118 Commits

Author SHA1 Message Date
Zuul
bca46a6f45 Merge "Reorganize api-ref: v3-ext revoke.inc" 2018-01-21 04:44:27 +00:00
Zuul
53ffe6388d Merge "Reorganize api-ref: v3-ext simple-cert.inc" 2018-01-21 01:24:16 +00:00
Zuul
c2d316b631 Merge "Reorganize api-ref: v3-ext ep-filter.inc" 2018-01-21 01:24:13 +00:00
Zuul
fcf54e9f68 Merge "Reorganize api-ref: v3-ext federation projects-domains.inc" 2018-01-21 01:24:11 +00:00
Suramya Shah
f063cb0b44 Reorganize api-ref: v3-ext revoke.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: I60377b12999f0a9270722d1b01c40759067b96a8
2018-01-20 08:48:43 +05:30
Suramya Shah
7d4c366c91 Reorganize api-ref: v3-ext ep-filter.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: Iaa732e613178243c76f0570c4832d91f0538a6da
2018-01-20 08:40:01 +05:30
Suramya Shah
7430f1179c Reorganize api-ref: v3-ext simple-cert.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: I86849a4e7efbe9117c24636699987a6b475d777b
2018-01-20 08:21:43 +05:30
Suramya Shah
51d725c896 Reorganize api-ref: v3-ext federation projects-domains.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: Id12aa4cda271b38dfe0233817c7dad3eea42ec2e
2018-01-20 08:14:12 +05:30
Zuul
4a43c5d7cf Merge "Reorganize api-ref: v3-ext federation assertion.inc" 2018-01-16 17:51:10 +00:00
Zuul
ee8be3c052 Merge "Reorganize api-ref: v3-ext federation projects-domains" 2018-01-16 17:09:24 +00:00
Zuul
9947b97d4e Merge "Reorganize api-ref: v3-ext endpoint-policy.inc" 2018-01-16 16:52:58 +00:00
Suramya Shah
57b89186be Reorganize api-ref: v3-ext endpoint-policy.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: I96a79d76e6569b3d2077e3e79e7677c4db206128
2018-01-14 20:52:39 +05:30
wangqiangbj
07bc97f82c fix wrong url link of User trusts
Change-Id: I56e330ac7f0ac2602a516886a9adcf0b9aa7d9e3
2018-01-12 09:51:57 +08:00
Suramya Shah
3992a97219 Reorganize api-ref: v3-ext federation assertion.inc
Reorganize as per the documentation session at PTG:
https://etherpad.openstack.org/p/queens-ptg-keystone-doc-cleanup

Change-Id: I93e90e42bd1d384353c258d71a651b82f151bcc8
2018-01-11 20:44:01 +05:30
zlyqqq
b05d9976ba Reorganize api-ref: v3-ext federation projects-domains
Change-Id: Ie8e520dbc845f6e77195a59848a43483e8c855f1
2017-12-29 15:14:54 +00:00
Zuul
bf5ef260ea Merge "Add explain of mapping group attribute" 2017-11-29 13:38:35 +00:00
Zuul
32eaa5fb3b Merge "Reorganize api-ref: v3-ext federation auth" 2017-11-24 21:50:03 +00:00
zlyqqq
d0adf7d1d3 Reorganize api-ref: v3-ext federation auth
Change-Id: I1b904be87377669e5e725d093c0a329c34b8e4ea
2017-10-12 01:42:48 +08:00
zlyqqq
682dc0566c Add explain of mapping group attribute
As we use federation protocol, assign authorization to ephemeral
users by mapping to groups. Setting this mapping does not add the
ephemeral user to the group and the user is not a member of the group.
Only authorization for the user is same as role assignments to the
group on a project or domain.

This patch add explain about the group mapping

Change-Id: I9faa7d57037af3c2cf6ccfda8d853693fa5eb628
2017-10-09 06:04:48 +00:00
zlyqqq
7fda51dc15 Confusing notes of ephemeral user's domain
If a federated user is ephemeral, the user will become a member of
identity provider's domain. The identity provider and service
provider are different entities, this patch correct the note and
make it more distinct.

Change-Id: I71a8b339e2e8f176761a36a4effe09afcf5388a6
2017-09-05 23:30:35 +08:00
Jenkins
785c114e7a Merge "Add description for relationship links in api-ref" 2017-08-10 10:49:31 +00:00
Gage Hugo
6c8ea57210 Add description for relationship links in api-ref
This adds a section within the index file that describes what a
relationship link is and what it is used for in terms of each
operation within keystone. There will be a relationships section
in both v3 and v3-ext.

This should help clarify any confusion that may arise when a user is
viewing the api-ref about what the relationship links are.

Change-Id: I9c6b7959ed6ea682c565c515af0cf509b6a64e5d
Closes-Bug: #1674676
2017-08-09 20:59:55 +00:00
Colleen Murphy
d10908caa9 Document required type mapping attribute
In order for a federated user to be mapped to a local user that exists
in the identity backend, the user object in the local mapping rule must
have the property "type": "local" set, in addition to having a keystone
domain provided. This was probably not the original intention of the
local user mapping spec[1], but this is how it ended up being
implemented. We could choose to change the behavior of the code, but
it has been around long enough that it is possible that deployments are
depending on this behavior, and moreover making rules explicit rather
than implicit reduces the risk of bugs and mistakes.

