.0",
"type": "identity",
"id": "48da758fb58c47dcaf02000a4409a265",
"publicURL": "https://keystone.region-one.public.com/v2.0"
}
]
}

View File

@ -1,16 +0,0 @@
{
"extension": {
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack OAUTH1 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-OAUTH1/v1.0",
"alias": "OS-OAUTH1",
"description": "OpenStack OAuth 1.0a Delegated Auth Mechanism."
}
}

View File

@ -1,118 +0,0 @@
{
"extensions": {
"values": [
{
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack S3 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/s3tokens/v1.0",
"alias": "s3tokens",
"description": "OpenStack S3 API."
},
{
"updated": "2013-07-23T12:00:0-00:00",
"name": "OpenStack Keystone Endpoint Filter API",
"links": [
{
"href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ep-filter-ext.md",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-EP-FILTER/v1.0",
"alias": "OS-EP-FILTER",
"description": "OpenStack Keystone Endpoint Filter API."
},
{
"updated": "2014-02-24T20:51:0-00:00",
"name": "OpenStack Revoke API",
"links": [
{
"href": "https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3-os-revoke-ext.md",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-REVOKE/v1.0",
"alias": "OS-REVOKE",
"description": "OpenStack revoked token reporting mechanism."
},
{
"updated": "2013-12-17T12:00:0-00:00",
"name": "OpenStack Federation APIs",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-FEDERATION/v1.0",
"alias": "OS-FEDERATION",
"description": "OpenStack Identity Providers Mechanism."
},
{
"updated": "2013-07-11T17:14:00-00:00",
"name": "OpenStack Keystone Admin",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-KSADM/v1.0",
"alias": "OS-KSADM",
"description": "OpenStack extensions to Keystone v2.0 API enabling Administrative Operations."
},
{
"updated": "2014-01-20T12:00:0-00:00",
"name": "OpenStack Simple Certificate API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-SIMPLE-CERT/v1.0",
"alias": "OS-SIMPLE-CERT",
"description": "OpenStack simple certificate retrieval extension"
},
{
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack OAUTH1 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-OAUTH1/v1.0",
"alias": "OS-OAUTH1",
"description": "OpenStack OAuth 1.0a Delegated Auth Mechanism."
},
{
"updated": "2013-07-07T12:00:0-00:00",
"name": "OpenStack EC2 API",
"links": [
{
"href": "https://github.com/openstack/identity-api",
"type": "text/html",
"rel": "describedby"
}
],
"namespace": "http://docs.openstack.org/identity/api/ext/OS-EC2/v1.0",
"alias": "OS-EC2",
"description": "OpenStack EC2 Credentials backend."
}
]
}
}

View File

@ -1,10 +0,0 @@
{
"roles": [
{
"id": "123",
"name": "compute:admin",
"description": "Nova Administrator"
}
],
"roles_links": []
}

View File

@ -1,8 +0,0 @@
{
"tenant": {
"id": "1234",
"name": "ACME corp",
"description": "A description ...",
"enabled": true
}
}

View File

@ -1,5 +0,0 @@
GET /v2.0/tenants HTTP/1.1
Host: identity.api.openstack.org
Content-Type: application/json
X-Auth-Token: fa8426a0-8eaf-4d22-8e13-7c1b16a9370c
Accept: application/json

View File

@ -1,17 +0,0 @@
{
"tenants": [
{
"id": "1234",
"name": "ACME Corp",
"description": "A description ...",
"enabled": true
},
{
"id": "3456",
"name": "Iron Works",
"description": "A description ...",
"enabled": true
}
],
"tenants_links": []
}

View File

@ -1,28 +0,0 @@
{
"access": {
"token": {
"id": "ab48a9efdfedb23ty3494",
"expires": "2010-11-01T03:32:15-05:00",
"tenant": {
"id": "345",
"name": "My Project"
}
},
"user": {
"id": "123",
"name": "jqsmith",
"roles": [
{
"id": "234",
"name": "compute:admin"
},
{
"id": "234",
"name": "object-store:admin",
"tenantId": "1"
}
],
"roles_links": []
}
}
}

View File

@ -1,9 +0,0 @@
{
"user": {
"email": "new-user@example.com",
"password": null,
"enabled": true,
"name": "new-user",
"tenantId": "40429f980fac419bbfec372a5607c154"
}
}

View File

@ -1,10 +0,0 @@
{
"user": {
"username": "new-user",
"name": "new-user",
"id": "71767c619a90479ab21626abf76aa46c",
"enabled": true,
"email": "new-user@example.com",
"tenantId": "40429f980fac419bbfec372a5607c154"
}
}

View File

@ -1,9 +0,0 @@
{
"user": {
"username": "nova",
"name": "nova",
"enabled": true,
"email": null,
"id": "405ecdef1a434c70bb1e441cd295245d"
}
}

View File

@ -1,8 +0,0 @@
{
"user": {
"username": "nova",
"name": "nova",
"enabled": false,
"email": null
}
}

View File

@ -1,9 +0,0 @@
{
"user": {
"username": "nova",
"name": "nova",
"enabled": false,
"email": null,
"id": "71767c619a90479ab21626abf76aa46c"
}
}

View File

@ -1,88 +0,0 @@
{
"users": [
{
"username": "admin",
"name": "admin",
"enabled": true,
"email": null,
"id": "19dec86542d54bc791288b83d05c57a6"
},
{
"username": "swift",
"name": "swift",
"enabled": true,
"email": null,
"id": "2109a7e134244071ac5b6ce31d8fe5b6"
},
{
"username": "swiftusertest1",
"name": "swiftusertest1",
"enabled": true,
"email": "test@example.com",
"id": "3b59634090f84745bcd24bc28e564aff"
},
{
"username": "alt_demo",
"name": "alt_demo",
"enabled": true,
"email": "alt_demo@example.com",
"id": "3f957317491c478daaee50992e5d2d3b"
},
{
"username": "nova",
"name": "nova",
"enabled": true,
"email": null,
"id": "405ecdef1a434c70bb1e441cd295245d"
},
{
"username": "swiftusertest3",
"name": "swiftusertest3",
"enabled": true,
"email": "test3@example.com",
"id": "5f58db25affc44c28d678279981c946f"
},
{
"username": "swiftusertest2",
"name": "swiftusertest2",
"enabled": true,
"email": "test2@example.com",
"id": "9e4a840d8f5a45cdaa589febffcedb01"
},
{
"username": "glance",
"name": "glance",
"enabled": true,
"email": null,
"id": "9f7df42d30264a0eb5f4e0d01486260d"
},
{
"username": "demo",
"name": "demo",
"enabled": true,
"email": "demo@example.com",
"id": "a27a3939ad964215ad60315e8b2a3791"
},
{
"username": "glance-swift",
"name": "glance-swift",
"enabled": true,
"email": "glance-swift@example.com",
"id": "bbe7ee42ffc345c18430599f74af9fa3"
},
{
"username": "neutron",
"name": "neutron",
"enabled": true,
"email": null,
"id": "cf16ee300c2c412f81474ae452eda38d"
},
{
"username": "cinder",
"name": "cinder",
"enabled": true,
"email": null,
"id": "f570fcf1692241978015cdb49242e383"
}
]
}

View File

@ -1,24 +0,0 @@
{
"version": {
"status": "stable",
"updated": "2014-04-17T00:00:00Z",
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v2.0+json"
}
],
"id": "v2.0",
"links": [
{
"href": "http://localhost:5000/v2.0/",
"rel": "self"
},
{
"href": "http://docs.openstack.org/",
"rel": "describedby",
"type": "text/html"
}
]
}
}

View File

@ -1,45 +0,0 @@
{
"versions": {
"values": [
{
"id": "v3.4",
"links": [
{
"href": "http://localhost:35357/v3/",
"rel": "self"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"
}
],
"status": "stable",
"updated": "2015-03-30T00:00:00Z"
},
{
"id": "v2.0",
"links": [
{
"href": "http://localhost:35357/v2.0/",
"rel": "self"
},
{
"href": "http://docs.openstack.org/",
"rel": "describedby",
"type": "text/html"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v2.0+json"
}
],
"status": "stable",
"updated": "2014-04-17T00:00:00Z"
}
]
}
}

View File

@ -1,9 +0,0 @@
{
"auth": {
"tenantName": "demo",
"passwordCredentials": {
"username": "demo",
"password": "secretsecret"
}
}
}

View File

@ -1,184 +0,0 @@
{
"access": {
"token": {
"issued_at": "2014-01-30T15:30:58.819584",
"expires": "2014-01-31T15:30:58Z",
"id": "aaaaa-bbbbb-ccccc-dddd",
"tenant": {
"description": null,
"enabled": true,
"id": "fc394f2ab2df4114bde39905f800dc57",
"name": "demo"
}
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57",
"id": "2dad48f09e2a447a9bf852bcd93548ef",
"publicURL": "http://23.253.72.207:8774/v2/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "compute",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9696/",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9696/",
"id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
"publicURL": "http://23.253.72.207:9696/"
}
],
"endpoints_links": [],
"type": "network",
"name": "neutron"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57",
"id": "93f86dfcbba143a39a33d0c2cd424870",
"publicURL": "http://23.253.72.207:8776/v2/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "volumev2",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8774/v3",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8774/v3",
"id": "3eb274b12b1d47b2abc536038d87339e",
"publicURL": "http://23.253.72.207:8774/v3"
}
],
"endpoints_links": [],
"type": "computev3",
"name": "nova"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:3333",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:3333",
"id": "957f1e54afc64d33a62099faa5e980a2",
"publicURL": "http://23.253.72.207:3333"
}
],
"endpoints_links": [],
"type": "s3",
"name": "s3"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:9292",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:9292",
"id": "27d5749f36864c7d96bebf84a5ec9767",
"publicURL": "http://23.253.72.207:9292"
}
],
"endpoints_links": [],
"type": "image",
"name": "glance"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57",
"id": "37c83a2157f944f1972e74658aa0b139",
"publicURL": "http://23.253.72.207:8776/v1/fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "volume",
"name": "cinder"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8773/services/Admin",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8773/services/Cloud",
"id": "289b59289d6048e2912b327e5d3240ca",
"publicURL": "http://23.253.72.207:8773/services/Cloud"
}
],
"endpoints_links": [],
"type": "ec2",
"name": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:8080",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57",
"id": "16b76b5e5b7d48039a6e4cc3129545f3",
"publicURL": "http://23.253.72.207:8080/v1/AUTH_fc394f2ab2df4114bde39905f800dc57"
}
],
"endpoints_links": [],
"type": "object-store",
"name": "swift"
},
{
"endpoints": [
{
"adminURL": "http://23.253.72.207:35357/v2.0",
"region": "RegionOne",
"internalURL": "http://23.253.72.207:5000/v2.0",
"id": "26af053673df4ef3a2340c4239e21ea2",
"publicURL": "http://23.253.72.207:5000/v2.0"
}
],
"endpoints_links": [],
"type": "identity",
"name": "keystone"
}
],
"user": {
"username": "demo",
"roles_links": [],
"id": "9a6590b2ab024747bc2167c4e064d00d",
"roles": [
{
"name": "Member"
},
{
"name": "anotherrole"
}
],
"name": "demo"
},
"metadata": {
"is_admin": 0,
"roles": [
"7598ac3c634d4c3da4b9126a5f67ca2b",
"f95c0ab82d6045d9805033ee1fbc80d4"
]
},
"trust": {
"id": "394998fa61f14736b1f0c1f322882949",
"trustee_user_id": "269348fdd9374b8885da1418e0730af1",
"trustor_user_id": "3ec3164f750146be97f21559ee4d9c51",
"impersonation": false
}
}
}

