298 Commits

Author SHA1 Message Date
Anthony Washington
d83b502620 API-ref return code fix
Currently the api ref states the return code for
GET /v3/auth/catalog returns 204 no content. However
after testing the return code is 200 ok. This commit
updates api-ref to correct return code.

Change-Id: I5f1049b565b1e11fb6e748b43ae9dfe1e16250a6
Closes-Bug: 1670380
2017-03-06 16:52:03 +00:00
Andreas Jaeger
6d2a7171ad Fix api-ref building with sphinx 1.5
Sphinx 1.5 complains about "Could not lex literal_block as "json".
Highlighting skipped." - and fails to build.

Change the problematic code to use javascript for highlighting - it's
only a json snippet, not a full json file.

Change-Id: I65558119dcc166bd25f12568b480498cac80c653
2017-03-05 08:21:29 +01:00
Kristi Nikolla
df139efda5 Remove x-subject-token in api-ref for v3/auth/{projects,domains}
Only x-auth-token is required for these api calls, but the
api-ref mentions x-subject-token as required also.
This fixes that by removing x-subject-token from the call docs.

Change-Id: Ib30a71b81939b11363aced4aecd545049c210380
Closes-Bug: 1667194
2017-02-27 11:53:11 -05:00
yuhui_inspur
84789755aa Remove the file encoding which is unnecessary
Basically, the commit removes the file encoding - since jenkins is fine
with it, means it was really unnecessary and the change makes sense.

Change-Id: I0d97104b173b00a383955b5ad5b597e4c6a19780
2017-02-11 01:16:26 +00:00
Samuel Pilla
4f4f8a7394 Remove unused api parameters
This patch removes any unused parameters in the v2 and v3 api's.
In order to find which parameters were unused, I wrote a script
that found all the parameters used in the `parameters.yaml` files,
then is searched the same api directory (ex: v3/, v3-ext/, etc.)
for any reference to these parameters. Anything unreferenced was
flagged and then removed.

Script: http://cdn.pasteraw.com/8cdh0e76aqhtliuh874veautr7as8k7

Change-Id: I1558ac94e1041f9fbb1d6713b394c4f97f997ada
2017-02-07 09:45:02 -06:00
Samuel Pilla
c90db0375e Renaming of api parameters
Some parameters of similar name would follow the convention
such as `region_id` and `region_id_1` which gave no good
information as to the differences.

This patch changes these names to help give such information.

Change-Id: I2dec61ed06042990ff54e86c02dc3fca9d566366
2017-02-03 15:23:40 -06:00
Jenkins
9bb57c1eb7 Merge "Update endpoint api for optional region_id" 2017-02-03 18:12:29 +00:00
Samuel Pilla
49632aee6d Update endpoint api for optional region_id
As per the bug, 'name' and 'nme' are not part of the 'endpoint'
table and were being assigned to the 'extras' column. This is
why they are not being validated.

The endpoint docs also show that `region_id` is not optional, even
though it is. This updates the docs to reflect optional `region_id`.

Closes-Bug: #1579014
Change-Id: I085b75c59767eb96b3bdfe3b887e5e2639122a34
2017-01-31 09:27:57 -06:00
Eric Brown
30d9095d28 Use https for docs.openstack.org references
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.

Change-Id: I30a462e03d1fd7852511e22cac34c6bc0e8917f4
2017-01-30 16:05:08 -08:00
Gage Hugo
2bb1720271 Address follow-up comments from previous patchset
There were a couple comments about making minor changes in the patch
set for changing change_password to not require a token. These comments
mentioned fixing the wording on the change_user api-ref note and
adding an additional assertion for one of the added unit tests.

https://review.openstack.org/#/c/404022/

This change corrects the wording in the api-ref note for
change_password about not needing an authentication token and
adds an additional assertion for changing an expired password to
verify that once an expired password is successfully changed, the
user is able to authenticate and create a token.

Change-Id: I8e557d344ee77e0c9c28391d3ef09913bd87fef6
2017-01-26 16:52:38 -06:00
Jenkins
f7bc5bad7d Merge "Add queries for federated attributes in list_users" 2017-01-24 09:56:30 +00:00
“Richard
19c6530b1a Add queries for federated attributes in list_users
This patch adds filters to list_user that enable the user to query for
unique_id, idp_id, protocol_id, or a mix of these to get back the
corresponding users of the federated attributes.