This patch updates the api-ref documentation and the standard federation
documentation to include the "type" property when mapping to local
users. In addition, since we now have two keywords called "local" that
mean somewhat different things, we expand the context of some of the
mapping examples so that both the rule name "local" and the value
"local" of the attribute "type" appear in the example, for clarity.

Change-Id: Ib35e57e33903de14f9cac1f919c32dfe923ef884
Closes-bug: #1673157
2017-08-07 18:02:56 +02:00
Jenkins
a7648fd65f Merge "Make federation documentation consistent" 2017-08-04 00:03:22 +00:00
Tin Lam
2c3be8a514 Fix the documentation sample for OS-EP-FILTER
The OS-EP-FILTER api-ref request sample is malformed; it is missing a comma
for it to be proper json.  This patchset fixes the issue.

trivial fix

Change-Id: Ia26fc67affde11335a825dcff7063716f09d071b
2017-07-26 22:15:17 -05:00
Samriddhi Jain
dac0e0572e Reorganised api-ref index page
Currently in the keystone API documentation page located at,
https://developer.openstack.org/api-ref/identity/index.html
all the sections and sub-sections appear at the same depth.
This makes the ordering very untidy and confusing.

This patch reorganises the appearance of sections and
sub-sections at the index page.

Change-Id: I55ae0102236805591e653c153618dec2af510c63
2017-07-13 19:40:07 +05:30
Lance Bragstad
db8d02f2b3 Make federation documentation consistent
I was going through some of the federation documentation and noticed
a couple areas we could improve. This commit does the following:

  - Removes error codes that are vague
  - Fixes entity casing (Identity Provider -> identity provider)
  - Makes wording consistent across entity operations

Change-Id: I7c7ba16bdd33872915809612308c8c3d5578f6ba
2017-06-26 15:15:01 +00:00
Jenkins
717b0243d9 Merge "Correct oauth create_request_token documentation" 2017-04-28 21:32:51 +00:00
Hemanth Nakkina
3ad5228629 Add response examples to OS-OAUTH1 api documentation
Add response examples to API documentation for following API
/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles
/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}

Change-Id: I380348d149fd917d636ef4e0e6589fffdedee2ab
Closes-Bug: #1686015
2017-04-25 16:05:41 +05:30
Felipe Monteiro
c8ffdf0bf6 Correct oauth create_request_token documentation
Currently, the oauth documentation for the `create_request_token`
endpoint is incorrect. The parameter "requested_project_id" [0]
is actually spelled "Request-Project-Id" and is located in the
header, not the body, of the request object [1].

[0] https://developer.openstack.org/api-ref/identity/v3-ext/?expanded=create-request-token-detail
[1] https://github.com/openstack/keystone/blob/master/keystone/oauth1/controllers.py#L220

Change-Id: Ib249efffc1e7a14635ab5d767cb70caa8b8baf0f
Closes-Bug: #1685634
2017-04-23 16:41:46 +01:00
Hemanth Nakkina
502f783bd3 Minor corrections in OS-OAUTH1 api documentation
Change response codes to 201 for the following API
https://developer.openstack.org/api-ref/identity/v3-ext/#create-request-token
https://developer.openstack.org/api-ref/identity/v3-ext/#create-access-token

Change request type to PUT for the following API
https://developer.openstack.org/api-ref/identity/v3-ext/#authorize-request-token

Change-Id: If9a4d66e6acb9379cef4335167f63631c034831a
Closes-Bug: #1684028
2017-04-19 12:51:34 +05:30
Andreas Jaeger
6d2a7171ad Fix api-ref building with sphinx 1.5
Sphinx 1.5 complains about "Could not lex literal_block as "json".
Highlighting skipped." - and fails to build.

Change the problematic code to use javascript for highlighting - it's
only a json snippet, not a full json file.

Change-Id: I65558119dcc166bd25f12568b480498cac80c653
2017-03-05 08:21:29 +01:00
Samuel Pilla
4f4f8a7394 Remove unused api parameters
This patch removes any unused parameters in the v2 and v3 api's.
In order to find which parameters were unused, I wrote a script
that found all the parameters used in the `parameters.yaml` files,
then is searched the same api directory (ex: v3/, v3-ext/, etc.)
for any reference to these parameters. Anything unreferenced was
flagged and then removed.

Script: http://cdn.pasteraw.com/8cdh0e76aqhtliuh874veautr7as8k7

Change-Id: I1558ac94e1041f9fbb1d6713b394c4f97f997ada
2017-02-07 09:45:02 -06:00
Samuel Pilla
c90db0375e Renaming of api parameters
Some parameters of similar name would follow the convention
such as `region_id` and `region_id_1` which gave no good
information as to the differences.

This patch changes these names to help give such information.