View File

@ -1,84 +0,0 @@
.. -*- rst -*-
============
API versions
============
Show version details
====================
.. rest_method:: GET /v2.0
Shows details for the Identity API v2.0.
Normal response codes: 200
Error response codes:203,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/admin/version-show-response.json
:language: javascript
List versions
=============
.. rest_method:: GET /
Lists information about all Identity API versions.
Normal response codes: 200
Error response codes:300,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/admin/versions-list-response.json
:language: javascript

View File

@ -1,381 +0,0 @@
.. -*- rst -*-
=================================================
OS-ENDPOINT-POLICY extension (OS-ENDPOINT-POLICY)
=================================================
Creates, verifies, and deletes associations between service
endpoints and policies. Such associations enable an endpoint to
request its policy.
To create, check, or delete an association, you reference a policy
by its ID in the Identity server.
The extension supports these associations:
- A policy and endpoint association.
- A policy and service-type endpoint in a region association.
- A policy and service-type endpoint association.
This order reflects policies in their most to least-specific order.
When an endpoint requests the appropriate policy for itself, the
extension finds the policy by traversing the ordered sequence of
methods of association. The extension shows the policy for the
first association that it finds.
If the region of the endpoint has a parent, the extension examines
the region associations up the region tree in ascending order. For
region associations, the extension examines any parent regions in
ascending order. The extension does not combine polices.
Associate policy and service-type endpoint
==========================================
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
Associates a policy and any endpoint of a service type.
If an association already exists between the endpoint of a service
type and another policy, this call replaces that association.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- service_id: service_id
- policy_id: policy_id
Verify a policy and service-type endpoint association
=====================================================
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
Verifies an association between a policy and an endpoint of a service type.
A HEAD version of this API is also supported.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- service_id: service_id
- policy_id: policy_id
Delete a policy and service-type endpoint association
=====================================================
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
Deletes an association between a policy and an endpoint of a service type.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- service_id: service_id
- policy_id: policy_id
Show policy for endpoint
========================
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy
Shows a policy for an endpoint.
The extension finds the policy by traversing the ordered sequence
of methods of association. The extension shows the policy for the
first association that it finds. If the region of the endpoint has
a parent, the extension examines the region associations up the
region tree in ascending order.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- policy_id: policy_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- policy: policy
- type: type
- blob: blob
- links: links
- id: id
Response Example
----------------
.. literalinclude:: ../samples/OS-ENDPOINT-POLICY/policy-show-response.json
:language: javascript
Check policy and service endpoint association
=============================================
.. rest_method:: HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy
Checks whether a policy is associated with an endpoint.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- policy_id: policy_id
Response Example
----------------
.. literalinclude::
:language: javascript
Associate policy and service-type endpoint in a region
======================================================
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/regions/{region_id}
Associates a policy and an endpoint of a service type in a region.
If an association already exists between the service in a region
and another policy, this call replaces that association.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- region_id: region_id
- policy_id: policy_id
Verify a policy and service-type endpoint in a region association
=================================================================
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/regions/{region_id}
Verifies an association between a policy and service-type endpoint in a region.
A HEAD version of this API is also supported.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- region_id: region_id
- policy_id: policy_id
Delete a policy and service-type endpoint in a region association
=================================================================
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/regions/{region_id}
Deletes an association between a policy and service-type endpoint in a region.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- region_id: region_id
- policy_id: policy_id
List policy and service endpoint associations
=============================================
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints
Lists all the endpoints that are currently associated with a policy through any of the association methods.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- policy_id: policy_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- links: links
- url: url
- region: region
- next: next
- self: self
- interface: interface
- service_id: service_id
- endpoints: endpoints
- id: id
- previous: previous
Response Example
----------------
.. literalinclude:: ../samples/OS-ENDPOINT-POLICY/policy-endpoint-associations-list-response.json
:language: javascript
Associate policy and endpoint
=============================
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
Associates a policy and an endpoint.
If an association already exists between the endpoint and another
policy, this call replaces that association.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- endpoint_id: endpoint_id
- policy_id: policy_id
Verify a policy and endpoint association
========================================
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
Verifies an association between a policy and an endpoint.
A HEAD version of this API is also supported.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- endpoint_id: endpoint_id
- policy_id: policy_id
Delete a policy and endpoint association
========================================
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
Deletes an association between a policy and an endpoint.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- endpoint_id: endpoint_id
- policy_id: policy_id

View File

@ -1,582 +0,0 @@
.. -*- rst -*-
=================================
OS-INHERIT extension (OS-INHERIT)
=================================
Enables projects to inherit role assignments from either their
owning domain or projects that are higher in the hierarchy.
(Since API v3.4) The OS-INHERIT extension allows inheritance from
both projects and domains. To access project inheritance, the
Identity service server must run at least API v3.4.
Assign role to user owned by domain projects
============================================
.. rest_method:: PUT /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Assigns a role to a user in projects owned by a domain.
The API applies the inherited role to the existing and future owned
projects. The inherited role does not appear as a role in a domain-
scoped token.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- domain_id: domain_id
Check project role for user in domain
=====================================
.. rest_method:: HEAD /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Checks whether a user has an inherited project role in a domain.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- domain_id: domain_id
Response Example
----------------
.. literalinclude::
:language: javascript
Revoke project role from user in domain
=======================================
.. rest_method:: DELETE /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited project role from a user in a domain.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- domain_id: domain_id
Assign role to group
====================
.. rest_method:: PUT /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Assigns a role to a group in projects in a subtree.
The API anchors the inherited role assignment to a project and
applies it to its subtree in the projects hierarchy to both
existing and future projects.
A group can have both a regular, non-inherited role assignment and
an inherited role assignment in the same project.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- project_id: project_id
Check role for group
====================
.. rest_method:: HEAD /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Checks whether a group has a role assignment with the ``inherited_to_projects`` flag in a project.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- project_id: project_id
Response Example
----------------
.. literalinclude::
:language: javascript
Revoke role from group
======================
.. rest_method:: DELETE /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited role from a group in a project.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- project_id: project_id
Assign role to group in domain projects
=======================================
.. rest_method:: PUT /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Assigns a role to a group in projects owned by a domain.
The API applies the inherited role to owned projects, both existing
and future. The inherited role does not appear as a role in a
domain-scoped token.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- domain_id: domain_id
Check project role for group in domain
======================================
.. rest_method:: HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Checks whether a group has an inherited project role in a domain.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- domain_id: domain_id
Response Example
----------------
.. literalinclude::
:language: javascript
Revoke project role from group in domain
========================================
.. rest_method:: DELETE /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited project role from a group in a domain.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- role_id: role_id
- domain_id: domain_id
Assign role to user
===================
.. rest_method:: PUT /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Assigns a role to a user in projects in a subtree.
The API anchors the inherited role assignment to a project and
applies it to its subtree in the projects hierarchy to both
existing and future projects.
A user can have both a regular, non-inherited role assignment and
an inherited role assignment in the same project.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- project_id: project_id
Check role for user
===================
.. rest_method:: HEAD /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Checks whether a user has a role assignment with the ``inherited_to_projects`` flag in a project.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- project_id: project_id
Response Example
----------------
.. literalinclude::
:language: javascript
Revoke role from user
=====================
.. rest_method:: DELETE /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited role from a user in a project.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- project_id: project_id
List project roles for group in domain
======================================
.. rest_method:: GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
Lists the project roles that a group inherits from a parent project in a domain.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- domain_id: domain_id
Response Example
----------------
.. literalinclude:: ../samples/OS-INHERIT/group-roles-domain-list-response.json
:language: javascript
List role assignments
=====================
.. rest_method:: GET /v3/role_assignments
Lists role assignments.
The scope section in the list response is extended to allow the
representation of role assignments that are inherited to projects.
The list of all role assignments can be long. To filter the list,
use the query parameters.
Some typical examples are:
``GET /role_assignments?user.id={user_id}`` lists all role
assignments for a user.
``GET /role_assignments?scope.project.id={project_id}`` lists all
role assignments for a project.
Each role assignment entity in the collection contains a link to
the assignment that created this entity.
Use the ``effective`` query parameter to list effective assignments
at the user, project, and domain level. This parameter allows for
the effects of group membership as well as inheritance from the
parent domain or project, for role assignments that were made using
OS-INHERIT assignment APIs.
The group role assignment entities themselves are not returned in
the collection. Because, like group membership, the effects of
inheritance have already been allowed for, the role assignment
entities themselves that specify the inheritance are not returned
in the collection. This represents the effective role assignments
that would be included in a scoped token. You can use the other
query parameters with the ``effective`` parameter.
For example, to determine what a user can actually do, issue this
request: ``GET /role_assignments?user.id={user_id} & effective``
To get the equivalent set of role assignments that would be
included in the token response of a project-scoped token, issue
``GET /role_assignments?user.id={user_id} &
scope.project.id={project_id} & effective``
In the response, the entity ``links`` section for entities that are
included by virtue of group members also contains a url that you
can use to access the membership of the group.
Use the ``scope.OS-INHERIT:inherited_to`` query parameter to filter
the response by inherited role assignments. The ``scope.OS-
INHERIT:inherited_to`` value of ``projects`` is currently
supported. This value indicates that this role is inherited to all
projects of the owning domain or parent project.
An example response for an API call with the ``effective`` query
string:
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-INHERIT/role-assignments-effective-list-response.json
:language: javascript
List project roles for user in domain
=====================================
.. rest_method:: GET /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Lists the project roles that a user inherits from a parent project in a domain.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- domain_id: domain_id
Response Example
----------------
.. literalinclude:: ../samples/OS-INHERIT/user-roles-domain-list-response.json
:language: javascript
List roles for group
====================
.. rest_method:: GET /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/inherited_to_projects
Lists the project roles that a group in a project inherits from a parent project.
The list shows only roles that the group project inherits from the
parent project.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
- project_id: project_id
Response Example
----------------
.. literalinclude:: ../samples/OS-INHERIT/group-roles-list-response.json
:language: javascript
List roles for user
===================
.. rest_method:: GET /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/inherited_to_projects
Lists the project roles that a user in a project inherits from a parent project.
The list shows only roles that the user project inherits from the
parent project.
Normal response codes: 200
Error response codes:
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- project_id: project_id
Response Example
----------------
.. literalinclude:: ../samples/OS-INHERIT/user-roles-list-response.json
:language: javascript

