openstack/keystone
Code Issues Proposed changes

Re-organize api-ref: v3 inherit.inc

Browse Source 
Re-organize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-docs-cleanup

Change-Id: Ic689e78b88d91f00835361a7061bf3198c567cef
This commit is contained in:
Suramya Shah 2017-12-10 16:41:50 +05:30
parent 41cd37b494
commit 3c7a0f32e1
2 changed files with 240 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api-ref/source/v3/index.rst
View File

@ -189,7 +189,7 @@ This page lists the Identity API operations in the following order:
* `Roles`_
* `Service catalog and endpoints`_
* `Users`_
* `OS-INHERIT API`_
* `OS-INHERIT`_
* `OS-PKI API`_
.. rest_expand_all::

315
api-ref/source/v3/inherit.inc
View File

@ -1,7 +1,7 @@
.. -*- rst -*-
================
OS-INHERIT API
OS-INHERIT
================
Enables projects to inherit role assignments from either their
@ -17,72 +17,103 @@ Assign role to user on projects owned by domain
.. rest_method:: PUT /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects``
Assigns a role to a user in projects owned by a domain.
The inherited role is only applied to the owned projects (both existing and
future projects), and will not appear as a role in a domain scoped token.
Normal response codes: 204
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Assign role to group on projects owned by a domain
==================================================
.. rest_method:: PUT /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects``
The inherited role is only applied to the owned projects (both existing and
future projects), and will not appear as a role in a domain scoped token.
Normal response codes: 204
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- group_id: role_id_path
- role_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
List user's inherited project roles on a domain
===============================================
.. rest_method:: GET /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_roles_inherited_to_projects``
The list only contains those role assignments to the domain that were specified
as being inherited to projects within that domain.
Normal response codes: 200
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_roles_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- user_id: user_id_path
Response Example
----------------
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 200
Example
~~~~~~~
.. literalinclude:: samples/admin/user-roles-domain-list-response.json
:language: javascript
@ -93,24 +124,35 @@ List group's inherited project roles on domain
.. rest_method:: GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_roles_inherited_to_projects``
The list only contains those role assignments to the domain that were specified
as being inherited to projects within that domain.
Normal response codes: 200
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_roles_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- group_id: group_id_path
Response Example
----------------
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 200
Example
-------
.. literalinclude:: samples/admin/group-roles-domain-list-response.json
:language: javascript
@ -121,97 +163,133 @@ Check if user has an inherited project role on domain
.. rest_method:: HEAD /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Checks whether a user has an inherited project role in a domain.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects``
Checks whether a user has an inherited project role in a domain.
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Check if group has an inherited project role on domain
======================================================
.. rest_method:: HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Checks whether a group has an inherited project role in a domain.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects``
Checks whether a group has an inherited project role in a domain.
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- group_id: group_id_path
- role_id: role_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Revoke an inherited project role from user on domain
====================================================
.. rest_method:: DELETE /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited project role from a user in a domain.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects``
Revokes an inherited project role from a user in a domain.
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Revoke an inherited project role from group on domain
=====================================================
.. rest_method:: DELETE /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Revokes an inherited project role from a group in a domain.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects``
Revokes an inherited project role from a group in a domain.
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- domain_id: domain_id_path
- group_id: group_id_path
- role_id: role_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Assign role to user on projects in a subtree
============================================
.. rest_method:: PUT /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects``
The inherited role assignment is anchored to a project and applied to its
subtree in the projects hierarchy (both existing and future projects).
@ -221,26 +299,36 @@ subtree in the projects hierarchy (both existing and future projects).
inherited role assignment on the same project.
* Note: The request doesn't require a body, which will be ignored if provided.
Normal response codes: 204
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- project_id: project_id
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Assign role to group on projects in a subtree
=============================================
.. rest_method:: PUT /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects``
The inherited role assignment is anchored to a project and applied to its
subtree in the projects hierarchy (both existing and future projects).
@ -250,61 +338,94 @@ subtree in the projects hierarchy (both existing and future projects).
an inherited role assignment on the same project.
* Note: The request doesn't require a body, which will be ignored if provided.
Normal response codes: 204
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects``
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- group_id: group_id_path
- project_id: project_id_path
- role_id: role_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Check if user has an inherited project role on project
======================================================
.. rest_method:: HEAD /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects
Checks whether a user has a role assignment with the ``inherited_to_projects`` flag in a project.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects``
Checks whether a user has a role assignment with the ``inherited_to_projects`` flag in a project.
Normal response codes: 200
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- project_id: project_id_path
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Check if group has an inherited project role on project
=======================================================
.. rest_method:: HEAD /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects
Checks whether a group has a role assignment with the ``inherited_to_projects`` flag in a project.
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects``
Checks whether a group has a role assignment with the ``inherited_to_projects`` flag in a project.
Normal response codes: 200
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- group_id: group_id_path
- project_id: project_id_path
- role_id: role_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Revoke an inherited project role from user on project
=====================================================
@ -314,17 +435,27 @@ Revoke an inherited project role from user on project
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects``
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- project_id: project_id_path
- role_id: role_id_path
- user_id: user_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
Revoke an inherited project role from group on project
======================================================
@ -334,40 +465,33 @@ Revoke an inherited project role from group on project
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects``
Normal response codes: 204
Request
-------
Parameters
~~~~~~~~~~
.. rest_parameters:: parameters.yaml
- group_id: group_id_path
- project_id: project_id_path
- role_id: role_id_path
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 204
List role assignments
=====================
.. rest_method:: GET /v3/role_assignments
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/rel/role_assignments``
Optional query parameters:
.. rest_parameters:: parameters.yaml
- effective: effective_query
- include_names: include_names_query
- include_subtree: include_subtree_query
- group.id: group_id_query
- role.id: role_id_query
- scope.domain.id: scope_domain_id_query
- scope.OS-INHERIT:inherited_to: scope_os_inherit_inherited_to
- scope.project.id: scope_project_id_query
- user.id: user_id_query
Get a list of role assignments.
If no query parameters are specified, then this API will return a list of all
@ -451,6 +575,45 @@ would return:
.. literalinclude:: samples/admin/role-assignments-effective-list-include-names-response.json
:language: javascript
Normal response codes: 200
Relationship:
``https://docs.openstack.org/api/openstack-identity/3/rel/role_assignments``
Error response codes: 400, 401, 403, 404, 405, 413, 503
Request
-------
Parameters
~~~~~~~~~~
Optional query parameters:
.. rest_parameters:: parameters.yaml
- effective: effective_query
- include_names: include_names_query
- include_subtree: include_subtree_query
- group.id: group_id_query
- role.id: role_id_query
- scope.domain.id: scope_domain_id_query
- scope.OS-INHERIT:inherited_to: scope_os_inherit_inherited_to
- scope.project.id: scope_project_id_query
- user.id: user_id_query
Response
--------
Status Codes
~~~~~~~~~~~~
.. rest_status_code:: success status.yaml
- 200
.. rest_status_code:: error status.yaml
- 400
- 401
- 403
- 404
- 405
- 413
- 503