410 lines
8.7 KiB
YAML
410 lines
8.7 KiB
YAML
# variables in header
|
|
|
|
# variables in path
|
|
access_token_id:
|
|
description: |
|
|
The UUID of the access token.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
consumer_id:
|
|
description: |
|
|
The UUID of the consumer.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
domain_id:
|
|
description: |
|
|
The UUID of the domain.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
endpoint_id:
|
|
description: |
|
|
The endpoint ID.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
group_id:
|
|
description: |
|
|
The UUID of the group.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
name:
|
|
description: |
|
|
The name of the group.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
policy_id:
|
|
description: |
|
|
The policy ID.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
project_id:
|
|
description: |
|
|
The UUID of the project.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
region_id:
|
|
description: |
|
|
The region ID.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
role_id:
|
|
description: |
|
|
The UUID of the role.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
service_id:
|
|
description: |
|
|
The service ID.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
user_id:
|
|
description: |
|
|
The UUID of the user.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
|
|
# variables in query
|
|
|
|
since:
|
|
description: |
|
|
A timestamp used to limit the list of results to events
|
|
that occurred on or after the specified time.
|
|
(RFC 1123 format date time)
|
|
in: query
|
|
required: false
|
|
type: string
|
|
|
|
# variables in body
|
|
blob:
|
|
description: |
|
|
The policy rule itself, as a serialized blob.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
consumer_id:
|
|
description: |
|
|
The ID of the consumer.
|
|
in: path
|
|
required: false
|
|
type: string
|
|
description:
|
|
description: |
|
|
The consumer description.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
endpoints:
|
|
description: |
|
|
An ``endpoints`` object.
|
|
in: body
|
|
required: true
|
|
type: array
|
|
id:
|
|
description: |
|
|
The ID of the trust.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
id_1:
|
|
description: |
|
|
The endpoint UUID.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
id_2:
|
|
description: |
|
|
The ID of the policy.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
impersonation:
|
|
description: |
|
|
The impersonation flag. Default is false.
|
|
in: body
|
|
required: false
|
|
type: boolean
|
|
interface:
|
|
description: |
|
|
The interface type, which describes the
|
|
visibility of the endpoint. Value is: - ``public``. Visible by
|
|
end users on a publicly available network interface. -
|
|
``internal``. Visible by end users on an unmetered internal
|
|
network interface. - ``admin``. Visible by administrative users
|
|
on a secure network interface.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
links:
|
|
description: |
|
|
Trust links.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
links_1:
|
|
description: |
|
|
The links for the ``endpoints`` resource.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
links_2:
|
|
description: |
|
|
The links for the ``policy`` resource.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
name_1:
|
|
description: |
|
|
The role name.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
name_2:
|
|
description: |
|
|
The name of the group.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
next:
|
|
description: |
|
|
The ``next`` relative link for the ``endpoints``
|
|
resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
oauth_expires_at:
|
|
description: |
|
|
The date and time when a request token expires.
|
|
|
|
The date and time stamp format is `ISO 8601
|
|
<https://en.wikipedia.org/wiki/ISO_8601>`_:
|
|
|
|
::
|
|
|
|
CCYY-MM-DDThh:mm:ss±hh:mm
|
|
|
|
The ``±hh:mm`` value, if included, is the time zone as an offset
|
|
from UTC.
|
|
|
|
For example, ``2015-08-27T09:49:58-05:00``.
|
|
|
|
If the Identity API does not include this attribute or its value is
|
|
``null``, the token never expires.
|
|
in: body
|
|
required: false
|
|
type: string
|
|
policy:
|
|
description: |
|
|
A ``policy`` object.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
previous:
|
|
description: |
|
|
The ``previous`` relative link for the
|
|
``endpoints`` resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
project_id_1:
|
|
description: |
|
|
The ID of the project.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
region:
|
|
description: |
|
|
(Deprecated in v3.2) The geographic location of
|
|
the service endpoint.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
remaining_uses:
|
|
description: |
|
|
Remaining uses flag. Default is null.
