api-ref: RBAC policies api reference

This patch adds RBAC policies API reference for the RBAC policies extension. Change-Id: I036a8108071b4b1db32c96ebb1b48da453e268b1 Closes-Bug: #1486127
2017-06-30 05:14:20 +01:00 · 2017-06-30 05:14:20 +01:00 · ee0fc48f7c
commit ee0fc48f7c
parent 88ad67a60b
9 changed files with 306 additions and 0 deletions
--- a/api-ref/source/v2/index.rst
+++ b/api-ref/source/v2/index.rst
@ -33,6 +33,7 @@ Security
 ########
 .. include:: fwaas.inc
 .. include:: fwaas-v2.inc
+.. include:: rbac-policy.inc
 .. include:: security-group-rules.inc
 .. include:: security-groups.inc
 .. include:: vpnaas.inc
--- a/api-ref/source/v2/parameters.yaml
+++ b/api-ref/source/v2/parameters.yaml
@ -205,6 +205,12 @@ qos-rule_id:
  in: path
  required: true
  type: string
+rbac_policy_id-path:
+  description: |
+    The ID of the RBAC policy.
+  in: path
+  required: true
+  type: integer
 resource_id:
  description: |
    The ID of resource which the tag is set on.
@ -3844,6 +3850,21 @@ networks:
  in: body
  required: true
  type: array
+object_id:
+  description: |
+    The ID of the ``object_type`` resource. An ``object_type`` of ``network``
+    returns a network ID and an ``object_type`` of ``qos-policy`` returns
+    a QoS ID.
+  in: body
+  required: true
+  type: integer
+object_type:
+  description: |
+    The type of the object that the RBAC policy affects. Types include
+    ``qos-policy`` or ``network``.
+  in: body
+  required: true
+  type: integer
 operating_status:
  description: |
    The operating status of the load balancer.  This
@ -4500,6 +4521,19 @@ quotas:
  in: body
  required: true
  type: array
+rbac_action:
+  description: |
+    Action for the RBAC policy which is ``access_as_external`` or
+    ``access_as_shared``.
+  in: body
+  required: true
+  type: string
+rbac_policy_id:
+  description: |
+    The ID of the RBAC policy.
+  in: body
+  required: true
+  type: integer
 remote_group_id:
  description: |
    The remote group UUID to associate with this
@ -5448,6 +5482,12 @@ tags:
  in: body
  required: true
  type: array
+target_tenant:
+  description: |
+    The ID of the tenant to which the RBAC policy will be enforced.
+  in: body
+  required: true
+  type: string
 tenant_id:
  description: |
    The ID of the project that owns the resource.
--- a/api-ref/source/v2/rbac-policy.inc
+++ b/api-ref/source/v2/rbac-policy.inc
@ -0,0 +1,206 @@
+.. -*- rst -*-
+
+=============
+RBAC Policies
+=============
+
+Lists, shows details for, creates, updates, and deletes RBAC policies.
+
+Show RBAC policy details
+========================
+
+.. rest_method::  GET /v2.0/rbac-policies/{rbac_policy_id}
+
+Show details for a given RBAC policy.
+
+You can control which response parameters are returned by using the
+fields query parameter. For information, see `Filtering and column
+selection <http://specs.openstack.org/openstack/neutron-
+specs/specs/api/networking_general_api_information.html#filtering-
+and-column-selection>`__.
+
+Normal response codes: 200
+
+Error response codes: 401, 404
+
+Request
+-------
+
+.. rest_parameters:: parameters.yaml
+
+   - rbac_policy_id: rbac_policy_id-path
+
+Response Parameters
+-------------------
+
+.. rest_parameters:: parameters.yaml
+
+   - target_tenant: target_tenant
+   - tenant_id: tenant_id
+   - object_type: object_type
+   - object_id: object_id
+   - action: rbac_action
+   - project_id: project_id
+   - id: rbac_policy_id
+
+Response Example
+----------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policy-show-response.json
+   :language: javascript
+
+Update RBAC policy
+==================
+
+.. rest_method::  PUT /v2.0/rbac-policies/{rbac_policy_id}
+
+Update RBAC policy for given tenant.
+
+Normal response codes: 200
+
+Error response codes: 400, 401, 403, 404
+
+Request
+-------
+
+.. rest_parameters:: parameters.yaml
+
+   - rbac_policy_id: rbac_policy_id-path
+   - target_tenant: target_tenant
+
+Request Example
+---------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policy-update-request.json
+   :language: javascript
+
+Response Parameters
+-------------------
+
+.. rest_parameters:: parameters.yaml
+
+   - target_tenant: target_tenant
+   - tenant_id: tenant_id
+   - object_type: object_type
+   - object_id: object_id
+   - action: rbac_action
+   - project_id: project_id
+   - id: rbac_policy_id
+
+Response Example
+----------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policy-update-response.json
+   :language: javascript
+
+Delete RBAC policy
+==================
+
+.. rest_method::  DELETE /v2.0/rbac-policies/{rbac_policy_id}
+
+Delete an RBAC policy.