View File

@ -1,410 +0,0 @@
.. -*- rst -*-
================================================
Key Distribution Server (KDS) extension (OS-KDS)
================================================
The Key Distribution Server (KDS) is a trusted third party that
generates and securely distributes signing and encryption keys to
communicating parties. These shared keys enable parties to exchange
authenticated, confidential messages. KDS is an integral part of
the RPC message security implementation. To establish a trusted
relationship between the party and the KDS, a properly authorized
user, such as a cloud administrator, must assign a long-term shared
key to the communicating party. Assigning a key to a party requires
assigning an identity to that party in the KDS. An identity
includes a unique party name and the associated long-term shared
key. This party name is used to identify a party when it
communicates with KDS or another party.
The KDS enables two individual parties or one individual party and
a group party to exchange secure messages. To get keys so that it
can communicate with another party, a party makes an authenticated
request to KDS for a ticket. The KDS returns an encrypted ticket to
the requesting party. The KDS encrypts the ticket with the long-
term shared key that is associated with that party. Only the
associated party or the KDS itself can decrypt the ticket.
The KDS issues a ticket that contains a copy of the shared
encryption and signing keys. These keys are for the source party,
which is the party that requests the ticket. The ticket also
contains a payload that is intended for the destination party,
which is the party with whom the source party wants to communicate.
This payload contains the information that the destination party
can use to derive the shared encryption and signing keys. When the
destination party is:
- An individual. The payload is encrypted with the long-term shared
key that is associated with the destination party.
- A group. The payload is encrypted with a shared group key that the
KDS makes available to all members of the group. This encryption
enables the destination party to trust that the information in
the payload was supplied by the KDS.
When the source party is ready to communicate with the destination
party, it sends this encrypted payload to the destination party
along with whatever data it has protected with the shared signing
and encryption keys. The destination party can decrypt the payload
and derive the shared encryption and signing keys by using the
payload information. Both parties have a copy of the shared signing
and encryption keys that are trusted as being issued by the KDS.
The destination party uses these shared keys to authenticate and
decrypt the data sent by the source party.
Other guidelines:
- When a source party must send secure messages to multiple
recipients, an authorized user can define a KDS group for the
recipients. Membership in a group is determined by comparing a
party name with the group name. The party is considered a member
if the party name matches ``< group name > .*``. For example, a
party named ``scheduler.host.example.com`` is considered a member
of the ``scheduler`` group. This method is the same method that
is used to name message queues in OpenStack.
- When a source party requests a ticket for a destination party that
is a group, KDS generates a short-lived group key and assigns it
to the group. This group key is used to encrypt the payload in
the ticket, which contains the information that the destination
party uses to derive the shared signing and encryption keys.
- When an individual destination party must decrypt the payload that
it receives from the source party as a part of a group message,
it makes an authenticated request to KDS to get the short-lived
group key. If the requester is a member of the target group, KDS
provides the short-lived group key encrypted with the long-term
shared key associated with the individual destination party. The
individual destination party can then decrypt the group key,
which enables it to decrypt the payload and derive the shared
signing and encryption keys to use to authenticate and decrypt
the data sent by the source party.
- When a sender gets keys to send a message to a group, all group
members and the sender share the signing and encryption keys,
which makes it impossible for an individual destination party to
determine whether a message was sent by the source party or by
another destination party who is a group member. The destination
party can confirm only that the message was sent by a party who
has the shared signing and encryption keys. When a sender uses
keys to send a message to a group, all group members must trust
other members to operate in good faith.
The signing and encryption keys that communicating parties share
are short-lived. The life span of these keys is defined by a
validity period that is set by the KDS when it issues the ticket. A
suggested reasonable default validity period is 15 minutes, though
the implementation determines the appropriate validity period.
After the validity period for the keys expires, a party should
refuse to use those keys to prevent the use of compromised keys.
This requires the source party to request a new ticket from the KDS
to get a new set of keys. An implementation can implement a grace
period to account for clock skew between parties. This grace period
enables a destination party to accept messages that use recently
expired keys. If you use a grace period, its duration should be
five or fewer minutes.
A key server, unlike a pure public key-based system, can regulate
the encryption and signing key exchange. When keys are requested,
the key server actively distributes keys to communicating parties,
applies access control, and denies communication between arbitrary
peers in the system. This enables centralized access control,
prevents unauthorized communication, and eliminates the need to
perform post-authentication access control and policy lookups on
the receiving side.
The KDS requires that all ticket requests are authenticated and,
where appropriate, data is encrypted. You must pass any time stamp
value to the API as a `UTC
<https://en.wikipedia.org/wiki/ISO_8601#UTC>`_ `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_ date and time string
that includes microseconds. For example,
``2012-03-26T10:01:01.720000``.
The default algorithms for message authentication and encryption
are, respectively, HMAC-SHA-256 and AES-128-CBC. Therefore, the
default block size is 128 bit.
The source party that requests a ticket must send the encrypted
``esek`` payload to the destination party. The source and
destination strings used when requesting the ticket also must be
sent to the destination party to enable it to derive the shared
signing end encryption keys. The messaging implementation is
responsible for transferring this data to the destination party.
The key derivation used to generate the shared signing and
encryption keys uses the Hashed Message Authentication Code
(HMAC)-based key derivation function (HKDF) standard, as described
in RFC 5869. The destination party must use the HKDF ``expand``
function by using the information that it receives from the source
party to complete derivation of the shared signing and encryption
keys. The inputs to the HKDF ``expand`` function are:
::
HKDF-Expand(esek.key, info, 256)
The ``info`` input for the HKDF ``expand`` function is a string
that concatenates the source, destination, and ``esek.timestamp``
strings by using a comma (``,``) separator between each element.
The following example shows a valid ``info`` string where
``scheduler.host.example.com`` is the source,
``compute.host.example.com`` is the destination, and
``2012-03-26T10:01:01.720000`` is the ``esek.timestamp``:
::
scheduler.host.example.com,compute.host.example.com,2012-03-26T10:01:01.720000
The output of the HKDF expand function is an array of bytes of 256
bit length. The first half is the signing key, and the second half
is the encryption key.
Create and delete requests for long-term keys are restricted to
authorized users, such as cloud administrators. The authentication
and authorization for these requests is left up to the
implementation, though the implementation should leverage the
Identity API for these purposes.
Create group
============
.. rest_method:: POST /v3/groups/{name}
Creates a group in the KDS.
Membership in groups is based on the party name. For example, a
``scheduler`` group implicitly includes any party name that starts
with ``scheduler``. For example, a member named
``scheduler.host.example.com``.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
Delete group
============
.. rest_method:: DELETE /v3/groups/{name}
Deletes a group from the KDS.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
Show group key
==============
.. rest_method:: GET /v3/groups
Shows the key for a group in the KDS.
When a ticket is requested where the destination is a group, a
group key is generated that is valid for a predetermined amount of
time. Any member of the group can get the key as long as it is
still valid. Group keys are necessary to verify signatures and
decrypt messages that have a group name as the target.
Error response codes:201,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
Generate ticket
===============
.. rest_method:: POST /v3/tickets
Generates a ticket to facilitate messaging between a source and destination.
A generate ticket request contains metadata that you specify as a
Base64-encoded JSON object and a signature.
The response shows the metadata, encrypted ticket, and signature.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- generation: generation
- signature: signature
- metadata: metadata
Request Example
---------------
.. literalinclude:: ../samples/OS-KDS/ticket-generate-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- ticket: ticket
- signature: signature
- metadata: metadata
Create key
==========
.. rest_method:: POST /v3/keys/{name}
Creates a long-term key in the KDS.
The request body contains the key.
The response shows the key name and generation value.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
Request Example
---------------
.. literalinclude:: ../samples/OS-KDS/key-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- generation: generation
- name: name
Delete key
==========
.. rest_method:: DELETE /v3/keys/{name}
Deletes a long-term key from the KDS.
Error response codes:204,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name