|
|
in: body
|
|
required: false
|
|
type: boolean
|
|
requested_project_id:
|
|
description: |
|
|
The ID of the requested project.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_audit_chain_id:
|
|
description: |
|
|
Specifies a group of tokens based upon the ``audit_id`` of the
|
|
first token in the chain.
|
|
|
|
If a revocation event specifies the ``audit_chain_id`` any
|
|
token that is part of the token chain (based upon the original
|
|
token at the start of the chain) will be revoked, including
|
|
the original token at the start of the chain.
|
|
|
|
If an event is issued for ``audit_chain_id`` then the event cannot
|
|
contain an ``audit_id``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_audit_id:
|
|
description: |
|
|
Specifies the unique identifier (UUID) assigned to the token
|
|
itself.
|
|
|
|
This will revoke a single token only. This attribute mirrors
|
|
the use of the Token Revocation List (the mechanism used
|
|
prior to revocation events) but does not utilize data that
|
|
could convey authorization (the token id).
|
|
|
|
If an event is issued for ``audit_id`` then the event cannot
|
|
contain an ``audit_chain_id``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_consumer_id:
|
|
description: |
|
|
Revoke tokens issued to a specific OAuth consumer, as part
|
|
of the OS-OAUTH1 API extension.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_domain_id:
|
|
description: |
|
|
Revoke tokens scoped to a particular domain.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_events:
|
|
description: |
|
|
List of recovation events.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_expires_at:
|
|
description: |
|
|
Specifies the exact expiration time of one or more tokens to
|
|
be revoked.
|
|
|
|
This attribute is useful for revoking chains of tokens, such
|
|
as those produced when re-scoping an existing token. When a
|
|
token is issued based on initial authentication, it is given
|
|
an expires_at value. When a token is used to get another
|
|
token, the new token will have the same expires_at value as
|
|
the original.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_issued_before:
|
|
description: |
|
|
(string, ISO 8601 extended format date time with
|
|
microseconds).
|
|
|
|
Tokens issued before this time are considered revoked.
|
|
|
|
This attribute can be used to determine how long the
|
|
expiration event is valid. It can also be used in
|
|
queries to filter events, so that only a subset that
|
|
have occurred since the last request are returned.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_project_id:
|
|
description: |
|
|
Revoke tokens scoped to a particular project.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_role_id:
|
|
description: |
|
|
Revoke tokens issued with a specific role.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_trust_id:
|
|
description: |
|
|
Revoke tokens issued as the result of a particular
|
|
trust, as part of the OS-TRUST API extension.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
revoke_user_id:
|
|
description: |
|
|
Revoke tokens expressing the identity of a particular user.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
roles:
|
|
description: |
|
|
A roles object.
|
|
in: body
|
|
required: true
|
|
type: array
|
|
roles_links:
|
|
description: |
|
|
A roles links object. Includes ``next``,
|
|
``previous``, and ``self`` links for roles.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
self:
|
|
description: |
|
|
The ``self`` relative link for the ``endpoints``
|
|
resource.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
service_id_1:
|
|
description: |
|
|
The UUID of the service to which the endpoint
|
|
belongs.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trust:
|
|
description: |
|
|
A trust object.
|
|
in: body
|
|
required: true
|
|
type: object
|
|
trustee_user_id:
|
|
description: |
|
|
The trustee user ID.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
trustor_user_id:
|
|
description: |
|
|
The trustor user ID.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
type:
|
|
description: |
|
|
The MIME media type of the serialized policy
|
|
blob. From the perspective of the Identity API, a policy blob can
|
|
be based on any technology. In OpenStack, the ``policy.json`` blob
|
|
(``type="application/json"``) is the conventional solution.
|
|
However, you might want to use an alternative policy engine that
|
|
uses a different policy language type. For example,
|
|
``type="application/xacml+xml"``.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
url:
|
|
description: |
|
|
The endpoint URL.
|
|
in: body
|
|
required: true
|
|
type: string
|
|
|