2016-05-23 18:07:59 -03:00
|
|
|
.. -*- rst -*-
|
|
|
|
|
|
2016-07-04 14:35:49 -07:00
|
|
|
==========
|
|
|
|
|
Policies
|
|
|
|
|
==========
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-09-13 17:16:55 -04:00
|
|
|
.. warning::
|
|
|
|
|
|
|
|
|
|
The ``policies`` API is deprecated. Keystone is not a policy management
|
|
|
|
|
service. Do not use this.
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
A policy is an arbitrarily serialized policy engine rule set to be
|
|
|
|
|
consumed by a remote service.
|
|
|
|
|
|
|
|
|
|
You encode policy rule sets into a blob that remote services can
|
|
|
|
|
consume. To do so, set ``type`` to ``application/json`` and specify
|
|
|
|
|
policy rules as JSON strings in a ``blob``. For example:
|
|
|
|
|
|
|
|
|
|
::
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"blob":{
|
|
|
|
|
"foobar_user":[
|
|
|
|
|
"role:compute-user"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Create policy
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
.. rest_method:: POST /v3/policies
|
|
|
|
|
|
|
|
|
|
Creates a policy.
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/policies``
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
Request
|
|
|
|
|
-------
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
|
|
|
|
- policy: policy
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- blob: policy_blob_str
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Example
|
|
|
|
|
~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. literalinclude:: ./samples/admin/policy-create-request.json
|
|
|
|
|
:language: javascript
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Response
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- links: policy_links
|
|
|
|
|
- blob: policy_blob_str
|
2016-05-23 18:07:59 -03:00
|
|
|
- policy: policy
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- id: policy_id
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Status Codes
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
|
|
|
|
|
|
- 201
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
|
|
2018-01-12 16:46:30 +08:00
|
|
|
- 400
|
|
|
|
|
- 401
|
|
|
|
|
- 403
|
|
|
|
|
- 404
|
|
|
|
|
- 405
|
|
|
|
|
- 409
|
2017-12-29 18:28:45 +05:30
|
|
|
- 413
|
|
|
|
|
- 415
|
|
|
|
|
- 503
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
List policies
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
.. rest_method:: GET /v3/policies
|
|
|
|
|
|
|
|
|
|
Lists policies.
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/policies``
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
Request
|
|
|
|
|
-------
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type_query
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Response
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- links: policy_links
|
|
|
|
|
- blob: policy_blob_obj
|
2016-05-23 18:07:59 -03:00
|
|
|
- policies: policies
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- id: policy_id
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Status Codes
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
|
|
|
|
|
|
- 200
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
|
|
|
|
|
|
- 400
|
2018-01-12 16:46:30 +08:00
|
|
|
- 401
|
|
|
|
|
- 403
|
|
|
|
|
- 404
|
|
|
|
|
- 405
|
|
|
|
|
- 413
|
2017-12-29 18:28:45 +05:30
|
|
|
- 503
|
|
|
|
|
|
|
|
|
|
Example
|
|
|
|
|
~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. literalinclude:: ./samples/admin/policies-list-response.json
|
|
|
|
|
:language: javascript
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Show policy details
|
|
|
|
|
===================
|
|
|
|
|
|
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}
|
|
|
|
|
|
|
|
|
|
Shows details for a policy.
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/policy``
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
Request
|
|
|
|
|
-------
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- policy_id: policy_id_path
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Response
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- links: policy_links
|
|
|
|
|
- blob: policy_blob_obj
|
2016-05-23 18:07:59 -03:00
|
|
|
- policy: policy
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- id: policy_id
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Status Codes
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
|
|
|
|
|
|
- 200
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
|
|
|
|
|
|
- 400
|
2018-01-12 16:46:30 +08:00
|
|
|
- 401
|
|
|
|
|
- 403
|
|
|
|
|
- 404
|
|
|
|
|
- 405
|
|
|
|
|
- 413
|
2017-12-29 18:28:45 +05:30
|
|
|
- 503
|
|
|
|
|
|
|
|
|
|
Example
|
|
|
|
|
~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. literalinclude:: ./samples/admin/policy-show-response.json
|
|
|
|
|
:language: javascript
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Update policy
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
.. rest_method:: PATCH /v3/policies/{policy_id}
|
|
|
|
|
|
|
|
|
|
Updates a policy.
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/policy``
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
Request
|
|
|
|
|
-------
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- policy_id: policy_id_path
|
2016-05-23 18:07:59 -03:00
|
|
|
- policy: policy
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- blob: policy_blob_obj
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Example
|
|
|
|
|
~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. literalinclude:: ./samples/admin/policy-update-request.json
|
|
|
|
|
:language: javascript
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Response
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- links: policy_links
|
|
|
|
|
- blob: policy_blob_obj
|
2016-05-23 18:07:59 -03:00
|
|
|
- policy: policy
|
2016-08-05 17:24:26 +07:00
|
|
|
- type: policy_type
|
|
|
|
|
- id: policy_id
|
2016-05-23 18:07:59 -03:00
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Status Codes
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
|
|
|
|
|
|
- 200
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
|
|
2018-01-12 16:46:30 +08:00
|
|
|
- 400
|
|
|
|
|
- 401
|
|
|
|
|
- 403
|
|
|
|
|
- 404
|
|
|
|
|
- 405
|
|
|
|
|
- 409
|
2017-12-29 18:28:45 +05:30
|
|
|
- 413
|
|
|
|
|
- 415
|
|
|
|
|
- 503
|
|
|
|
|
|
|
|
|
|
Example
|
|
|
|
|
~~~~~~~
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
.. literalinclude:: ./samples/admin/policy-update-response.json
|
|
|
|
|
:language: javascript
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Delete policy
|
|
|
|
|
=============
|
|
|
|
|
|
|
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}
|
|
|
|
|
|
|
|
|
|
Deletes a policy.
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/policy``
|
2016-05-23 18:07:59 -03:00
|
|
|
|
|
|
|
|
Request
|
|
|
|
|
-------
|
|
|
|
|
|
2017-12-29 18:28:45 +05:30
|
|
|
Parameters
|
|
|
|
|
~~~~~~~~~~
|
|
|
|
|
|
2016-05-23 18:07:59 -03:00
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
|
|
2016-08-05 17:24:26 +07:00
|
|
|
- policy_id: policy_id_path
|
2017-12-29 18:28:45 +05:30
|
|
|
|
|
|
|
|
Response
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
Status Codes
|
|
|
|
|
~~~~~~~~~~~~
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
|
|
|
|
|
|
- 204
|
|
|
|
|
|
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
|
|
2018-01-12 16:46:30 +08:00
|
|
|
- 400
|
|
|
|
|
- 401
|
|
|
|
|
- 403
|
|
|
|
|
- 404
|
|
|
|
|
- 405
|
|
|
|
|
- 409
|
2017-12-29 18:28:45 +05:30
|
|
|
- 413
|
|
|
|
|
- 415
|
2018-01-12 16:46:30 +08:00
|
|
|
- 503
|