View File

@ -1,392 +0,0 @@
# variables in header
{}
# variables in path
access_token_id:
description: |
The UUID of the access token.
in: path
required: false
type: string
consumer_id:
description: |
The UUID of the consumer.
in: path
required: false
type: string
domain_id:
description: |
The UUID of the domain.
in: path
required: false
type: string
endpoint_id:
description: |
The endpoint ID.
in: path
required: false
type: string
group_id:
description: |
The UUID of the group.
in: path
required: false
type: string
name:
description: |
The name of the group.
in: path
required: false
type: string
policy_id:
description: |
The policy ID.
in: path
required: false
type: string
project_id:
description: |
The UUID of the project.
in: path
required: false
type: string
region_id:
description: |
The region ID.
in: path
required: false
type: string
role_id:
description: |
The UUID of the role.
in: path
required: false
type: string
service_id:
description: |
The service ID.
in: path
required: false
type: string
user_id:
description: |
The UUID of the user.
in: path
required: false
type: string
# variables in query
{}
# variables in body
blob:
description: |
The policy rule itself, as a serialized blob.
in: body
required: true
type: object
endpoints:
description: |
An ``endpoints`` object.
in: body
required: true
type: array
generation:
description: |
A unique integer value that identifies the key.
The generation value changes only if you set a new key. If the
request sets the key to the same value that already exists, the
response shows the existing generation value, which makes the
request idempotent.
in: body
required: true
type: integer
id:
description: |
The ID of the trust.
in: body
required: true
type: string
id_1:
description: |
The endpoint UUID.
in: body
required: true
type: string
id_2:
description: |
The ID of the policy.
in: body
required: true
type: string
impersonation:
description: |
The impersonation flag. Default is false.
in: body
required: false
type: boolean
interface:
description: |
The interface type, which describes the
visibility of the endpoint. Value is: - ``public``. Visible by
end users on a publicly available network interface. -
``internal``. Visible by end users on an unmetered internal
network interface. - ``admin``. Visible by administrative users
on a secure network interface.
in: body
required: true
type: string
links:
description: |
Trust links.
in: body
required: true
type: object
links_1:
description: |
The links for the ``endpoints`` resource.
in: body
required: true
type: object
links_2:
description: |
The links for the ``policy`` resource.
in: body
required: true
type: object
metadata:
description: |
A Base64-encoded JSON object that contains these key and value
pairs:
- ``source``. The identity who is requesting a ticket.
- ``destination``. The target for which the ticket will be valid.
- ``timestamp``. The current time stamp from the requester.
- ``nonce``. Random, single-use data. See `Cryptographic nonce
<https://en.wikipedia.org/wiki/Cryptographic_nonce>`_.
The time stamp and nonce are required to prevent replay attacks.
For example:
.. code-block:: json
{
"source": "scheduler.host.example.com",
"destination": "compute.host.example.com",
"timestamp": "2012-03-26T10:01:01.720000",
"nonce": 1234567890
}
in: body
required: true
type: object
name_1:
description: |
The role name.
in: body
required: true
type: string
name_2:
description: |
The name of the group.
in: body
required: true
type: string
next:
description: |
The ``next`` relative link for the ``endpoints``
resource.
in: body
required: true
type: string
oauth_expires_at:
description: |
The date and time when a request token expires.
The date and time stamp format is `ISO 8601
<https://en.wikipedia.org/wiki/ISO_8601>`_:
::
CCYY-MM-DDThh:mm:ss±hh:mm
The ``±hh:mm`` value, if included, is the time zone as an offset
from UTC.
For example, ``2015-08-27T09:49:58-05:00``.
If the Identity API does not include this attribute or its value is
``null``, the token never expires.
in: body
required: false
type: string
policy:
description: |
A ``policy`` object.
in: body
required: true
type: object
previous:
description: |
The ``previous`` relative link for the
``endpoints`` resource.
in: body
required: true
type: string
project_id_1:
description: |
The ID of the project.
in: body
required: true
type: string
region:
description: |
(Deprecated in v3.2) The geographic location of
the service endpoint.
in: body
required: true
type: string
remaining_uses:
description: |
Remaining uses flag. Default is null.
in: body
required: false
type: boolean
roles:
description: |
A roles object.
in: body
required: true
type: array
roles_links:
description: |
A roles links object. Includes ``next``,
``previous``, and ``self`` links for roles.
in: body
required: true
type: object
self:
description: |
The ``self`` relative link for the ``endpoints``
resource.
in: body
required: true
type: string
service_id_1:
description: |
The UUID of the service to which the endpoint
belongs.
in: body
required: true
type: string
signature:
description: |
A Base64-encoded HMAC signature over the
Base64-encoded request metadata object. For example:
``Base64encode(HMAC(SigningKey, RequestMetadata))`` The long-term
key of the requester is used for the signature. When the request
is received, the KDS must verify the signature. To do so, the KDS
must access the ``source`` from the request metadata to look up
the associated long-term key to use to verify the signature. The
KDS should not access any other data contained in the request
metadata before verifying the signature. If the KDS fails to
verify the signature, it risks issuing a ticket to a party who is
impersonating the source.
in: body
required: true
type: string
ticket:
description: |
The ticket is encrypted with the long-term key of the source and
contains a Base64-encoded JSON object containing the following key
and value pairs:
- ``skey``. The newly-generated Base64-encoded message signing key.
- ``ekey``. The newly-generated Base64-encoded message encryption
key.
- ``esek``. Encrypted signing and encryption key pair for the
receiver.
For example:
.. code-block:: json
{
"skey": "ZjhkuYZH8y87rzhgi7...",
"ekey": "Fk8yksa8z8zKtakc8s...",
"esek": "KBo8fajfo8ysad5hq2..."
}
The long-term key of the destination is used to encrypt the
``esek`` value. The ``esek`` value contains a Base64-encoded JSON
object that contains the following key and value pairs:
- ``key``. The Base64-encoded random key that is used to generate
the signing and encryption keys.
- ``timestamp``. The time stamp when the key was created.
- ``ttl``. An integer value that specifies the validity length of
the key, in seconds.
For example:
.. code-block:: json
{
"key": "Afa8sad2hgsd7asv7ad...",
"timestamp": "2012-03-26T10:01:01.720000",
"ttl": 28800
}
The ``key`` and ``timestamp`` values are used as inputs to the HKDF
``expand`` function to generate the signing and encryption keys, as
described in the overview on this page.
The ``timestamp`` and ``ttl`` values must equal the ``expiration``
time stamp value that is contained in the response metadata.
in: body
required: true
type: string
trust:
description: |
A trust object.
in: body
required: true
type: object
trustee_user_id:
description: |
The trustee user ID.
in: body
required: true
type: string
trustor_user_id:
description: |
The trustor user ID.
in: body
required: true
type: string
type:
description: |
The MIME media type of the serialized policy
blob. From the perspective of the Identity API, a policy blob can
be based on any technology. In OpenStack, the ``policy.json`` blob
(``type="application/json"``) is the conventional solution.
However, you might want to use an alternative policy engine that
uses a different policy language type. For example,
``type="application/xacml+xml"``.
in: body
required: true
type: string
url:
description: |
The endpoint URL.
in: body
required: true
type: string

View File

@ -1,87 +0,0 @@
.. -*- rst -*-
==========================
Trust extension (OS-TRUST)
==========================
Creates a trust.
A trust is an OpenStack Identity extension that enables delegation
and, optionally, impersonation through ``keystone``. A trust
extension defines a relationship between a trustor and trustee. A
trustor is the user who delegates a limited set of their own rights
to another user, known as the trustee, for a limited time.
The trust can eventually enable the trustee to impersonate the
trustor. For security reasons, some safety measures are added. For
example, if a trustor loses a given role, the API automatically
revokes any trusts and the related tokens that the user issued with
that role.
For more information, see `Use trusts <http://docs.openstack.org
/admin-guide/keystone_use_trusts.html>`_.
Create trust
============
.. rest_method:: POST /v3/OS-TRUST/trusts
Creates a trust.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- impersonation: impersonation
- trust: trust
- trustor_user_id: trustor_user_id
- name: name
- roles: roles
- oauth_expires_at: oauth_expires_at
- remaining_uses: remaining_uses
- trustee_user_id: trustee_user_id
- project_id: project_id
Request Example
---------------
.. literalinclude:: ../samples/OS-TRUST/trust-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- impersonation: impersonation
- roles_links: roles_links
- trust: trust
- trustor_user_id: trustor_user_id
- name: name
- links: links
- oauth_expires_at: oauth_expires_at
- remaining_uses: remaining_uses
- trustee_user_id: trustee_user_id
- roles: roles
- project_id: project_id
- id: id