Partially-Implements: bp support-federated-attr
Change-Id: Iea5681791e521e9b8d96137fe30c388c10a02b30
2017-01-23 22:25:52 +00:00
Gage Hugo
3ae73b6752 Allow user to change own expired password
Currently, if a users password expires, they must contact an
administrator in order to have their password reset for them.

This change allows a user to perform the change_password call
without a token, which will allow a user with an expired password
to change it if they are using PCI-DSS related features. This
removes the issue of needing an administrator to reset any
user's password that has expired.

Also updated the api-ref with the related changes.

Change-Id: I4d3421c56642cfdbb25cb33b3aaaacbac4c64dd1
Closes-Bug: #1641645
2017-01-20 17:45:56 +00:00
Sean Dague
73939d90cd Fix warnings generated by os-api-ref 1.2.0
This addresses the warnings that os-api-ref 1.2.0 generates about
undocumented parameters.

Change-Id: I921ab1e2a05cd15885f789a4175c70056872f10a
2017-01-20 12:39:07 -05:00
Lance Bragstad
d4129c239c [api-ref] Clean up OS-EP-FILTER association docs
This change builds on the previous one by cleaning up all the wording
around associations and makes them consistent regardless of the
associations being direct or via endpoint groups.

Change-Id: I9582c5e8dbb83c37abcb432835dd7b609bd7841c
Closes-Bug: 1654613
2017-01-09 15:07:21 +00:00
Jenkins
74a6416136 Merge "[api-ref] Clean up OS-EP-FILTER documentation" 2017-01-08 08:07:07 +00:00
Lance Bragstad
6e71105ddc [api-ref] Clean up OS-EP-FILTER documentation
The OS-EP-FILTER documentation needed some work. The wording around
several of the examples didn't make a whole lot of sense. And some of
the requests were copy/pastes from other examples.

This change attempts to clarify the need for endpoint groups and how
they can be useful. This patch also moves the endpoint group CRUD
documentation to the beginning of the section, which leaves the rest
of the section to explain how to associate projects to endpoints
directly or use endpoint groups. Previously, the endpoint group CRUD
was in the middle of the section and made the flow the document jump
around a bit.

Change-Id: I1f6cbecc5c3a4c8e86a73a3cfed4b9a09e43b31f
Partial-Bug: 1654613
2017-01-08 04:55:29 +00:00
Jenkins
15f7013213 Merge "Fix region_id responses and requests to be consistent" 2017-01-07 00:48:18 +00:00
Jenkins
06238796c2 Merge "Update docs to require domain_id when registering Identity Providers" 2017-01-07 00:16:11 +00:00
Jenkins
64dbcf159d Merge "Remove endpoint_id parameter from EP-FILTER docs" 2017-01-06 19:39:01 +00:00
Jenkins
908b1d40ea Merge "[api] fix ep filter example" 2017-01-06 19:33:16 +00:00
Ronald De Rose
74af136478 Update docs to require domain_id when registering Identity Providers
An Identity Provider (IdP) should be mapped to a domain. This patch
updates the documentation and creates a release note recommending the
domain_id parameter.

Depends-On: Id18b8b2fe853b97631bc990df8188ed64a6e1275
Partial-Bug: #1642687
Change-Id: I1cb749371175169662dbb5fa8feafe403fb1c39b
2017-01-06 19:09:36 +00:00
Lance Bragstad
62ae2e4db2 Fix region_id responses and requests to be consistent
Change-Id: I6f6ad1b004f3e8c58dd941756039609f0a8bb7cf
2017-01-06 16:53:32 +00:00
Lance Bragstad
3838cff27c Remove endpoint_id parameter from EP-FILTER docs
The ability to list endpoint associations for projects only requires
the project ID as a parameter. The documentation was advertising that
the endpoint ID was also required, which seems like a rogue
copy/paste.

Change-Id: I2101ebaab0bdcbc9347e854dbe7f522c1c6320e8
2017-01-06 16:45:37 +00:00
Steve Martinelli
131c8c1f0c [api] fix ep filter example
The sample request and simplified representation was incorrect.
Change the sample to match the result, the sample was used in
other spots but did not affect the other APIs.

Also fixed the sentence describing valid filters that can be
used; only `region_id` is supported, not `region` [1].

