6cdb3a8374
While using the openstack client command, the list on endpoint filters cannot be filtered by name. This adds an optional parameter on the query to allow the name to be specified as filter. This fixes the behavior on OSC to search. Change-Id: Ia1cbc9f4ded8f2494b1bf7ba5e953be0dfaf11f5 Closes-Bug: #1828565
557 lines
14 KiB
YAML
557 lines
14 KiB
YAML
# variables in header
|
|
requested_project_id:
|
|
description: |
|
|
The ID of the requested project.
|
|
in: header
|
|
required: true
|
|
type: string
|
|
|
|
# variables in path
|
|
access_token_id_path:
|
|
description: |
|
|
The UUID of the access token.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
consumer_id_path:
|
|
description: |
|
|
The UUID of the consumer.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
domain_id:
|
|
description: |
|
|
The UUID of the domain.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
endpoint_group_id_path:
|
|
description: |
|
|
The UUID of the endpoint group.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
endpoint_id_path:
|
|
description: |
|
|
The endpoint ID.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
group_id:
|
|
description: |
|
|
The UUID of the group.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
name:
|
|
description: |
|
|
The name of the group.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
policy_id_path:
|
|
description: |
|
|
The policy ID.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
project_id_path:
|
|
description: |
|
|
The UUID of the project.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
region_id_path:
|
|
description: |
|
|
The region ID.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
role_id_path:
|
|
description: |
|
|
The UUID of the role.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
service_id_path:
|
|
description: |
|
|
The service ID.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
trust_id_path:
|
|
description: |
|
|
The trust ID.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
user_id_path:
|
|
description: |
|
|
The UUID of the user.
|
|
in: path
|
|
required: true
|
|
type: string
|
|
|
|
# variables in query
|
|
request_endpoint_group_name_query_not_required:
|
|
description: |
|
|
Filters the response by an endpoint group name.
|
|
in: query
|
|
required: false
|
|
type: string
|
|
|
|
since_query:
|
|
description: |
|
|
A timestamp used to limit the list of results to events
|
|
that occurred on or after the specified time.
|
|
(RFC 1123 format date time)
|
|
in: query
|
|
required: false
|
|
type: string
|
|
|
|
trustee_user_id_query:
|
|
description: |
|
|
Filters the response by a trustee user ID.
|
|
In order to list trusts for a given trustee, filter the collection using a query string
|
|
(e.g., ``?trustee_user_id={user_id}``).
|
|
in: query
|
|
required: false
|
|
type: string
|
|
|
|
trustor_user_id_query:
|
|
description: |
|
|
Filters the response by a trustor user ID.
|
|
In order to list trusts for a given trustor, filter the collection using a query string
|
|
(e.g., ``?trustor_user_id={user_id}``).
|
|
in: query
|
|
required: false
|
|
type: string
|
|
|
|
# variables in body
|
|
allow_redelegation:
|
|
description: |
|
|
If set to `true` then a trust between a ``trustor`` and any third-party
|
|
user may be issued by the ``trustee`` just like a regular trust.
|
|
If set to `false`, stops further redelegation. `false` by default.
|
|
in: body
|
|
required: false
|
|
type: boolean
|
|
consumer_description:
|
|
description: |
|
|
The consumer description.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
consumer_id:
|
|
description: |
|
|
The ID of the consumer.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
eg_description:
|
|
description: |
|
|
The endpoint group description.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
eg_filters:
|
|
description: |
|
|
Describes the filtering performed by the endpoint group. The filter used must
|
|
be an ``endpoint`` property, such as ``interface``, ``service_id``,
|
|
``region_id`` and ``enabled``. Note that if using ``interface`` as a filter,
|
|
the only available values are ``public``, ``internal`` and ``admin``.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
eg_name:
|
|
description: |
|
|
The name of the endpoint group.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
endpoint_id:
|
|
description: |
|
|
The endpoint UUID.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
endpoints:
|
|
description: |
|
|
An ``endpoints`` object.
|
|
in: body
|
|
required: true
|
|
type: array
|
|
id:
|
|
description: |
|
|
[WIP]
|
|
in: body
|
|
required: true
|
|
type: string
|
|
impersonation:
|
|
description: |
|
|
If set to `true`, then the user attribute of tokens generated based on the
|
|
trust will represent that of the ``trustor`` rather than the ``trustee``,
|
|
thus allowing the ``trustee`` to impersonate the ``trustor``. If impersonation
|
|
is set to `false`, then the token's user attribute will represent that of the
|
|
``trustee``.