View File

@ -1,555 +0,0 @@
.. -*- rst -*-
==================================================
Authentication and token management (auth, tokens)
==================================================
In exchange for a set of authentication credentials, the Identity
service generates tokens. A token represents the authenticated
identity of a user and, optionally, grants authorization on a
specific project or domain.
The body of an authentication request must include a payload that
specifies the authentication method, which is ``password`` or
``token``, the credentials, and, optionally, the authorization
scope. You can scope a token to a project or domain, or the token
can be unscoped. You cannot scope a token to both a project and
domain.
Tokens have IDs, which the Identity API returns in the ``X-Subject-
Token`` response header.
Also, validates an authentication token and lists the domains,
projects, roles, and endpoints to which the token gives access.
Forces the immediate revocation of a token.
After you obtain an authentication token, you can:
- Make REST API requests to other OpenStack services. You supply the
ID of your authentication token in the ``X-Auth-Token`` request
header.
- Validate your authentication token and list the domains, projects,
roles, and endpoints that your token gives you access to.
- Use your token to request another token scoped for a different
domain and project.
- Force the immediate revocation of a token.
- List revoked public key infrastructure (PKI) tokens.
The Identity API treats expired tokens as no longer valid tokens.
The deployment determines how long expired tokens are stored.
These authentication errors can occur:
**Authentication errors**
+------------------------+----------------------------------------------------------------------+
| Response code | Description |
+------------------------+----------------------------------------------------------------------+
| ``Bad Request (400)`` | The Identity service failed to parse the request as expected. One |
| | of the following errors occurred: |
| | |
| | - A required attribute was missing. |
| | |
| | - An attribute that is not allowed was specified, such as an ID on a |
| | POST request in a basic CRUD operation. |
| | |
| | - An attribute of an unexpected data type was specified. |
+------------------------+----------------------------------------------------------------------+
| ``Unauthorized (401)`` | One of the following errors occurred: |
| | |
| | - Authentication was not performed. |
| | |
| | - The specified ``X-Auth-Token`` header is not valid. |
| | |
| | - The authentication credentials are not valid. |
+------------------------+----------------------------------------------------------------------+
| ``Forbidden (403)`` | The identity was successfully authenticated but it is not |
| | authorized to perform the requested action. |
+------------------------+----------------------------------------------------------------------+
| ``Not Found (404)`` | An operation failed because a referenced entity cannot be found by |
| | ID. For a POST request, the referenced entity might be specified in |
| | the request body rather than in the resource path. |
+------------------------+----------------------------------------------------------------------+
| ``Conflict (409)`` | A POST or PATCH operation failed. For example, a client tried to |
| | update a unique attribute for an entity, which conflicts with that |
| | of another entity in the same collection. |
| | |
| | Or, a client issued a create operation twice on a collection with a |
| | user-defined, unique attribute. For example, a client made a POST |
| | ``/users`` request two times for the unique, user-defined name |
| | attribute for a user entity. |
+------------------------+----------------------------------------------------------------------+
Password authentication with unscoped authorization
===================================================
.. rest_method:: POST /v3/auth/tokens
Authenticates an identity and generates a token. Uses the password authentication method. Authorization is unscoped.
The request body must include a payload that specifies the
authentication method, which is ``password``, and the user, by ID
or name, and password credentials.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain: domain
- name: name
- auth: auth
- user: user
- password: password
- id: id
- identity: identity
- methods: methods
- nocatalog: nocatalog
Request Example
---------------
.. literalinclude:: ../samples/admin/auth-password-unscoped-request-with-domain.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- domain: domain
- methods: methods
- expires_at: expires_at
- token: token
- extras: extras
- user: user
- audit_ids: audit_ids
- issued_at: issued_at
- id: id
- name: name
Password authentication with scoped authorization
=================================================
.. rest_method:: POST /v3/auth/tokens
Authenticates an identity and generates a token. Uses the password authentication method and scopes authorization to a project or domain.
The request body must include a payload that specifies the
``password`` authentication method, the credentials, and the
``project`` or ``domain`` authorization scope.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
- auth: auth
- user: user
- scope: scope
- password: password
- id: id
- identity: identity
- methods: methods
- nocatalog: nocatalog
Request Example
---------------
.. literalinclude:: ../samples/admin/auth-password-project-scoped-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- domain: domain
- region_id: region_id
- methods: methods
- roles: roles
- url: url
- region: region
- token: token
- expires_at: expires_at
- project: project
- issued_at: issued_at
- catalog: catalog
- extras: extras
- user: user
- audit_ids: audit_ids
- interface: interface
- endpoints: endpoints
- type: type
- id: id
- name: name
Password authentication with explicit unscoped authorization
============================================================
.. rest_method:: POST /v3/auth/tokens
Authenticates an identity and generates a token. Uses the password authentication method with explicit unscoped authorization.
The request body must include a payload that specifies the
``password`` authentication method, the credentials, and the
``unscoped`` authorization scope.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
- auth: auth
- user: user
- scope: scope
- password: password
- id: id
- identity: identity
- methods: methods
- nocatalog: nocatalog
Request Example
---------------
.. literalinclude:: ../samples/admin/auth-password-explicit-unscoped-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- domain: domain
- methods: methods
- roles: roles
- expires_at: expires_at
- token: token
- extras: extras
- user: user
- audit_ids: audit_ids
- issued_at: issued_at
- id: id
- name: name
Token authentication with unscoped authorization
================================================
.. rest_method:: POST /v3/auth/tokens
Authenticates an identity and generates a token. Uses the token authentication method. Authorization is unscoped.
In the request body, provide the token ID.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- identity: identity
- token: token
- id: id
- auth: auth
- methods: methods
- nocatalog: nocatalog
Request Example
---------------
.. literalinclude:: ../samples/admin/auth-token-unscoped-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- X-Auth-Token: X-Auth-Token
Token authentication with scoped authorization
==============================================
.. rest_method:: POST /v3/auth/tokens
Authenticates an identity and generates a token. Uses the token authentication method and scopes authorization to a project or domain.
In the request body, provide the token ID and the ``project`` or
``domain`` authorization scope.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- methods: methods
- auth: auth
- token: token
- audit_ids: audit_ids
- scope: scope
- id: id
- identity: identity
- nocatalog: nocatalog
Request Example
---------------
.. literalinclude:: ../samples/admin/auth-token-scoped-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- X-Auth-Token: X-Auth-Token
Validate and show information for token
=======================================
.. rest_method:: GET /v3/auth/tokens
Validates and shows information for a token, including its expiration date and authorization scope.
Pass your own token in the ``X-Auth-Token`` request header.
Pass the token that you want to validate in the ``X-Subject-Token``
request header.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- X-Auth-Token: X-Auth-Token
- X-Subject-Token: X-Subject-Token
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- X-Subject-Token: X-Subject-Token
- X-Auth-Token: X-Auth-Token
- domain: domain
- methods: methods
- links: links
- user: user
- token: token
- expires_at: expires_at
- project: project
- catalog: catalog
- extras: extras
- roles: roles
- audit_ids: audit_ids
- issued_at: issued_at
- id: id
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/auth-token-unscoped-response.json
:language: javascript
Check token
===========
.. rest_method:: HEAD /v3/auth/tokens
Validates a token.
This call is similar to ``GET /auth/tokens`` but no response body
is provided even in the ``X-Subject-Token`` header.
The Identity API returns the same response as when the subject
token was issued by ``POST /auth/tokens`` even if an error occurs
because the token is not valid. An HTTP ``204`` response code
indicates that the ``X-Subject-Token`` is valid.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- X-Auth-Token: X-Auth-Token
- X-Subject-Token: X-Subject-Token
Response Example
----------------
.. literalinclude::
:language: javascript
Revoke token
============
.. rest_method:: DELETE /v3/auth/tokens
Revokes a token.
This call is similar to the HEAD ``/auth/tokens`` call except that
the ``X-Subject-Token`` token is immediately not valid, regardless
of the ``expires_at`` attribute value. An additional ``X-Auth-
Token`` is not required.
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- X-Auth-Token: X-Auth-Token
- X-Subject-Token: X-Subject-Token

View File

@ -1,277 +0,0 @@
.. -*- rst -*-
=========================
Credentials (credentials)
=========================
In exchange for a set of authentication credentials that the user
submits, the Identity service generates and returns a token. A
token represents the authenticated identity of a user and,
optionally, grants authorization on a specific project or domain.
You can list all credentials, and create, show details for, update,
and delete a credential.
Create credential
=================
.. rest_method:: POST /v3/credentials
Creates a credential.
The following example shows how to create an EC2-style credential.
The credential blob is a string that contains a JSON-serialized
dictionary with the ``access`` and ``secret`` keys. This format is
required when you specify the ``ec2`` type. To specify other
credentials, such as ``access_key``, change the type and contents
of the data blob.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- credential: credential
- project_id: project_id
- type: type
- blob: blob
- user_id: user_id
Request Example
---------------
.. literalinclude:: ../samples/admin/credential-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- credential: credential
- user_id: user_id
- links: links
- blob: blob
- project_id: project_id
- type: type
- id: id
List credentials
================
.. rest_method:: GET /v3/credentials
Lists all credentials.
Optionally, you can include the ``user_id`` query parameter in the
URI to filter the response by a user.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- links: links
- blob: blob
- credentials: credentials
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/credentials-list-response.json
:language: javascript
Show credential details
=======================
.. rest_method:: GET /v3/credentials/{credential_id}
Shows details for a credential.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- credential_id: credential_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- credential: credential
- user_id: user_id
- links: links
- blob: blob
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/credential-show-response.json
:language: javascript
Update credential
=================
.. rest_method:: PATCH /v3/credentials/{credential_id}
Updates a credential.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- credential: credential
- project_id: project_id
- type: type
- blob: blob
- user_id: user_id
- credential_id: credential_id
Request Example
---------------
.. literalinclude:: ../samples/admin/credential-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- credential: credential
- user_id: user_id
- links: links
- blob: blob
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/credential-update-response.json
:language: javascript
Delete credential
=================
.. rest_method:: DELETE /v3/credentials/{credential_id}
Deletes a credential.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- credential_id: credential_id

View File

@ -1,503 +0,0 @@
.. -*- rst -*-
==================================================================
Domain configuration (domains, config) (since v3.4) (EXPERIMENTAL)
==================================================================
You can manage domain-specific configuration options.
Domain-specific configuration options are structured within their
group objects. The API supports only the ``identity`` and ``ldap``
groups. These groups override the default configuration settings
for the storage of users and groups by the Identity server.
You can create, update, and delete domain-specific configuration
options by using the HTTP PUT , PATCH , and DELETE methods. When
updating, it is only necessary to include those options that are
being updated.
To create an option, use the PUT method. The Identity API does not
return options that are considered sensitive, although you can
create and update these options. The only option currently
considered sensitive is the ``password`` option within the ``ldap``
group.
The API enables you to include sensitive options as part of non-
sensitive options. For example, you can include the password as
part of the ``url`` option.
If you try to create or update configuration options for groups
other than the ``identity`` or ``ldap`` groups, the ``Forbidden
(403)`` response code is returned.
For information about how to integrate the Identity service with
LDAP, see `Integrate Identity with LDAP <http://docs.openstack.org
/admin-guide/keystone_integrate_with_ldap.html>`_.
Show domain group option configuration
======================================
.. rest_method:: GET /v3/domains/{domain_id}/config/{group}/{option}
Shows details for a domain group option configuration.
The API supports only the ``identity`` and ``ldap`` groups. For the
``ldap`` group, a valid value is ``url`` or ``user_tree_dn``. For
the ``identity`` group, a valid value is ``driver``.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- group: group
- option: option
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-group-option-show-response.json
:language: javascript
Update domain group option configuration
========================================
.. rest_method:: PATCH /v3/domains/{domain_id}/config/{group}/{option}
Updates a domain group option configuration.
The API supports only the ``identity`` and ``ldap`` groups. For the
``ldap`` group, a valid value is ``url`` or ``user_tree_dn``. For
the ``identity`` group, a valid value is ``driver``.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
- domain_id: domain_id
- group: group
- option: option
Request Example
---------------
.. literalinclude:: ../samples/admin/domain-config-group-option-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-group-option-update-response.json
:language: javascript
Delete domain group option configuration
========================================
.. rest_method:: DELETE /v3/domains/{domain_id}/config/{group}/{option}
Deletes a domain group option configuration.
The API supports only the ``identity`` and ``ldap`` groups. For the
``ldap`` group, a valid value is ``url`` or ``user_tree_dn``. For
the ``identity`` group, a valid value is ``driver``.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- group: group
- option: option
Show domain group configuration
===============================
.. rest_method:: GET /v3/domains/{domain_id}/config/{group}
Shows details for a domain group configuration.
The API supports only the ``identity`` and ``ldap`` groups.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- group: group
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-group-show-response.json
:language: javascript
Update domain group configuration
=================================
.. rest_method:: PATCH /v3/domains/{domain_id}/config/{group}
Updates a domain group configuration.
The API supports only the ``identity`` and ``ldap`` groups. If you
try to set configuration options for other groups, this call fails
with the ``Forbidden (403)`` response code.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
- domain_id: domain_id
- group: group
Request Example
---------------
.. literalinclude:: ../samples/admin/domain-config-group-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-group-update-response.json
:language: javascript
Delete domain group configuration
=================================
.. rest_method:: DELETE /v3/domains/{domain_id}/config/{group}
Deletes a domain group configuration.
The API supports only the ``identity`` and ``ldap`` groups.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- group: group
Show domain configuration
=========================
.. rest_method:: GET /v3/domains/{domain_id}/config
Shows details for a domain configuration.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-show-response.json
:language: javascript
Update domain configuration
===========================
.. rest_method:: PATCH /v3/domains/{domain_id}/config
Updates a domain configuration.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
- domain_id: domain_id
Request Example
---------------
.. literalinclude:: ../samples/admin/domain-config-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- url: url
- driver: driver
- ldap: ldap
- config: config
- user_tree_dn: user_tree_dn
- identity: identity
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-config-update-response.json
:language: javascript
Delete domain configuration
===========================
.. rest_method:: DELETE /v3/domains/{domain_id}/config
Deletes a domain configuration.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id

