diff --git a/doc/source/cli/command-objects/access-token.rst b/doc/source/cli/command-objects/access-token.rst index b1400412ff..7ef9167eb3 100644 --- a/doc/source/cli/command-objects/access-token.rst +++ b/doc/source/cli/command-objects/access-token.rst @@ -2,41 +2,9 @@ access token ============ -Identity v3 +An **access token** is used by the Identity service's OS-OAUTH1 extension. It +is used by the **consumer** to request new Identity API tokens on behalf of the +authorizing **user**. Applicable to Identity v3. -`Requires: OS-OAUTH1 extension` - -access token create -------------------- - -Create an access token - -.. program:: access token create -.. code:: bash - - openstack access token create - --consumer-key - --consumer-secret - --request-key - --request-secret - --verifier - -.. option:: --consumer-key - - Consumer key (required) - -.. option:: --consumer-secret - - Consumer secret (required) - -.. option:: --request-key - - Request token to exchange for access token (required) - -.. option:: --request-secret - - Secret associated with (required) - -.. option:: --verifier - - Verifier associated with (required) +.. autoprogram-cliff:: openstack.identity.v3 + :command: access token create diff --git a/doc/source/cli/command-objects/catalog.rst b/doc/source/cli/command-objects/catalog.rst index dccf780121..6db8227ec4 100644 --- a/doc/source/cli/command-objects/catalog.rst +++ b/doc/source/cli/command-objects/catalog.rst @@ -2,29 +2,11 @@ catalog ======= -Identity v2, v3 +A **catalog** lists OpenStack services that are available on the cloud. +Applicable to Identity v2 and v3 -catalog list ------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: catalog list -List services in the service catalog - -.. program:: catalog list -.. code:: bash - - openstack catalog list - -catalog show ------------- - -Display service catalog details - -.. program:: catalog show -.. code:: bash - - openstack catalog show - - -.. describe:: - - Service to display (type or name) +.. autoprogram-cliff:: openstack.identity.v3 + :command: catalog show diff --git a/doc/source/cli/command-objects/consumer.rst b/doc/source/cli/command-objects/consumer.rst index d4ce5dc5b2..8f6dda0ad4 100644 --- a/doc/source/cli/command-objects/consumer.rst +++ b/doc/source/cli/command-objects/consumer.rst @@ -2,82 +2,21 @@ consumer ======== -Identity v3 +An **consumer** is used by the Identity service's OS-OAUTH1 extension. It +is used to create a **request token** and **access token**. Applicable to +Identity v3. -`Requires: OS-OAUTH1 extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: consumer create -consumer create ---------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: consumer delete -Create new consumer +.. autoprogram-cliff:: openstack.identity.v3 + :command: consumer list -.. program:: consumer create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: consumer set - openstack consumer create - [--description ] - -.. option:: --description - - New consumer description - -consumer delete ---------------- - -Delete consumer(s) - -.. program:: consumer delete -.. code:: bash - - openstack consumer delete - [ ...] - -.. describe:: - - Consumer(s) to delete - -consumer list -------------- - -List consumers - -.. program:: consumer list -.. code:: bash - - openstack consumer list - -consumer set ------------- - -Set consumer properties - -.. program:: consumer set -.. code:: bash - - openstack consumer set - [--description ] - - -.. option:: --description - - New consumer description - -.. describe:: - - Consumer to modify - -consumer show -------------- - -Display consumer details - -.. program:: consumer show -.. code:: bash - - openstack consumer show - - -.. _consumer_show-consumer: -.. describe:: - - Consumer to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: consumer show diff --git a/doc/source/cli/command-objects/domain.rst b/doc/source/cli/command-objects/domain.rst index 70a3e73309..81a193497b 100644 --- a/doc/source/cli/command-objects/domain.rst +++ b/doc/source/cli/command-objects/domain.rst @@ -2,114 +2,21 @@ domain ====== -Identity v3 +A **domain** is a collection of **users**, **groups**, and **projects**. Each +**group** and **project** is owned by exactly one **domain**. Applies to +Identity v3. -domain create -------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: domain create -Create new domain +.. autoprogram-cliff:: openstack.identity.v3 + :command: domain delete -.. program:: domain create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: domain list - openstack domain create - [--description ] - [--enable | --disable] - [--or-show] - +.. autoprogram-cliff:: openstack.identity.v3 + :command: domain set -.. option:: --description - - New domain description - -.. option:: --enable - - Enable domain (default) - -.. option:: --disable - - Disable domain - -.. option:: --or-show - - Return existing domain - - If the domain already