[1] e49a95ff6e/keystone/catalog/controllers.py (L484)

Change-Id: Id460b85d37acc0cba9246ace6a338a315080b10b
2017-01-06 11:41:26 -05:00
Brant Knudson
42d19a072d Correct invalid rst in api docs
This rst was invalid so the docs didn't render correctly.

Change-Id: I9eb802cd6231ccfe907b931abe2a8c5f72f40443
2017-01-05 22:00:22 +00:00
Brant Knudson
ec4d0551c0 Correct timestamp format in token responses
The token issue response has timestamps like this:

  "issued_at": "2017-01-03T22:42:55.000000Z"
  "expires_at": "2017-01-03T23:42:55.000000Z"

Which didn't match the format documented in the API spec (the
response has subsecond precision and Z rather than ±HHMM).

Change-Id: I1deeac1776a7716ee66d187d1c1c7c1f5b02235f
Closes-Bug: 1634568
2017-01-04 13:05:23 -06:00
Jenkins
28b2b88c64 Merge "[api] Inconsistency between v3 API and keystone token timestamps" 2016-12-30 20:55:54 +00:00
jolie
76139d1507 [api] Inconsistency between v3 API and keystone token timestamps
The v3 API spec for tokens documents the format of timestamps.
It says the format is like "CCYY-MM-DDThh:mm:ss±hh:mm".
By this, the timestamps returned by keystone like this:
2016-12-13T15:33:12+0000

Change-Id: I616865c1b12457487c4aeb5b8e907ca01cb79ef9
Closes-Bug:#1634568
2016-12-28 15:17:23 +08:00
Jenkins
d4fd34de63 Merge "[api] set is_admin_project on tokens for admin project" 2016-12-21 13:12:29 +00:00
jolie
1a004987a4 [api] set is_admin_project on tokens for admin project
This patch update api_doc to include 'is_admin_project'

Change-Id: I7d8345ea75659f6397098979531edf286df69485
Closes-Bug:#1523012
2016-12-21 10:32:17 +08:00
Steve Martinelli
b0f9237570 API Documentation for user password expires
New proposal on how we document the password_expires_at query.

bp pci-dss-query-password-expired-users

Co-Authored-By: Samuel Pilla <sp516w@att.com>

Change-Id: I81facd0a84f5c05f72294eb1a143c7632b2406e1
2016-12-12 22:07:03 +00:00
Steve Martinelli
320479647c Revert "API Documentation for user password expires"
This reverts commit c2a3ec27e3882e79c3fdbbed86473c46edabfefc.

Change-Id: Ib55a9595003fa44e45a6b89b7e2b84f08cd67295
2016-12-12 21:04:10 +00:00
Samuel Pilla
1eb38e46e7 API Documentation for user password expires
The api documentation for the following queries:

/v3/users?password_expires_at={operator}:{timestamp}
/v3/groups/{group_id}/users?password_expires_at={operator}:{timestamp}

The acceptable operators are lt, lte, gt, gte, eq, and neq.
They allow for querying for a range of timestamps rather than
an exact time for password expiration.

Examples:
- GET /v3/users?password_expires_at=lt:2016-11-06T15:32:17Z
- GET /v3/groups/079c578fd99b428ab61fcd4c9bd88ecd/users?password_expires_at=gt:2016-12-08T22:02:00Z

Partially-Implements: bp pci-dss-query-password-expired-users
Parent-Id: If0b9cc3c8af92b2ea5d41a0e8afeb78e12b7689c
Change-Id: I737dd6b703cc5af16b3d748ebaeebe0fbada039e
2016-12-10 05:18:18 +00:00
jolie
48841fdeaa Fix typo in api-ref doc
Change-Id: I67c390d20bbdc016c44b4c9cd187f5ddde649768
2016-12-09 16:18:55 +08:00
Dougal Matthews
f12f83ba9a Correct missspellings of secret
Change-Id: Ib60746ddd19cdf5f9a65498a9a627a321fdad2c7
2016-12-08 13:25:05 +00:00
Samuel Pilla
28fd030667 api-ref update for roles assignments with names
Updates the api-ref to reflect that list_role_assignment now also
return the donain id and name for roles.