View File

@ -1,286 +0,0 @@
.. -*- rst -*-
=======================================
Domains (domains, users, groups, roles)
=======================================
A domain is a collection of users, groups, and projects. Each group
and project is owned by exactly one domain.
Each domain defines a namespace where certain API-visible name
attributes exist, which affects whether those names must be
globally unique or unique within that domain. In the Identity API,
the uniqueness of these attributes is as follows:
- *Domain name*. Globally unique across all domains.
- *Role name*. Globally unique across all domains.
- *User name*. Unique within the owning domain.
- *Project name*. Unique within the owning domain.
- *Group name*. Unique within the owning domain.
List domains
============
.. rest_method:: GET /v3/domains
Lists all domains.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
- enabled: enabled
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- links: links
- enabled: enabled
- domains: domains
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/domains-list-response.json
:language: javascript
Create domain
=============
.. rest_method:: POST /v3/domains
Creates a domain.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain: domain
- enabled: enabled
- description: description
- name: name
Request Example
---------------
.. literalinclude:: ../samples/admin/domain-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- domain: domain
- name: name
- links: links
- enabled: enabled
- id: id
- description: description
Show domain details
===================
.. rest_method:: GET /v3/domains/{domain_id}
Shows details for a domain.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- domain: domain
- name: name
- links: links
- enabled: enabled
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-show-response.json
:language: javascript
Update domain
=============
.. rest_method:: PATCH /v3/domains/{domain_id}
Updates a domain.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain: domain
- enabled: enabled
- description: description
- name: name
- domain_id: domain_id
Request Example
---------------
.. literalinclude:: ../samples/admin/domain-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- domain: domain
- name: name
- links: links
- enabled: enabled
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-update-response.json
:language: javascript
Delete domain
=============
.. rest_method:: DELETE /v3/domains/{domain_id}
Deletes a domain.
To minimize the risk of accidentally deleting a domain, you must
first disable the domain by using the update domain method.
When you delete a domain, this call also deletes all entities owned
by it, such as users, groups, and projects, and any credentials and
granted roles that relate to those entities.
(Since v3.6) The deletion of a non-leaf domain in a domain
hierarchy tree is not allowed and fails with a ``Bad Request
(400)`` response code.
If you try to delete an enabled domain, this call returns the
``Forbidden (403)`` response code.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id

View File

@ -1,418 +0,0 @@
.. -*- rst -*-
======================
Groups (groups, users)
======================
A group is a collection of users. Each group is owned by a domain.
When you grant a role to a group, you explicitly associate that
group with a project or domain. This action is equivalent to
granting the role to each group member on that project and domain.
When you grant a role to a group, that role is automatically
granted to any user that you add to the group. When you revoke a
role from a group, that role is automatically revoked from any user
that you remove from the group. Any token that authenticates that
user, project, and domain is revoked.
As with users, a group without any role grants is useless from the
perspective an OpenStack service and has no access to resources.
However, a group without role grants is permitted as a way of
acquiring or loading users and groups from external sources before
mapping them to projects and domains.
Show group details
==================
.. rest_method:: GET /v3/groups/{group_id}
Shows details for a group.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- group: group
- name: name
- links: links
- domain_id: domain_id
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/group-show-response.json
:language: javascript
Update group
============
.. rest_method:: PATCH /v3/groups/{group_id}
Updates a group.
If the back-end driver does not support this functionality, the
call returns the ``Not Implemented (501)`` response code.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- group: group
- description: description
- name: name
- domain_id: domain_id
- group_id: group_id
Request Example
---------------
.. literalinclude:: ../samples/admin/group-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- group: group
- name: name
- links: links
- domain_id: domain_id
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/group-update-response.json
:language: javascript
Delete group
============
.. rest_method:: DELETE /v3/groups/{group_id}
Deletes a group.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
Add user to group
=================
.. rest_method:: PUT /v3/groups/{group_id}/users/{user_id}
Adds a user to a group.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- group_id: group_id
Remove user from group
======================
.. rest_method:: DELETE /v3/groups/{group_id}/users/{user_id}
Removes a user from a group.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- group_id: group_id
Check whether user belongs to group
===================================
.. rest_method:: HEAD /v3/groups/{group_id}/users/{user_id}
Validates that a user belongs to a group.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- group_id: group_id
List users in group
===================
.. rest_method:: GET /v3/groups/{group_id}/users
Lists the users that belong to a group.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- group_id: group_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- links: links
- enabled: enabled
- domain_id: domain_id
- email: email
- id: id
- users: users
Response Example
----------------
.. literalinclude:: ../samples/admin/group-users-list-response.json
:language: javascript
Create group
============
.. rest_method:: POST /v3/groups
Creates a group.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- group: group
- description: description
- name: name
- domain_id: domain_id
Request Example
---------------
.. literalinclude:: ../samples/admin/group-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- group: group
- name: name
- links: links
- domain_id: domain_id
- id: id
- description: description
List groups
===========
.. rest_method:: GET /v3/groups
Lists groups.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- links: links
- domain_id: domain_id
- groups: groups
- id: id
- description: description
Response Example
----------------
.. literalinclude:: ../samples/admin/groups-list-response.json
:language: javascript

View File

@ -1,592 +0,0 @@
.. -*- rst -*-
=======================
OAuth OAuth (OS-OAUTH1)
=======================
Enables users to delegate roles to third-party consumers through
`The OAuth 1.0 Protocol <http://tools.ietf.org/html/rfc5849>`_.
A user is an Identity API user who delegates its roles and who
authorizes request tokens.
A consumer is a third-party application that uses OAuth to access a
protected resource.
Administrative users use an OAuth-derived token to act on behalf of
the authorizing user.
The consumer uses a request token to get authorization from the
user. The consumer provides an OAuth verifier string with the
request token in exchange for an access token.
The consumer uses an access token to request Identity API tokens on
behalf of the authorizing user instead of using the credentials for
the user.
Request and access tokens use token keys to identify themselves.
For OpenStack purposes, the token key is the token ID. The consumer
uses a token secret to establish ownership of a token. Both request
and access tokens have token secrets.
Delegated authentication through OAuth occurs as follows:
- A user creates a consumer.
- The consumer gets an unauthorized request token. Then, the
consumer uses the request token to initiate user authorization.
- The user authorizes the request token.
- The consumer exchanges the authorized request token and the OAuth
verifier for an access token.
The authorizing user receives the request token key from the
consumer out-of-band.
- The consumer uses the access token to request an Identity API
token.
Create consumer
===============
.. rest_method:: POST /v3/OS-OAUTH1/consumers
Enables a user to create a consumer.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Request Example
---------------
.. literalinclude:: ../samples/OS-OAUTH1/consumers-create-request.json
:language: javascript
List consumers
==============
.. rest_method:: GET /v3/OS-OAUTH1/consumers
Lists consumers.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/consumers-list-response.json
:language: javascript
Get authorized access token
===========================
.. rest_method:: GET /v3/OS-OAUTH1/users/{user_id}/access_tokens/{access_token_id}
Gets an authorized access token.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- access_token_id: access_token_id
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/access-token-show-response.json
:language: javascript
Revoke access token
===================
.. rest_method:: DELETE /v3/OS-OAUTH1/users/{user_id}/access_tokens/{access_token_id}
Enables a user to revoke an access token, which prevents the consumer from requesting new Identity Service API tokens. Also, revokes any Identity Service API tokens that were issued to the consumer through that access token.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- access_token_id: access_token_id
Create access token
===================
.. rest_method:: POST /v3/OS-OAUTH1/access_token
Enables a consumer to create an access token by exchanging a request token for an access token.
After the user authorizes the request token, the consumer exchanges
the authorized request token and OAuth verifier for an access
token.
Supported signature methods: HMAC-SHA1.
The consumer must provide all required OAuth parameters in the
request. See `Consumer Obtains a Request Token
<http://oauth.net/core/1.0a/#auth_step1>`_.
Supported signature methods: HMAC-SHA1.
You must provide all required OAuth parameters in the request. See
`Consumer Obtains a Request Token
<http://oauth.net/core/1.0a/#auth_step1>`_.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/access-token-create-response.txt
:language: javascript
Get an Identity Service token
=============================
.. rest_method:: POST /v3/auth/tokens
Enables a consumer to get an Identity Service authentication token.
The token represents the delegated authorization and identity
(impersonation) of the authorizing user. The roles and scope of the
generated token match those that the consumer initially requested.
Supported signature methods: HMAC-SHA1.
The consumer must provide required OAuth parameters in the request.
See `Consumer Obtains a Request Token
<http://oauth.net/core/1.0a/#auth_step1>`_.
The returned token is scoped to the requested project and with the
requested roles. In addition to the standard token response, the
token has an OAuth-specific object.
Example OAuth-specific object in a token:
.. code-block:: json
"OS-OAUTH1": {
"access_token_id": "cce0b8be7"
}
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude::
:language: javascript
List authorized access tokens
=============================
.. rest_method:: GET /v3/OS-OAUTH1/users/{user_id}/access_tokens
Lists authorized access tokens.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/access-tokens-list-response.json
:language: javascript
Show consumer details
=====================
.. rest_method:: GET /v3/OS-OAUTH1/consumers/{consumer_id}
Shows details for a consumer.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- consumer_id: consumer_id
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/consumer-show-response.json
:language: javascript
Delete consumer
===============
.. rest_method:: DELETE /v3/OS-OAUTH1/consumers/{consumer_id}
Deletes a consumer.
When you delete a consumer, any associated request tokens, access
tokens, and Identity API tokens are also deleted.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- consumer_id: consumer_id
Update consumer
===============
.. rest_method:: PATCH /v3/OS-OAUTH1/consumers/{consumer_id}
Updates the description for a consumer.
If you try to update any attribute other than description, the HTTP
400 Bad Request error is returned.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- consumer_id: consumer_id
Request Example
---------------
.. literalinclude:: ../samples/OS-OAUTH1/consumer-update-request.json
:language: javascript
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/consumer-update-response.json
:language: javascript
Show unauthorized request token
===============================
.. rest_method:: POST /v3/OS-OAUTH1/request_token
Enables a consumer to get an unauthorized request token.
Supported signature methods: HMAC-SHA1.
The consumer must provide all required OAuth parameters in the
request. See `Consumer Obtains a Request Token
<http://oauth.net/core/1.0a/#auth_step1>`_.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
Response Example
----------------
.. literalinclude:: ../samples/OS-OAUTH1/request-token-create-response.txt
:language: javascript
List roles for an access token
==============================
.. rest_method:: GET /v3/OS-OAUTH1/users/{user_id}/access_tokens/{access_token_id}/roles
Lists associated roles for an access token.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- access_token_id: access_token_id
Response Example
----------------
.. literalinclude::
:language: javascript
Show role details for an access token
=====================================
.. rest_method:: GET /v3/OS-OAUTH1/users/{user_id}/access_tokens/{access_token_id}/roles/{role_id}
Shows details for a role for an access token.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- role_id: role_id
- access_token_id: access_token_id
Response Example
----------------
.. literalinclude::
:language: javascript