+
+Normal response codes: 204
+
+Error response codes: 401, 404, 409
+
+Request
+-------
+
+.. rest_parameters:: parameters.yaml
+
+   - rbac_policy_id: rbac_policy_id-path
+
+Response
+--------
+
+There is no body content for the response of a successful DELETE request.
+
+List RBAC policies
+==================
+
+.. rest_method::  GET /v2.0/rbac-policies
+
+List RBAC policies that belong to a given tenant.
+
+Use the ``fields`` query parameter to filter the response. For
+information, see `Filtering and Column Selection <https://wiki.open
+stack.org/wiki/Neutron/APIv2-specification#Filtering_and_Column_Sel
+ection>`__.
+
+Normal response codes: 200
+
+Error response codes: 401
+
+Request
+-------
+
+.. rest_parameters:: parameters.yaml
+
+   - fields: fields
+
+Response Parameters
+-------------------
+
+.. rest_parameters:: parameters.yaml
+
+   - target_tenant: target_tenant
+   - tenant_id: tenant_id
+   - object_type: object_type
+   - object_id: object_id
+   - action: rbac_action
+   - project_id: project_id
+   - id: rbac_policy_id
+
+Response Example
+----------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policies-list-response.json
+   :language: javascript
+
+Create RBAC policy
+==================
+
+.. rest_method::  POST /v2.0/rbac-policies
+
+Create RBAC policy for given tenant.
+
+Normal response codes: 201
+
+Error response codes: 400, 401
+
+Request
+-------
+
+.. rest_parameters:: parameters.yaml
+
+   - rbac_policy_id: rbac_policy_id-path
+   - target_tenant: target_tenant
+   - object_type: object_type
+   - object_id: object_id
+   - action: rbac_action
+
+Request Example
+---------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policy-create-request.json
+   :language: javascript
+
+Response Parameters
+-------------------
+
+.. rest_parameters:: parameters.yaml
+
+   - target_tenant: target_tenant
+   - tenant_id: tenant_id
+   - object_type: object_type
+   - object_id: object_id
+   - action: rbac_action
+   - project_id: project_id
+   - id: rbac_policy_id
+
+Response Example
+----------------
+
+.. literalinclude:: samples/rbac_policy/rbac-policy-create-response.json
+   :language: javascript
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policies-list-response.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policies-list-response.json
@ -0,0 +1,13 @@
+{
+   "rbac_policies": [
+      {
+         "target_tenant": "*",
+         "tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+         "object_type": "network",
+         "object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
+         "action": "access_as_external",
+         "project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+         "id":"6d4c666e-1aad-465e-b670-4d112b760137"
+      }
+   ]
+}
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policy-create-request.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policy-create-request.json
@ -0,0 +1,8 @@
+{
+   "rbac_policy": {
+      "action": "access_as_shared",
+      "object_type": "network",
+      "target_tenant": "0670b690f27e47a58b6a479d26004715",
+      "object_id": "1f32f072-4d17-4811-b619-3623d018bd40"
+   }
+}
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policy-create-response.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policy-create-response.json
@ -0,0 +1,11 @@
+{
+   "rbac_policy": {
+      "target_tenant": "0670b690f27e47a58b6a479d26004715",
+      "tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "object_type": "network",
+      "object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
+      "action": "access_as_shared",
+      "project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "id": "2cf7523a-93b5-4e69-9360-6c6bf986bb7c"
+   }
+}
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policy-show-response.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policy-show-response.json
@ -0,0 +1,11 @@
+{
+   "rbac_policy": {
+      "target_tenant": "*",
+      "tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "object_type": "network",
+      "object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
+      "action": "access_as_external",
+      "project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "id": "6d4c666e-1aad-465e-b670-4d112b760137"
+   }
+}
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policy-update-request.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policy-update-request.json
@ -0,0 +1,5 @@
+{
+   "rbac_policy": {
+      "target_tenant": "*"
+   }
+}
--- a/api-ref/source/v2/samples/rbac_policy/rbac-policy-update-response.json
+++ b/api-ref/source/v2/samples/rbac_policy/rbac-policy-update-response.json
@ -0,0 +1,11 @@
+{
+   "rbac_policy": {
+      "target_tenant": "*",
+      "tenant_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "object_type": "network",
+      "object_id": "1f32f072-4d17-4811-b619-3623d018bd40",
+      "action": "access_as_external",
+      "project_id": "3de27ce0a2a54cc6ae06dc62dd0ec832",
+      "id": "6d4c666e-1aad-465e-b670-4d112b760137"
+   }
+}