Related-Bug: #1607114
Change-Id: Ie887907b9410e84b5f3ff958b05b2fd98efbe5aa
2016-12-06 08:00:37 -06:00
Jenkins
796a61715f Merge "Minor fix in role_assignments api-ref" 2016-12-02 07:26:38 +00:00
Rodrigo Duarte Sousa
24dd02277c Minor fix in role_assignments api-ref
GET /role_assignments do not list the effective role_assignments,
this is done via the "effective" query param as described in the
doc.

For listing role assignments, we also have a similar explanation in
the "roles.inc" doc. After giving some thought, I guess the best option
is to leave both entries. This can sound redundant, but both entries give
pertinent explanation to the doc they are part of. For example, in the
"inherit.inc" doc, we have a introduction to the GET /role_assignments
API and explanations about the "effective", "include_subtree" and
"inherit_to" query parameters, which are essentially part of the
inherited roles feature.

Closes-Bug: 1645554

Change-Id: I38fa771295a1e1f482b10013f922a0bd0e432f8d
2016-12-01 10:02:14 -03:00
Jenkins
309b1adbfe Merge "Refactor Keystone admin-tokens and admin-users v2" 2016-11-28 19:32:51 +00:00
Colleen Murphy
22233747d2 Document token header in federation auth response
When reading the OS-FEDERATION API documentation, it is not clear how
to find the ID of the token when requesting either an unscoped or
scoped token. Token requests for the OS-FEDERATION API work the same
way as for the standard API, which is that the token ID is returned in
the X-Subject-Token header, so let's just mention that in the
OS-FEDERATION API documentation.

Change-Id: I6e9743d9001684f0d05ace119509f643c8b8e363
2016-11-28 09:06:25 -03:00
Ha Van Tu
364462e2db Refactor Keystone admin-tokens and admin-users v2
This patch modifies parameters name to make it be maintainable and
reusable

Change-Id: I0dc5fb29f3eef5e1269a36df4cd952ed54267f88
2016-11-28 18:18:39 +07:00
Jamie Lennox
fcebc2fa8d Allow fetching an expired token
A service user from auth_token middleware should be able to fetch a
token that has expired within a certain window so that long running
operations can finish.

Implements bp: allow-expired
Change-Id: I784f719be88481048f5aa7a79d34a54907438cf3
2016-11-28 04:07:26 +00:00
Steve Martinelli
f4a30aac66 [api] add changelog from 3.0 -> 3.7
This section was missed from the migration (from specs to api-ref).

Change-Id: Id7243ea0f2dbfbb4b579489fdb4f75c7a4b7b940
Closes-Bug: 1637214
2016-11-18 09:09:08 +00:00
Gage Hugo
d3e955f993 Change "Change User Password" request example
Changed the new password value in the JSON request for
V3 "Change User Password" example to be more clear about which field
the "new" password should be in and that the user's password will be
that "new" password.

Change-Id: I6790422956ed99f90fd41b6774bd266fd57d7130
2016-11-16 09:39:52 -06:00
Jenkins
1b5bbf3340 Merge "[api-ref] Fix couple of issues on OS-INHERIT API" 2016-11-09 20:50:31 +00:00
Samuel Pilla
2e70ecd8ce Document OS-SIMPLE-CERT Routes
Document certificates and OS-SIMPLE-CERT routes.

Change-Id: I528c3eb27a5226a4da17a3c3aa2ca3ccc65a5a39
Closes-Bug: #1626779
2016-11-01 08:26:00 -04:00
Jenkins
9c2a48829d Merge "Document v2 Revoked Token Route" 2016-11-01 12:12:20 +00:00
Samuel Pilla
c70baa0a7a Document v2 Revoked Token Route
Adds documentation for /v2.0/tokens/revoked in /api-ref.

Patch for v3: https://review.openstack.org/#/c/390904

Change-Id: I2a09eba3484299a63b30d936e5677a9e1d922c04
Partial-Bug: #1626778
2016-10-31 21:45:35 +00:00
Tin Lam
095ed9187b Add api-ref /auth/tokens/OS-PKI/revoked (v3)
The v3 endpoint documentation /v3/auth/tokens/OS-PKI/revoked is missing
in /api-ref.  This patch set adds the documentation for v3.
A separate patch set will be submitted for v2.

Change-Id: I3db3356d24cc8885012756016a90a0996fcf14f5
Partial-Bug: #1626778
2016-10-31 20:05:00 +00:00