File diff suppressed because it is too large Load Diff

View File

@ -1,276 +0,0 @@
.. -*- rst -*-
===================
Policies (policies)
===================
A policy is an arbitrarily serialized policy engine rule set to be
consumed by a remote service.
You encode policy rule sets into a blob that remote services can
consume. To do so, set ``type`` to ``application/json`` and specify
policy rules as JSON strings in a ``blob``. For example:
::
{
"blob":{
"foobar_user":[
"role:compute-user"
]
}
}
Create policy
=============
.. rest_method:: POST /v3/policies
Creates a policy.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- policy: policy
- user_id: user_id
- project_id: project_id
- type: type
- blob: blob
Request Example
---------------
.. literalinclude:: ../samples/admin/policy-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- links: links
- blob: blob
- policy: policy
- project_id: project_id
- type: type
- id: id
List policies
=============
.. rest_method:: GET /v3/policies
Lists policies.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- type: type
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- links: links
- blob: blob
- policies: policies
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/policies-list-response.json
:language: javascript
Show policy details
===================
.. rest_method:: GET /v3/policies/{policy_id}
Shows details for a policy.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- policy_id: policy_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- links: links
- blob: blob
- policy: policy
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/policy-show-response.json
:language: javascript
Update policy
=============
.. rest_method:: PATCH /v3/policies/{policy_id}
Updates a policy.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- policy: policy
- user_id: user_id
- project_id: project_id
- type: type
- blob: blob
- policy_id: policy_id
Request Example
---------------
.. literalinclude:: ../samples/admin/policy-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- user_id: user_id
- links: links
- blob: blob
- policy: policy
- project_id: project_id
- type: type
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/policy-update-response.json
:language: javascript
Delete policy
=============
.. rest_method:: DELETE /v3/policies/{policy_id}
Deletes a policy.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- policy_id: policy_id

View File

@ -1,396 +0,0 @@
.. -*- rst -*-
=========================================
Projects (projects, users, groups, roles)
=========================================
A project is the base unit of ownership. Resources are owned by a
specific project. A project is owned by a specific domain.
(Since v3.4) You can create a hierarchy of projects by setting a
parent ID when you create projects. All projects in a hierarchy
must be owned by the same domain.
(Since v3.6) Optionally, you can create a project that behaves both
as a project and a domain. As a domain, the project provides a name
space in which you can create users, groups, and other projects. If
you create a project that behaves as a domain, you cannot update
this project to behave like a regular project.
List projects
=============
.. rest_method:: GET /v3/projects
Lists projects.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- parent_id: parent_id
- name: name
- enabled: enabled
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- links: links
- enabled: enabled
- domain_id: domain_id
- parent_id: parent_id
- id: id
- projects: projects
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/projects-list-response.json
:language: javascript
Create project
==============
.. rest_method:: POST /v3/projects
Creates a project.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- enabled: enabled
- project: project
- parent_id: parent_id
- domain_id: domain_id
- name: name
Request Example
---------------
.. literalinclude:: ../samples/admin/project-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- links: links
- enabled: enabled
- domain_id: domain_id
- project: project
- parent_id: parent_id
- id: id
- name: name
Show project details
====================
.. rest_method:: GET /v3/projects/{project_id}
Shows details for a project.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- project_id: project_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- links: links
- enabled: enabled
- domain_id: domain_id
- project: project
- parent_id: parent_id
- id: id
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/project-show-response.json
:language: javascript
Update project
==============
.. rest_method:: PATCH /v3/projects/{project_id}
Updates a project.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- description: description
- enabled: enabled
- project: project
- parent_id: parent_id
- domain_id: domain_id
- name: name
- project_id: project_id
Request Example
---------------
.. literalinclude:: ../samples/admin/project-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- links: links
- enabled: enabled
- domain_id: domain_id
- project: project
- parent_id: parent_id
- id: id
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/project-update-response.json
:language: javascript
Delete project
==============
.. rest_method:: DELETE /v3/projects/{project_id}
Deletes a project.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- project_id: project_id
Enable or disable project and its subtree
=========================================
.. rest_method:: PATCH /v3/projects/{project_id}/cascade
(Since v3.6) Enables or disables a project and its entire subtree.
A project subtree includes all projects beneath the parent project
in the hierarchy.
If you include attributes other than the ``enabled`` attribute,
this call fails and returns the ``Bad Request (400)`` response
code.
If you perform this action against a project that acts as a domain
(``is_domain`` is set to ``true``, this call fails and returns the
``Forbidden (403)`` response code.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- project: project
- enabled: enabled
- project_id: project_id
Request Example
---------------
.. literalinclude:: ../samples/admin/project-enable-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- is_domain: is_domain
- description: description
- links: links
- enabled: enabled
- domain_id: domain_id
- project: project
- parent_id: parent_id
- id: id
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/project-update-response.json
:language: javascript
Delete project subtree
======================
.. rest_method:: DELETE /v3/projects/{project_id}/cascade
(Since v3.6) Deletes a project and its entire subtree.
A project subtree includes all projects beneath the parent project
in the hierarchy. You must disable the projects in the subtree
before you perform this operation.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- project_id: project_id

View File

@ -1,285 +0,0 @@
.. -*- rst -*-
==============================
Regions (regions) (since v3.2)
==============================
A region is a general division of an OpenStack deployment. You can
associate zero or more sub-regions with a region to create a tree-
like structured hierarchy.
Although a region does not have a geographical connotation, a
deployment can use a geographical name for a region, such as ``us-
east``.
You can list, create, update, show details for, and delete regions.
Show region details
===================
.. rest_method:: GET /v3/regions/{region_id}
Shows details for a region, by ID.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- region_id: region_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
- region: region
- description: description
- links: links
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/region-show-response.json
:language: javascript
Update region
=============
.. rest_method:: PATCH /v3/regions/{region_id}
Updates a region.
You can update the description or parent region ID for a region.
You cannot update the region ID.
The following error might occur:
- ``Not Found (404)``. The parent region ID does not exist.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
- region: region
- description: description
- region_id: region_id
Request Example
---------------
.. literalinclude:: ../samples/admin/region-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
- region: region
- description: description
- links: links
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/region-update-response.json
:language: javascript
Delete region
=============
.. rest_method:: DELETE /v3/regions/{region_id}
Deletes a region.
The following error might occur:
- ``Conflict (409)``. The region cannot be deleted because it has
child regions.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- region_id: region_id
List regions
============
.. rest_method:: GET /v3/regions
Lists regions.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- regions: regions
- parent_region_id: parent_region_id
- description: description
- links: links
- id: id
Response Example
----------------
.. literalinclude:: ../samples/admin/regions-list-response.json
:language: javascript
Create region
=============
.. rest_method:: POST /v3/regions
Creates a region.
When you create the region, you can optionally specify a region ID.
If you include characters in the region ID that are not allowed in
a URI, you must URL-encode the ID. If you omit an ID, the API
assigns an ID to the region.
The following errors might occur:
- ``Not Found (404)``. The parent region ID does not exist.
- ``Conflict (409)``. The parent region ID would form a circular
relationship.
- ``Conflict (409)``. The user-defined region ID is not unique to
the OpenStack deployment.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
- region: region
- description: description
- id: id
Request Example
---------------
.. literalinclude:: ../samples/admin/region-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- parent_region_id: parent_region_id
- region: region
- description: description
- links: links
- id: id