exists, return the existing domain data and do not fail. - -.. describe:: - - New domain name - -domain delete -------------- - -Delete domain(s) - -.. program:: domain delete -.. code:: bash - - openstack domain delete - [ ...] - -.. describe:: - - Domain(s) to delete (name or ID) - -domain list ------------ - -List domains - -.. program:: domain list -.. code:: bash - - openstack domain list - -domain set ----------- - -Set domain properties - -.. program:: domain set -.. code:: bash - - openstack domain set - [--name ] - [--description ] - [--enable | --disable] - - -.. option:: --name - - New domain name - -.. option:: --description - - New domain description - -.. option:: --enable - - Enable domain - -.. option:: --disable - - Disable domain - -.. describe:: - - Domain to modify (name or ID) - -domain show ------------ - -Display domain details - -.. program:: domain show -.. code:: bash - - openstack domain show - - -.. describe:: - - Domain to display (name or ID) +.. autoprogram-cliff:: openstack.identity.v3 + :command: domain show diff --git a/doc/source/cli/command-objects/federation-protocol.rst b/doc/source/cli/command-objects/federation-protocol.rst index e1f98174c0..3a99fd72b9 100644 --- a/doc/source/cli/command-objects/federation-protocol.rst +++ b/doc/source/cli/command-objects/federation-protocol.rst @@ -2,111 +2,21 @@ federation protocol =================== -Identity v3 +A **federation protocol** is used by the Identity service's OS-FEDERATION +extension. It is used by **identity providers** and **mappings**. Applicable to +Identity v3. -`Requires: OS-FEDERATION extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: federation protocol create -federation protocol create --------------------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: federation protocol delete -Create new federation protocol +.. autoprogram-cliff:: openstack.identity.v3 + :command: federation protocol list -.. program:: federation protocol create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: federation protocol set - openstack federation protocol create - --identity-provider - --mapping - - -.. option:: --identity-provider - - Identity provider that will support the new federation protocol (name or ID) (required) - -.. option:: --mapping - - Mapping that is to be used (name or ID) (required) - -.. describe:: - - New federation protocol name (must be unique per identity provider) - -federation protocol delete --------------------------- - -Delete federation protocol(s) - -.. program:: federation protocol delete -.. code:: bash - - openstack federation protocol delete - --identity-provider - [ ...] - -.. option:: --identity-provider - - Identity provider that supports (name or ID) (required) - -.. describe:: - - Federation protocol(s) to delete (name or ID) - -federation protocol list ------------------------- - -List federation protocols - -.. program:: federation protocol list -.. code:: bash - - openstack federation protocol list - --identity-provider - -.. option:: --identity-provider - - Identity provider to list (name or ID) (required) - -federation protocol set ------------------------ - -Set federation protocol properties - -.. program:: federation protocol set -.. code:: bash - - openstack federation protocol set - --identity-provider - [--mapping ] - - -.. option:: --identity-provider - - Identity provider that supports (name or ID) (required) - -.. option:: --mapping - - Mapping that is to be used (name or ID) - -.. describe:: - - Federation protocol to modify (name or ID) - -federation protocol show ------------------------- - -Display federation protocol details - -.. program:: federation protocol show -.. code:: bash - - openstack federation protocol show - --identity-provider - - -.. option:: --identity-provider - - Identity provider that supports (name or ID) (required) - -.. describe:: - - Federation protocol to display (name or ID) +.. autoprogram-cliff:: openstack.identity.v3 + :command: federation protocol show diff --git a/doc/source/cli/command-objects/identity-provider.rst b/doc/source/cli/command-objects/identity-provider.rst index d96b814aea..36c9264a64 100644 --- a/doc/source/cli/command-objects/identity-provider.rst +++ b/doc/source/cli/command-objects/identity-provider.rst @@ -2,132 +2,21 @@ identity provider ================= -Identity v3 +An **identity provider** is used by the Identity service's OS-FEDERATION +extension. It is used by **federation protocols** and **mappings**. Applicable +to Identity v3. -`Requires: OS-FEDERATION extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: identity provider create -identity provider create ------------------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: identity provider delete -Create new identity provider +.. autoprogram-cliff:: openstack.identity.v3 + :command: identity provider list -.. program:: identity provider create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: identity provider set - openstack identity provider create - [--remote-id [...] | --remote-id-file ] - [--description ] - [--domain ] - [--enable | --disable] - - -.. option:: --remote-id - - Remote IDs to associate with the Identity Provider - (repeat option to provide multiple values) - -.. option:: --remote-id-file - - Name of a file that contains many remote IDs to associate with the identity - provider, one per line - -.. option:: --description - - New identity provider description - -.. option:: --domain - - Name or ID of the domain to associate with the identity provider. If not - specified, one will be created automatically - -.. option:: --enable - - Enable the identity provider (default) - -.. option:: --disable - - Disable the identity provider - -.. describe:: - - New identity provider name (must be unique) - -identity provider delete ------------------------- - -Delete identity provider(s) - -.. program:: identity provider delete -.. code:: bash - - openstack identity provider delete - [ ...] - -.. describe:: - - Identity provider(s) to delete - -identity provider list ----------------------- - -List identity providers - -.. program:: identity provider list -.. code:: bash - - openstack identity provider list - -identity provider set ---------------------- - -Set identity provider properties - -.. program:: identity provider set -.. code:: bash - - openstack identity provider set - [--remote-id [...] | --remote-id-file ] - [--description ] - [--enable | --disable] - - -.. option:: --remote-id - - Remote IDs to associate with the Identity Provider - (repeat option to provide multiple values) - -.. option:: --remote-id-file - - Name of a file that contains many remote IDs to associate with the identity - provider, one per line - -.. option:: --description - - Set identity provider description - -.. option:: --enable - - Enable the identity provider - -.. option:: --disable - - Disable the identity provider - -.. describe:: - - Identity provider to modify - -identity provider show ----------------------- - -Display identity provider details - -.. program:: identity provider show -.. code:: bash - - openstack identity provider show - - -.. describe:: - - Identity provider to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: identity provider show diff --git a/doc/source/cli/command-objects/mapping.rst b/doc/source/cli/command-objects/mapping.rst index 1f657ed282..73dbbc8d8b 100644 --- a/doc/source/cli/command-objects/mapping.rst +++ b/doc/source/cli/command-objects/mapping.rst @@ -2,90 +2,21 @@ mapping ======= -Identity v3 +A **mapping** is used by the Identity service's OS-FEDERATION +extension. It is used by **federation protocols** and **identity providers**. +Applicable to Identity v3. -`Requires: OS-FEDERATION extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: mapping create -mapping create --------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: mapping delete -Create new mapping +.. autoprogram-cliff:: openstack.identity.v3 + :command: mapping list -.. program:: mapping create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: mapping set - openstack mapping create - --rules - - -.. option:: --rules - - Filename that contains a set of mapping rules (required) - -.. _mapping_create-mapping: -.. describe:: - - New mapping name (must be unique) - -mapping delete --------------- - -Delete mapping(s) - -.. program:: mapping delete -.. code:: bash - - openstack mapping delete - [ ...] - -.. _mapping_delete-mapping: -.. describe:: - - Mapping(s) to delete - -mapping list ------------- - -List mappings - -.. program:: mapping list -.. code:: bash - - openstack mapping list - -mapping set ------------ - -Set mapping properties - -.. program:: mapping set -.. code:: bash - - openstack mapping set - [--rules ] - - -.. option:: --rules - - Filename that contains a new set of mapping rules - -.. _mapping_set-mapping: -.. describe:: - - Mapping to modify - -mapping show ------------- - -Display mapping details - -.. program:: mapping show -.. code:: bash - - openstack mapping show - - -.. _mapping_show-mapping: -.. describe:: - - Mapping to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: mapping show diff --git a/doc/source/cli/command-objects/policy.rst b/doc/source/cli/command-objects/policy.rst index deddf2c438..0fe104c56d 100644 --- a/doc/source/cli/command-objects/policy.rst +++ b/doc/source/cli/command-objects/policy.rst @@ -2,94 +2,20 @@ policy ====== -Identity v3 +A **policy** is an arbitrarily serialized policy engine rule set to be consumed +by a remote service. Applies to Identity v3. -policy create -------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: policy create -Create new policy +.. autoprogram-cliff:: openstack.identity.v3 + :command: policy delete -.. program:: policy create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: policy list - openstack policy create - [--type ] - +.. autoprogram-cliff:: openstack.identity.v3 + :command: policy set -.. option:: --type - - New MIME type of the policy rules file (defaults to application/json) - -.. describe:: - - New serialized policy rules file - -policy delete -------------- - -Delete policy(s) - -.. program:: policy delete -.. code:: bash - - openstack policy delete - [ ...] - -.. describe:: - - Policy(s) to delete - -policy list ------------ - -List policies - -.. program:: policy list -.. code:: bash - - openstack policy list - [--long] - -.. option:: --long - - List additional fields in output - -policy set ----------- - -Set policy properties - -.. program:: policy set -.. code:: bash - - openstack policy set - [--type ] - [--rules ] - - -.. option:: --type - - New MIME type of the policy rules file - -.. describe:: --rules - - New serialized policy rules file - -.. describe:: - - Policy to modify - -policy show ------------ - -Display policy details - -.. program:: policy show -.. code:: bash - - openstack policy show - - -.. describe:: - - Policy to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: policy show diff --git a/doc/source/cli/command-objects/region.rst b/doc/source/cli/command-objects/region.rst index d2c63c1bd8..58cc341f9a 100644 --- a/doc/source/cli/command-objects/region.rst +++ b/doc/source/cli/command-objects/region.rst @@ -2,103 +2,21 @@ region ====== -Identity v3 +A **region** is a general division of an OpenStack deployment. You can associate +zero or more sub-regions with a region to create a tree-like structured +hierarchy. Applies to Identity v3. -region create -------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: region create -Create new region +.. autoprogram-cliff:: openstack.identity.v3 + :command: region delete -.. program:: region create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: region list - openstack region create - [--parent-region ] - [--description ] - +.. autoprogram-cliff:: openstack.identity.v3 + :command: region set -.. option:: --parent-region - - Parent region ID - -.. option:: --description - - New region description - -.. _region_create-region-id: -.. describe:: - - New region ID - -region delete -------------- - -Delete region(s) - -.. program:: region delete -.. code:: bash - - openstack region delete - [ ...] - -.. _region_delete-region-id: -.. describe:: - - Region ID(s) to delete - -region list ------------ - -List regions - -.. program:: region list -.. code:: bash - - openstack region list - [--parent-region ] - -.. option:: --parent-region - - Filter by parent region ID - -region set ----------- - -Set region properties - -.. program:: region set -.. code:: bash - - openstack region set - [--parent-region ] - [--description ] - - -.. option:: --parent-region - - New parent region ID - -.. option:: --description - - New region description - -.. _region_set-region-id: -.. describe:: - - Region to modify - -region show ------------ - -Display region details - -.. program:: region show -.. code:: bash - - openstack region show - - -.. _region_show-region-id: -.. describe:: - - Region to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: region show diff --git a/doc/source/cli/command-objects/request-token.rst b/doc/source/cli/command-objects/request-token.rst index 3c80780f8e..e10f6640ef 100644 --- a/doc/source/cli/command-objects/request-token.rst +++ b/doc/source/cli/command-objects/request-token.rst @@ -2,57 +2,12 @@ request token ============= -Identity v3 +A **request token** is used by the Identity service's OS-OAUTH1 extension. It +is used by the **consumer** to request **access tokens**. Applicable to +Identity v3. -`Requires: OS-OAUTH1 extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: request token authorize -request token authorize ------------------------ - -Authorize a request token - -.. program:: request token authorize -.. code:: bash - - openstack request token authorize - --request-key - --role - -.. option:: --request-key - - Request token to authorize (ID only) (required) - -.. option:: --role - - Roles to authorize (name or ID) - (repeat option to set multiple values) (required) - -request token create --------------------- - -Create a request token - -.. program:: request token create -.. code:: bash - - openstack request token create - --consumer-key - --consumer-secret - --project - [--domain ] - -.. option:: --consumer-key - - Consumer key (required) - -.. option:: --description - - Consumer secret (required) - -.. option:: --project - - Project that consumer wants to access (name or ID) (required) - -.. option:: --domain - - Domain owning (name or ID) +.. autoprogram-cliff:: openstack.identity.v3 + :command: request token create diff --git a/doc/source/cli/command-objects/service-provider.rst b/doc/source/cli/command-objects/service-provider.rst index 63ef44e1f2..a92c3b208c 100644 --- a/doc/source/cli/command-objects/service-provider.rst +++ b/doc/source/cli/command-objects/service-provider.rst @@ -1,125 +1,22 @@ -================ -service provider -================ +================= +identity provider +================= -Identity v3 +A **service provider** is used by the Identity service's OS-FEDERATION +extension. It is used by to register another OpenStack Identity service. +Applicable to Identity v3. -`Requires: OS-FEDERATION extension` +.. autoprogram-cliff:: openstack.identity.v3 + :command: service provider create -service provider create ------------------------ +.. autoprogram-cliff:: openstack.identity.v3 + :command: service provider delete -Create new service provider +.. autoprogram-cliff:: openstack.identity.v3 + :command: service provider list -.. program:: service provider create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: service provider set - openstack service provider create - [--description ] - [--enable | --disable] - --auth-url - --service-provider-url - - -.. option:: --auth-url - - Authentication URL of remote federated service provider (required) - -.. option:: --service-provider-url - - A service URL where SAML assertions are being sent (required) - -.. option:: --description - - New service provider description - -.. option:: --enable - - Enable the service provider (default) - -.. option:: --disable - - Disable the service provider - -.. describe:: - - New service provider name (must be unique) - -service provider delete ------------------------ - -Delete service provider(s) - -.. program:: service provider delete -.. code:: bash - - openstack service provider delete - [ ...] - -.. describe:: - - Service provider(s) to delete - -service provider list ---------------------- - -List service providers - -.. program:: service provider list -.. code:: bash - - openstack service provider list - -service provider set --------------------- - -Set service provider properties - -.. program:: service provider set -.. code:: bash - - openstack service provider set - [--enable | --disable] - [--description ] - [--auth-url ] - [--service-provider-url ] - - -.. option:: --service-provider-url - - New service provider URL, where SAML assertions are sent - -.. option:: --auth-url - - New Authentication URL of remote federated service provider - -.. option:: --description - - New service provider description - -.. option:: --enable - - Enable the service provider - -.. option:: --disable - - Disable the service provider - -.. describe:: - - Service provider to modify - -service provider show ---------------------- - -Display service provider details - -.. program:: service provider show -.. code:: bash - - openstack service provider show - - -.. describe:: - - Service provider to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: service provider show diff --git a/doc/source/cli/command-objects/trust.rst b/doc/source/cli/command-objects/trust.rst index 28459bcaf6..febef1c5b6 100644 --- a/doc/source/cli/command-objects/trust.rst +++ b/doc/source/cli/command-objects/trust.rst @@ -2,101 +2,17 @@ trust ===== -Identity v3 +A **trust** provide project-specific role delegation between users, with +optional impersonation. Requires the OS-TRUST extension. Applies to Identity v3. -trust create ------------- +.. autoprogram-cliff:: openstack.identity.v3 + :command: trust create -Create new trust +.. autoprogram-cliff:: openstack.identity.v3 + :command: trust delete -.. program:: trust create -.. code:: bash +.. autoprogram-cliff:: openstack.identity.v3 + :command: trust list - openstack trust create - --project - --role - [--impersonate] - [--expiration ] - [--project-domain ] - [--trustor-domain ] - [--trustee-domain ] - - - -.. option:: --project - - Project being delegated (name or ID) (required) - -.. option:: --role - - Roles to authorize (name or ID) (repeat option to set multiple values, required) - -.. option:: --impersonate - - Tokens generated from the trust will represent (defaults to False) - -.. option:: --expiration - - Sets an expiration date for the trust (format of YYYY-mm-ddTHH:MM:SS) - -.. option:: --project-domain - - Domain the project belongs to (name or ID). This can be - used in case collisions between user names exist. - -.. option:: --trustor-domain - - Domain that contains (name or ID) - -.. option:: --trustee-domain - - Domain that contains (name or ID) - -.. describe:: - - User that is delegating authorization (name or ID) - -.. describe:: - - User that is assuming authorization (name or ID) - - -trust delete ------------- - -Delete trust(s) - -.. program:: trust delete -.. code:: bash - - openstack trust delete - [ ...] - -.. describe:: - - Trust(s) to delete - -trust list ----------- - -List trusts - -.. program:: trust list -.. code:: bash - - openstack trust list - -trust show ----------- - -Display trust details - -.. program:: trust show -.. code:: bash - - openstack trust show - - -.. describe:: - - Trust to display +.. autoprogram-cliff:: openstack.identity.v3 + :command: trust show