|
|
in: body
|
|
required: true
|
|
type: boolean
|
|
interface:
|
|
description: |
|
|
The interface type, which describes the
|
|
visibility of the endpoint. Value is: - ``public``. Visible by
|
|
end users on a publicly available network interface. -
|
|
``internal``. Visible by end users on an unmetered internal
|
|
network interface. - ``admin``. Visible by administrative users
|
|
on a secure network interface.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
links:
|
|
description: |
|
|
A links object.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
next:
|
|
description: |
|
|
The ``next`` relative link for the ``endpoints``
|
|
resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
oauth_expires_at:
|
|
description: |
|
|
The date and time when an oauth token expires.
|
|
|
|
The date and time stamp format is `ISO 8601
|
|
<https://en.wikipedia.org/wiki/ISO_8601>`_:
|
|
|
|
::
|
|
|
|
CCYY-MM-DDThh:mm:ss±hh:mm
|
|
|
|
The ``±hh:mm`` value, if included, is the time zone as an offset
|
|
from UTC.
|
|
|
|
For example, ``2015-08-27T09:49:58-05:00``.
|
|
|
|
If the Identity API does not include this attribute or its value is
|
|
``null``, the token never expires.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
oauth_token:
|
|
description: |
|
|
The key value for the oauth token that the Identity API returns.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
oauth_token_secret:
|
|
description: |
|
|
The secret value associated with the oauth Token.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
policy:
|
|
description: |
|
|
A ``policy`` object.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
policy_blob:
|
|
description: |
|
|
The policy rule itself, as a serialized blob.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
policy_id:
|
|
description: |
|
|
The ID of the policy.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
policy_links:
|
|
description: |
|
|
The links for the ``policy`` resource.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
policy_type:
|
|
description: |
|
|
The MIME media type of the serialized policy
|
|
blob. From the perspective of the Identity API, a policy blob can
|
|
be based on any technology. In OpenStack, the ``policy.json`` blob
|
|
(``type="application/json"``) is the conventional solution.
|
|
However, you might want to use an alternative policy engine that
|
|
uses a different policy language type. For example,
|
|
``type="application/xacml+xml"``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
previous:
|
|
description: |
|
|
The ``previous`` relative link for the
|
|
``endpoints`` resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
project_id:
|
|
description: |
|
|
The ID of the project.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
redelegated_trust_id:
|
|
description: |
|
|
Returned with redelegated trust provides information about the predecessor
|
|
in the trust chain.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
redelegation_count:
|
|
description: |
|
|
Specifies the maximum remaining depth of the redelegated trust chain.
|
|
Each subsequent trust has this field decremented by `1` automatically.
|
|
The initial ``trustor`` issuing new trust that can be redelegated, must
|
|
set ``allow_redelegation`` to `true` and may set ``redelegation_count``
|
|
to an integer value less than or equal to ``max_redelegation_count``
|
|
configuration parameter in order to limit the possible length of derivated
|
|
trust chains. The trust issued by the trustor using a project-scoped token
|
|
(not redelegating), in which ``allow_redelegation`` is set to `true` (the new
|
|
trust is redelegatable), will be populated with the value specified in the
|
|
``max_redelegation_count`` configuration parameter if ``redelegation_count``
|
|
is not set or set to `null`. If ``allow_redelegation`` is set to `false`
|
|
then ``redelegation_count`` will be set to `0` in the trust.
|
|
|
|
If the trust is being issued by the ``trustee`` of a redelegatable trust-scoped
|
|
token (redelegation case) then ``redelegation_count`` should not be set, as it
|
|
will automatically be set to the value in the redelegatable trust-scoped token
|
|
decremented by `1`. Note, if the resulting value is `0`, this means that the new
|
|
trust will not be redelegatable, regardless of the value of ``allow_redelegation``.
|
|
|
|
in: body
|
|
required: false
|
|
type: integer
|
|
region:
|
|
description: |
|
|
(Deprecated in v3.2) The geographic location of
|
|
the service endpoint.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
remaining_uses:
|
|
description: |
|
|
Specifies how many times the trust can be used to obtain a token. This value
|
|
is decreased each time a token is issued through the trust. Once it reaches
|
|
`0`, no further tokens will be issued through the trust. The default value is
|
|
`null`, meaning there is no limit on the number of tokens issued through the
|
|
trust. If redelegation is enabled it must not be set.
|
|
in: body
|
|
required: false
|
|
type: boolean
|
|
revoke_audit_chain_id:
|
|
description: |
|
|
Specifies a group of tokens based upon the ``audit_id`` of the
|
|
first token in the chain.