View File

@ -1,898 +0,0 @@
.. -*- rst -*-
=============
Roles (roles)
=============
Roles grant a user a set of permitted actions for either a specific
project or an entire domain.
You can grant roles to a user on a project, including projects
owned by other domains.
You can create, list, and delete roles. You can also list roles
assigned to a specified domain, project, or user.
You can list role assignments and, since v3.6, all role assignments
within a tree of projects. Use the query parameters to filter the
list because the role assignments list can be long. Some typical
examples are:
- List role assignments for the specified user:
:: GET /role_assignments?user.id={user_id}
- List role assignments for the specified project:
:: GET /role_assignments?scope.project.id={project_id}
- List all role assignments for a specified project and its sub-
projects:
:: GET /role_assignments?scope.project.id={project_id}?includ
e_subtree=true
If you specify ``include_subtree=true``, you must also specify
the ``scope.project.id``. Otherwise, this call returns the ``Bad
Request (400)`` response code.
Each role assignment entity in the collection contains a link to
the assignment that created the entity.
Use the ``effective`` query parameter to list effective assignments
at the user, project, and domain level. This parameter allows for
the effects of group membership. The group role assignment entities
themselves are not returned in the collection. This represents the
effective role assignments that would be included in a scoped
token.
In the response, the ``links`` entity section for entities for
group members also contains a URL that enables access to the
membership of the group.
You can use the other query parameters with the ``effective``
parameter, such as:
- Determine what a user can actually do:
:: GET /role_assignments?user.id={user_id} & effective
- Get the equivalent set of role assignments that are included in a
project-scoped token response:
:: GET /role_assignments?user.id={user_id} &
scope.project.id={project_id} & effective
Grant role to group on project
==============================
.. rest_method:: PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}
Grants a role to a group on a project.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- group_id: group_id
Check whether group has role on project
=======================================
.. rest_method:: HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}
Validates that a group has a role on a project.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- group_id: group_id
Revoke role from group on project
=================================
.. rest_method:: DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}
Revokes a role from a group on a project.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- group_id: group_id
Grant role to user on project
=============================
.. rest_method:: PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
Grants a role to a user on a project.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- user_id: user_id
Check whether user has role on project
======================================
.. rest_method:: HEAD /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
Validates that a user has a role on a project.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- user_id: user_id
Revoke role from user on project
================================
.. rest_method:: DELETE /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
Revokes a role from a user on a project.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
- project_id: project_id
- user_id: user_id
List roles for user on project
==============================
.. rest_method:: GET /v3/projects/{project_id}/users/{user_id}/roles
Lists roles for a user on a project.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- project_id: project_id
- user_id: user_id
Response Example
----------------
.. literalinclude:: ../samples/admin/project-user-roles-list-response.json
:language: javascript
List roles for group on project
===============================
.. rest_method:: GET /v3/projects/{project_id}/groups/{group_id}/roles
Lists roles for a group on a project.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- project_id: project_id
- group_id: group_id
Response Example
----------------
.. literalinclude:: ../samples/admin/project-group-roles-list-response.json
:language: javascript
Grant role to group on domain
=============================
.. rest_method:: PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}
Grants a role to a group on a domain.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- group_id: group_id
Check whether group has role on domain
======================================
.. rest_method:: HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}
Validates that a group has a role on a domain.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- group_id: group_id
Revoke role from group on domain
================================
.. rest_method:: DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}
Revokes a role from a group on a domain.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- group_id: group_id
List roles for user on domain
=============================
.. rest_method:: GET /v3/domains/{domain_id}/users/{user_id}/roles
Lists roles for a user on a domain.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- user_id: user_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- roles: roles
- id: id
- links: links
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-user-roles-list-response.json
:language: javascript
List roles
==========
.. rest_method:: GET /v3/roles
Lists roles.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- name: name
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- roles: roles
- id: id
- links: links
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/roles-list-response.json
:language: javascript
Create role
===========
.. rest_method:: POST /v3/roles
Creates a role.
Error response codes:201,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role: role
- name: name
Request Example
---------------
.. literalinclude:: ../samples/admin/role-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- role: role
- id: id
- links: links
- name: name
Grant role to user on domain
============================
.. rest_method:: PUT /v3/domains/{domain_id}/users/{user_id}/roles/{role_id}
Grants a role to a user on a domain.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- user_id: user_id
Check whether user has role on domain
=====================================
.. rest_method:: HEAD /v3/domains/{domain_id}/users/{user_id}/roles/{role_id}
Validates that a user has a role on a domain.
Error response codes:204,413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- user_id: user_id
Revoke role from user on domain
===============================
.. rest_method:: DELETE /v3/domains/{domain_id}/users/{user_id}/roles/{role_id}
Revokes a role from a user on a domain.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- role_id: role_id
- user_id: user_id
List role assignments
=====================
.. rest_method:: GET /v3/role_assignments
Lists role assignments.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- role_assignments: role_assignments
Response Example
----------------
.. literalinclude:: ../samples/admin/role-assignments-list-response.json
:language: javascript
Show role details
=================
.. rest_method:: GET /v3/roles/{role_id}
Shows details for a role.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- role: role
- id: id
- links: links
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/role-show-response.json
:language: javascript
Update role
===========
.. rest_method:: PATCH /v3/roles/{role_id}
Updates a role.
Normal response codes: 200
Error response codes:413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role: role
- name: name
- role_id: role_id
Request Example
---------------
.. literalinclude:: ../samples/admin/role-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- role: role
- id: id
- links: links
- name: name
Response Example
----------------
.. literalinclude:: ../samples/admin/role-update-response.json
:language: javascript
Delete role
===========
.. rest_method:: DELETE /v3/roles/{role_id}
Deletes a role.
Error response codes:204,413,415,405,404,403,401,400,503,409,
Request
-------
.. rest_parameters:: parameters.yaml
- role_id: role_id
List roles for group on domain
==============================
.. rest_method:: GET /v3/domains/{domain_id}/groups/{group_id}/roles
Lists roles for a group on a domain.
Normal response codes: 200
Error response codes:413,405,404,403,401,400,503,
Request
-------
.. rest_parameters:: parameters.yaml
- domain_id: domain_id
- group_id: group_id
Response Example
----------------
.. literalinclude:: ../samples/admin/domain-group-roles-list-response.json
:language: javascript

View File

@ -1,29 +0,0 @@
{
"endpoints": [
{
"id": "1",
"interface": "public",
"links": {
"self": "http://identity:35357/v3/endpoints/1"
},
"region": "north",
"service_id": "9242e05f0c23467bbd1cf1f7a6e5e596",
"url": "http://identity:35357/"
},
{
"id": "1",
"interface": "internal",
"links": {
"self": "http://identity:35357/v3/endpoints/1"
},
"region": "south",
"service_id": "9242e05f0c23467bbd1cf1f7a6e5e596",
"url": "http://identity:35357/"
}
],
"links": {
"next": null,
"previous": null,
"self": "http://identity:35357/v3/OS-ENDPOINT-POLICY/policies/13c92821e4c4476a878d3aae7444f52f/endpoints"
}
}

View File

@ -1,14 +0,0 @@
{
"policy": {
"blob": {
"foobar_user": [
"role:compute-user"
]
},
"id": "13c92821e4c4476a878d3aae7444f52f",
"links": {
"self": "http://identity:35357/v3/policies/13c92821e4c4476a878d3aae7444f52f"
},
"type": "application/json"
}
}

View File

@ -1,23 +0,0 @@
{
"roles": [
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
},
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
}
],
"links": {
"self": "http://identity:35357/v3/OS-INHERIT/domains/1234/groups/5678/roles/inherited_to_projects",
"previous": null,
"next": null
}
}

View File

@ -1,23 +0,0 @@
{
"roles": [
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
},
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
}
],
"links": {
"self": "http://identity:35357/v3/OS-INHERIT/projects/1234/groups/5678/roles/inherited_to_projects",
"previous": null,
"next": null
}
}

View File

@ -1,42 +0,0 @@
{
"role_assignments": [
{
"links": {
"assignment": "http://identity:35357/v3/OS-INHERIT/domains/12131/users/41516/roles/91011/inherited_to_projects"
},
"role": {
"id": "91011"
},
"scope": {
"project": {
"id": "1234"
}
},
"user": {
"id": "41516"
}
},
{
"links": {
"assignment": "http://identity:35357/v3/projects/1234/groups/5678/roles/91011",
"membership": "http://identity:35357/v3/groups/5678/users/41516"
},
"role": {
"id": "91011"
},
"scope": {
"project": {
"id": "1234"
}
},
"user": {
"id": "41516"
}
}
],
"links": {
"self": "http://identity:35357/v3/role_assignments?effective",
"previous": null,
"next": null
}
}

View File

@ -1,42 +0,0 @@
{
"role_assignments": [
{
"links": {
"assignment": "http://identity:35357/v3/OS-INHERIT/domains/1234/users/5678/roles/91011/inherited_to_projects"
},
"role": {
"id": "91011"
},
"scope": {
"domain": {
"id": "1234"
},
"OS-INHERIT:inherited_to": "projects"
},
"user": {
"id": "5678"
}
},
{
"group": {
"id": "5678"
},
"links": {
"assignment": "http://identity:35357/v3/projects/1234/groups/5678/roles/91011"
},
"role": {
"id": "91011"
},
"scope": {
"project": {
"id": "1234"
}
}
}
],
"links": {
"self": "http://identity:35357/v3/role_assignments",
"previous": null,
"next": null
}
}

View File

@ -1,23 +0,0 @@
{
"roles": [
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
},
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
}
],
"links": {
"self": "http://identity:35357/v3/OS-INHERIT/domains/1234/users/5678/roles/inherited_to_projects",
"previous": null,
"next": null
}
}

View File

@ -1,23 +0,0 @@
{
"roles": [
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
},
{
"id": "91011",
"links": {
"self": "http://identity:35357/v3/roles/91011"
},
"name": "admin"
}
],
"links": {
"self": "http://identity:35357/v3/OS-INHERIT/projects/1234/users/5678/roles/inherited_to_projects",
"previous": null,
"next": null
}
}

View File

@ -1,3 +0,0 @@
{
"key": "TXkgcHJlY2lvdXNzcy4u..."
}

View File

@ -1,3 +0,0 @@
{
"name": "--group-name--"
}

Some files were not shown because too many files have changed in this diff Show More