e4a82b3da1
Change-Id: I7f0ab81e3f8c0799bbcbbcd5a849603d7c2bde3a Partial-Bug: #1610777
349 lines
8.3 KiB
ReStructuredText
349 lines
8.3 KiB
ReStructuredText
.. -*- rst -*-
|
|
|
|
========================
|
|
OS-ENDPOINT-POLICY API
|
|
========================
|
|
|
|
Creates, verifies, and deletes associations between service
|
|
endpoints and policies. Such associations enable an endpoint to
|
|
request its policy.
|
|
|
|
To create, check, or delete an association, you reference a policy
|
|
by its ID in the Identity server.
|
|
|
|
The extension supports these associations:
|
|
|
|
- A policy and endpoint association.
|
|
|
|
- A policy and service-type endpoint in a region association.
|
|
|
|
- A policy and service-type endpoint association.
|
|
|
|
This order reflects policies in their most to least-specific order.
|
|
|
|
When an endpoint requests the appropriate policy for itself, the
|
|
extension finds the policy by traversing the ordered sequence of
|
|
methods of association. The extension shows the policy for the
|
|
first association that it finds.
|
|
|
|
If the region of the endpoint has a parent, the extension examines
|
|
the region associations up the region tree in ascending order. For
|
|
region associations, the extension examines any parent regions in
|
|
ascending order. The extension does not combine polices.
|
|
|
|
|
|
Associate policy and endpoint
|
|
=============================
|
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
|
|
|
|
Associates a policy and an endpoint.
|
|
|
|
If an association already exists between the endpoint and another
|
|
policy, this call replaces that association.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- endpoint_id: endpoint_id_path
|
|
|
|
|
|
Verify a policy and endpoint association
|
|
========================================
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
|
|
|
|
Verifies an association between a policy and an endpoint.
|
|
|
|
A HEAD version of this API is also supported.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- endpoint_id: endpoint_id_path
|
|
|
|
|
|
Delete a policy and endpoint association
|
|
========================================
|
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
|
|
|
|
Deletes an association between a policy and an endpoint.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- endpoint_id: endpoint_id_path
|
|
|
|
|
|
Associate policy and service-type endpoint
|
|
==========================================
|
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
|
|
|
|
Associates a policy and any endpoint of a service type.
|
|
|
|
If an association already exists between the endpoint of a service
|
|
type and another policy, this call replaces that association.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
|
|
|
|
Verify a policy and service-type endpoint association
|
|
=====================================================
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
|
|
|
|
Verifies an association between a policy and an endpoint of a service type.
|
|
|
|
A HEAD version of this API is also supported.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
|
|
|
|
Delete a policy and service-type endpoint association
|
|
=====================================================
|
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
|
|
|
|
Deletes an association between a policy and an endpoint of a service type.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
|
|
|
|
Show policy for endpoint
|
|
========================
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy
|
|
|
|
Shows a policy for an endpoint.
|
|
|
|
The extension finds the policy by traversing the ordered sequence
|
|
of methods of association. The extension shows the policy for the
|
|
first association that it finds. If the region of the endpoint has
|
|
a parent, the extension examines the region associations up the
|
|
region tree in ascending order.
|
|
|
|
Normal response codes: 200
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy: policy
|
|
- type: policy_type
|
|
- blob: policy_blob
|
|
- links: policy_links
|
|
- id: policy_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-show-response.json
|
|
:language: javascript
|
|
|
|
|
|
Check policy and service endpoint association
|
|
=============================================
|
|
|
|
.. rest_method:: HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy
|
|
|
|
Checks whether a policy is associated with an endpoint.
|
|
|
|
Normal response codes: 200
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
|
|
|
|
Associate policy and service-type endpoint in a region
|
|
======================================================
|
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
|
|
|
|
Associates a policy and an endpoint of a service type in a region.
|
|
|
|
If an association already exists between the service in a region
|
|
and another policy, this call replaces that association.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
- region_id: region_id_path
|
|
|
|
|
|
Verify a policy and service-type endpoint in a region association
|
|
=================================================================
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
|
|
|
|
Verifies an association between a policy and service-type endpoint in a region.
|
|
|
|
A HEAD version of this API is also supported.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
- region_id: region_id_path
|
|
|
|
|
|
Delete a policy and service-type endpoint in a region association
|
|
=================================================================
|
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
|
|
|
|
Deletes an association between a policy and service-type endpoint in a region.
|
|
|
|
Normal response codes: 204
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
- service_id: service_id_path
|
|
- region_id: region_id_path
|
|
|
|
|
|
List policy and service endpoint associations
|
|
=============================================
|
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints
|
|
|
|
Lists all the endpoints that are currently associated with a policy through any of the association methods.
|
|
|
|
Normal response codes: 200
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy_id: policy_id_path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- links: policy_links
|
|
- url: url
|
|
- region: region
|
|
- next: next
|
|
- self: self
|
|
- interface: interface
|
|
- service_id: service_id
|
|
- endpoints: endpoints
|
|
- id: endpoint_id
|
|
- previous: previous
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-endpoint-associations-list-response.json
|
|
:language: javascript
|
|
|
|
|
|
Show the effective policy associated with an endpoint
|
|
=====================================================
|
|
|
|
.. rest_method:: GET /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy
|
|
|
|
Returns the policy that is currently associated with the given endpoint, by
|
|
working through the ordered sequence of methods of association. The first
|
|
association that is found will be returned. If the region of the endpoint has a
|
|
parent, then region associations will be examined up the region tree in
|
|
ascending order.
|
|
|
|
A HEAD version of this API is also supported.
|
|
|
|
Normal response codes: 200
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- endpoint_id: endpoint_id_path
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- policy: policy
|
|
- type: policy_type
|
|
- blob: policy_blob
|
|
- links: policy_links
|
|
- id: policy_id
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-show-response.json
|
|
:language: javascript
|