Change-Id: I2dec61ed06042990ff54e86c02dc3fca9d566366
2017-02-03 15:23:40 -06:00
Eric Brown
30d9095d28 Use https for docs.openstack.org references
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
2017-01-30 16:05:08 -08:00
Lance Bragstad
d4129c239c [api-ref] Clean up OS-EP-FILTER association docs
This change builds on the previous one by cleaning up all the wording
around associations and makes them consistent regardless of the
associations being direct or via endpoint groups.

Change-Id: I9582c5e8dbb83c37abcb432835dd7b609bd7841c
Closes-Bug: 1654613
2017-01-09 15:07:21 +00:00
Jenkins
74a6416136 Merge "[api-ref] Clean up OS-EP-FILTER documentation" 2017-01-08 08:07:07 +00:00
Lance Bragstad
6e71105ddc [api-ref] Clean up OS-EP-FILTER documentation
The OS-EP-FILTER documentation needed some work. The wording around
several of the examples didn't make a whole lot of sense. And some of
the requests were copy/pastes from other examples.

This change attempts to clarify the need for endpoint groups and how
they can be useful. This patch also moves the endpoint group CRUD
documentation to the beginning of the section, which leaves the rest
of the section to explain how to associate projects to endpoints
directly or use endpoint groups. Previously, the endpoint group CRUD
was in the middle of the section and made the flow the document jump
around a bit.

Change-Id: I1f6cbecc5c3a4c8e86a73a3cfed4b9a09e43b31f
Partial-Bug: 1654613
2017-01-08 04:55:29 +00:00
Jenkins
15f7013213 Merge "Fix region_id responses and requests to be consistent" 2017-01-07 00:48:18 +00:00
Jenkins
06238796c2 Merge "Update docs to require domain_id when registering Identity Providers" 2017-01-07 00:16:11 +00:00
Ronald De Rose
74af136478 Update docs to require domain_id when registering Identity Providers
An Identity Provider (IdP) should be mapped to a domain. This patch
updates the documentation and creates a release note recommending the
domain_id parameter.

Depends-On: Id18b8b2fe853b97631bc990df8188ed64a6e1275
Partial-Bug: #1642687
Change-Id: I1cb749371175169662dbb5fa8feafe403fb1c39b
2017-01-06 19:09:36 +00:00
Lance Bragstad
62ae2e4db2 Fix region_id responses and requests to be consistent
Change-Id: I6f6ad1b004f3e8c58dd941756039609f0a8bb7cf
2017-01-06 16:53:32 +00:00
Lance Bragstad
3838cff27c Remove endpoint_id parameter from EP-FILTER docs
The ability to list endpoint associations for projects only requires
the project ID as a parameter. The documentation was advertising that
the endpoint ID was also required, which seems like a rogue
copy/paste.

Change-Id: I2101ebaab0bdcbc9347e854dbe7f522c1c6320e8
2017-01-06 16:45:37 +00:00
Steve Martinelli
131c8c1f0c [api] fix ep filter example
The sample request and simplified representation was incorrect.
Change the sample to match the result, the sample was used in
other spots but did not affect the other APIs.

Also fixed the sentence describing valid filters that can be
used; only `region_id` is supported, not `region` [1].

[1] e49a95ff6e/keystone/catalog/controllers.py (L484)

Change-Id: Id460b85d37acc0cba9246ace6a338a315080b10b
2017-01-06 11:41:26 -05:00
Colleen Murphy
22233747d2 Document token header in federation auth response
When reading the OS-FEDERATION API documentation, it is not clear how
to find the ID of the token when requesting either an unscoped or
scoped token. Token requests for the OS-FEDERATION API work the same
way as for the standard API, which is that the token ID is returned in
the X-Subject-Token header, so let's just mention that in the
OS-FEDERATION API documentation.

Change-Id: I6e9743d9001684f0d05ace119509f643c8b8e363
2016-11-28 09:06:25 -03:00
Samuel Pilla
2e70ecd8ce Document OS-SIMPLE-CERT Routes
Document certificates and OS-SIMPLE-CERT routes.

Change-Id: I528c3eb27a5226a4da17a3c3aa2ca3ccc65a5a39
Closes-Bug: #1626779
2016-11-01 08:26:00 -04:00
Ronald De Rose
de8fbcf9a0 Validate mapping exists when creating/updating a protocol
This patch validates that a mapping exists when adding or updating
a federation protocol.

Change-Id: I996f94d26eb0f2c679542ba13a03bbaa4442486a
Closes-Bug: #1571878
2016-10-20 19:12:04 +00:00
Nguyen Phuong An
5c9fa41834 [api-ref] Correcting parameter's type
This patch corrects some parameter's type such as 'type: list'
to 'type: array' or 'type: array of...' to 'type: array' because we
don't have 'type: list' in 'JSON Schema primitive types' [1]

[1] http://json-schema.org/latest/json-schema-core.html#anchor8

Change-Id: Ic638ef48fcf0f60c55cec975ee20a71d1830b319
2016-09-06 04:17:38 +00:00
Jenkins
618a2f5fb4 Merge "api-ref: Splitting status lines in API v3-ext." 2016-08-29 15:40:56 +00:00
Jenkins
94fcbd5886 Merge "[api] add relationship links to v3-ext" 2016-08-29 03:52:03 +00:00