|
|
|
|
If a revocation event specifies the ``audit_chain_id`` any
|
|
token that is part of the token chain (based upon the original
|
|
token at the start of the chain) will be revoked, including
|
|
the original token at the start of the chain.
|
|
|
|
If an event is issued for ``audit_chain_id`` then the event cannot
|
|
contain an ``audit_id``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_audit_id:
|
|
description: |
|
|
Specifies the unique identifier (UUID) assigned to the token
|
|
itself.
|
|
|
|
This will revoke a single token only. This attribute mirrors
|
|
the use of the Token Revocation List (the mechanism used
|
|
prior to revocation events) but does not utilize data that
|
|
could convey authorization (the token id).
|
|
|
|
If an event is issued for ``audit_id`` then the event cannot
|
|
contain an ``audit_chain_id``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_consumer_id:
|
|
description: |
|
|
Revoke tokens issued to a specific OAuth consumer, as part
|
|
of the OS-OAUTH1 API extension.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_domain_id:
|
|
description: |
|
|
Revoke tokens scoped to a particular domain.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_events:
|
|
description: |
|
|
List of recovation events.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_expires_at:
|
|
description: |
|
|
Specifies the exact expiration time of one or more tokens to
|
|
be revoked.
|
|
|
|
This attribute is useful for revoking chains of tokens, such
|
|
as those produced when re-scoping an existing token. When a
|
|
token is issued based on initial authentication, it is given
|
|
an expires_at value. When a token is used to get another
|
|
token, the new token will have the same expires_at value as
|
|
the original.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_issued_before:
|
|
description: |
|
|
(string, ISO 8601 extended format date time with
|
|
microseconds).
|
|
|
|
Tokens issued before this time are considered revoked.
|
|
|
|
This attribute can be used to determine how long the
|
|
expiration event is valid. It can also be used in
|
|
queries to filter events, so that only a subset that
|
|
have occurred since the last request are returned.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_project_id:
|
|
description: |
|
|
Revoke tokens scoped to a particular project.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_role_id:
|
|
description: |
|
|
Revoke tokens issued with a specific role.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_trust_id:
|
|
description: |
|
|
Revoke tokens issued as the result of a particular
|
|
trust, as part of the OS-TRUST API extension.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_user_id:
|
|
description: |
|
|
Revoke tokens expressing the identity of a particular user.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
roles:
|
|
description: |
|
|
A roles object.
|
|
in: body
|
|
required: true
|
|
type: array
|
|
roles_links:
|
|
description: |
|
|
A roles links object. Includes ``next``,
|
|
``previous``, and ``self`` links for roles.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
self:
|
|
description: |
|
|
The ``self`` relative link for the ``endpoints``
|
|
resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
service_id:
|
|
description: |
|
|
The UUID of the service to which the endpoint
|
|
belongs.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trust:
|
|
description: |
|
|
A trust object.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
trust_expires_at:
|
|
description: |
|
|
Specifies the expiration time of the trust. A trust may be revoked ahead of
|
|
expiration. If the value represents a time in the past, the trust is deactivated.
|
|
In the redelegation case it must not exceed the value of the corresponding
|
|
``expires_at`` field of the redelegated trust or it may be omitted, then the
|
|
``expires_at`` value is copied from the redelegated trust.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
trust_id:
|
|
description: |
|
|
The ID of the trust.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trust_links:
|
|
description: |
|
|
A trust links object. Includes ``next``, ``previous``, and ``self`` links for trusts.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
trust_project_id:
|
|
description: |
|
|
Identifies the project upon which the trustor is delegating authorization.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
trust_roles:
|
|
description: |
|
|
Specifies the subset of the trustor's roles on the ``project_id`` to be granted
|
|
to the ``trustee`` when the token is consumed. The ``trustor`` must already be
|
|
granted these roles in the project referenced by the ``project_id`` attribute.
|
|
If redelegation is used (when trust-scoped token is used and consumed trust has
|
|
``allow_redelegation`` set to `true`) this parameter should contain redelegated
|
|
trust's roles only.
|
|
|
|
Roles are only provided when the trust is created, and are subsequently available
|
|
as a separate read-only collection. Each role can be specified by either ``id`` or
|
|
``name``.
|
|
in: body
|
|
required: false
|
|
type: array
|
|
trustee_user_id:
|
|
description: |
|
|
Represents the user who is capable of consuming the trust.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trustor_user_id:
|
|
description: |
|
|
Represents the user who created the trust, and who's authorization is being delegated.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trusts:
|
|
description: |
|
|
An array of trust objects.
|
|
in: body
|
|
required: true
|
|
type: array
|
|
url:
|
|
description: |
|
|
The endpoint URL.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
|