You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
348 lines
8.3 KiB
348 lines
8.3 KiB
.. -*- rst -*- |
|
|
|
======================== |
|
OS-ENDPOINT-POLICY API |
|
======================== |
|
|
|
Creates, verifies, and deletes associations between service |
|
endpoints and policies. Such associations enable an endpoint to |
|
request its policy. |
|
|
|
To create, check, or delete an association, you reference a policy |
|
by its ID in the Identity server. |
|
|
|
The extension supports these associations: |
|
|
|
- A policy and endpoint association. |
|
|
|
- A policy and service-type endpoint in a region association. |
|
|
|
- A policy and service-type endpoint association. |
|
|
|
This order reflects policies in their most to least-specific order. |
|
|
|
When an endpoint requests the appropriate policy for itself, the |
|
extension finds the policy by traversing the ordered sequence of |
|
methods of association. The extension shows the policy for the |
|
first association that it finds. |
|
|
|
If the region of the endpoint has a parent, the extension examines |
|
the region associations up the region tree in ascending order. For |
|
region associations, the extension examines any parent regions in |
|
ascending order. The extension does not combine polices. |
|
|
|
|
|
Associate policy and endpoint |
|
============================= |
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} |
|
|
|
Associates a policy and an endpoint. |
|
|
|
If an association already exists between the endpoint and another |
|
policy, this call replaces that association. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- endpoint_id: endpoint_id_path |
|
|
|
|
|
Verify a policy and endpoint association |
|
======================================== |
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} |
|
|
|
Verifies an association between a policy and an endpoint. |
|
|
|
A HEAD version of this API is also supported. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- endpoint_id: endpoint_id_path |
|
|
|
|
|
Delete a policy and endpoint association |
|
======================================== |
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} |
|
|
|
Deletes an association between a policy and an endpoint. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- endpoint_id: endpoint_id_path |
|
|
|
|
|
Associate policy and service-type endpoint |
|
========================================== |
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} |
|
|
|
Associates a policy and any endpoint of a service type. |
|
|
|
If an association already exists between the endpoint of a service |
|
type and another policy, this call replaces that association. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
|
|
|
|
Verify a policy and service-type endpoint association |
|
===================================================== |
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} |
|
|
|
Verifies an association between a policy and an endpoint of a service type. |
|
|
|
A HEAD version of this API is also supported. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
|
|
|
|
Delete a policy and service-type endpoint association |
|
===================================================== |
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} |
|
|
|
Deletes an association between a policy and an endpoint of a service type. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
|
|
|
|
Show policy for endpoint |
|
======================== |
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy |
|
|
|
Shows a policy for an endpoint. |
|
|
|
The extension finds the policy by traversing the ordered sequence |
|
of methods of association. The extension shows the policy for the |
|
first association that it finds. If the region of the endpoint has |
|
a parent, the extension examines the region associations up the |
|
region tree in ascending order. |
|
|
|
Normal response codes: 200 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
|
|
Response Parameters |
|
------------------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy: policy |
|
- type: policy_type |
|
- blob: policy_blob |
|
- links: policy_links |
|
- id: policy_id |
|
|
|
Response Example |
|
---------------- |
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-show-response.json |
|
:language: javascript |
|
|
|
|
|
Check policy and service endpoint association |
|
============================================= |
|
|
|
.. rest_method:: HEAD /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/policy |
|
|
|
Checks whether a policy is associated with an endpoint. |
|
|
|
Normal response codes: 200 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
|
|
|
|
Associate policy and service-type endpoint in a region |
|
====================================================== |
|
|
|
.. rest_method:: PUT /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} |
|
|
|
Associates a policy and an endpoint of a service type in a region. |
|
|
|
If an association already exists between the service in a region |
|
and another policy, this call replaces that association. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
- region_id: region_id_path |
|
|
|
|
|
Verify a policy and service-type endpoint in a region association |
|
================================================================= |
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} |
|
|
|
Verifies an association between a policy and service-type endpoint in a region. |
|
|
|
A HEAD version of this API is also supported. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
- region_id: region_id_path |
|
|
|
|
|
Delete a policy and service-type endpoint in a region association |
|
================================================================= |
|
|
|
.. rest_method:: DELETE /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} |
|
|
|
Deletes an association between a policy and service-type endpoint in a region. |
|
|
|
Normal response codes: 204 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
- service_id: service_id_path |
|
- region_id: region_id_path |
|
|
|
|
|
List policy and service endpoint associations |
|
============================================= |
|
|
|
.. rest_method:: GET /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints |
|
|
|
Lists all the endpoints that are currently associated with a policy through any of the association methods. |
|
|
|
Normal response codes: 200 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy_id: policy_id_path |
|
|
|
Response Parameters |
|
------------------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- links: policy_links |
|
- url: url |
|
- region: region |
|
- next: next |
|
- self: self |
|
- interface: interface |
|
- service_id: service_id |
|
- endpoints: endpoints |
|
- id: endpoint_id |
|
- previous: previous |
|
|
|
Response Example |
|
---------------- |
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-endpoint-associations-list-response.json |
|
:language: javascript |
|
|
|
|
|
Show the effective policy associated with an endpoint |
|
===================================================== |
|
|
|
.. rest_method:: GET /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy |
|
|
|
Returns the policy that is currently associated with the given endpoint, by |
|
working through the ordered sequence of methods of association. The first |
|
association that is found will be returned. If the region of the endpoint has a |
|
parent, then region associations will be examined up the region tree in |
|
ascending order. |
|
|
|
A HEAD version of this API is also supported. |
|
|
|
Normal response codes: 200 |
|
|
|
Request |
|
------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- endpoint_id: endpoint_id_path |
|
|
|
Response Parameters |
|
------------------- |
|
|
|
.. rest_parameters:: parameters.yaml |
|
|
|
- policy: policy |
|
- type: policy_type |
|
- blob: policy_blob |
|
- links: policy_links |
|
- id: policy_id |
|
|
|
Response Example |
|
---------------- |
|
|
|
.. literalinclude:: samples/OS-ENDPOINT-POLICY/policy-show-response.json |
|
:language: javascript
|
|
|