Gets an authentication token that permits access to the OpenStack services REST API.
{ "versions": { "values": [ { "id": "v3.4", "links": [ { "href": "http://localhost:35357/v3/", "rel": "self" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v3+json" } ], "status": "stable", "updated": "2015-03-30T00:00:00Z" }, { "id": "v2.0", "links": [ { "href": "http://localhost:35357/v2.0/", "rel": "self" }, { "href": "http://docs.openstack.org/", "rel": "describedby", "type": "text/html" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v2.0+json" } ], "status": "stable", "updated": "2014-04-17T00:00:00Z" } ] } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
version | plain | xsd:string |
A |
status | plain | xsd:string |
The status of the version. For example,
|
updated | plain | xsd:string |
The date and time stamp for the last update. |
media-types | plain | xsd:string |
A
|
id | plain | xsd:string |
The
version ID, such as |
links | plain | xsd:string |
The version links. |
{ "version": { "id": "v3.4", "links": [ { "href": "http://localhost:35357/v3/", "rel": "self" } ], "media-types": [ { "base": "application/json", "type": "application/vnd.openstack.identity-v3+json" } ], "status": "stable", "updated": "2015-03-30T00:00:00Z" } }
This operation does not accept a request body.
Returns a token, if successful. Each REST request requires the
inclusion of a specific authorization token HTTP x-header,
defined as X-Auth-Token
. Clients obtain X
-Auth-Token
and the URL endpoints for other service
APIs by supplying their valid credentials to the
authentication service.
A REST interface provides client authentication by using the
POST method, with auth/tokens
supplied as the
path. The body of the request must include a payload of
credentials including the authentication method and,
optionally, the authorization scope. The scope includes either
a project or domain. If you include both project and domain,
an HTTP 400 Bad Request
results, because a token
cannot be simultaneously scoped as both a project and domain.
If you do not include the optional scope and the
authenticating user has a defined default project (the
default_project_id
attribute for the user),
that default project is treated as the preferred
authorization scope.
If no default project is defined, the token is issued without an explicit scope of authorization.
Provide one of the following sets of credentials to authenticate: User ID and password, user name and password scoped by domain ID or name, user ID and password scoped by project ID or name with or without domain scope, or token. \
The following examples demonstrate authentication requests with different types of credentials.
If scope
is included, project id
uniquely identifies the project
. However,
project name
uniquely identifies the
project
only when used in conjunction with a
domain ID
or a domain name
.
If the authentication token has expired, a
If the subject token has expired, this call returns
a
The Identity API treats expired tokens as not valid tokens.
The deployment determines how long expired tokens are stored.
As the following example responses show, the
response to an authentication request returns the
token ID in the X-Subject-Token
header
instead of in the token data.
If the call has no explicit authorization scope, the
response does not contain the catalog
,
project
, domain
, or
roles
fields. However, the response
still uniquely identifies the user.
A token scoped to a project
also has
both a service catalog
and the user's
roles applicable to the project
.
A token scoped to a domain
also has
both a service catalog
and the user's
roles applicable to the project
.
Optionally, The Identity API implementation might
return an authentication
attribute to
indicate the supported authentication methods.
For authentication processes that require
multiple round trips, The Identity API implementation
might return an HTTP 401 Unauthorized
error with additional information for the next
authentication step.
The following examples illustrate several possible
HTTP 401 Unauthorized authentication errors. Other
errors like HTTP
Parameter | Style | Type | Description |
auth | plain | xsd:string |
An |
identity | plain | xsd:string |
An
|
methods | plain | xsd:string |
The authentication method, which is
With password authentication, you can specify user ID and password, user name and password scoped by domain ID or name, or user ID and password scoped by project ID or name with or without domain scope. With token authentication, you specify the token ID. |
password (Optional) | plain | xsd:string |
A |
scope (Optional) | plain | xsd:string |
Token can be scoped for a domain or project. Specify
either an |
token (Optional) | plain | xsd:string |
A |
user (Optional) | plain | xsd:string |
A |
id (Optional) | plain | xsd:string |
With password authentication, |
name (Optional) | plain | xsd:string |
The user name. |
password (Optional) | plain | xsd:string |
The password. |
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "0ca8f6", "password": "secretsecret" } } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "id": "1789d1" }, "name": "Joe", "password": "secretsecret" } } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "name": "example.com" }, "name": "Joe", "password": "secretsecret" } } } } }
{ "auth": { "identity": { "methods": [ "token" ], "token": { "id": "e80b74" } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "0ca8f6", "password": "secretsecret" } } }, "scope": { "project": { "id": "263fd9" } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "0ca8f6", "password": "secretsecret" } } }, "scope": { "domain": { "id": "263fd9" } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "0ca8f6", "password": "secretsecret" } } }, "scope": { "project": { "domain": { "id": "1789d1" }, "name": "project-x" } } } }
{ "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "0ca8f6", "password": "secretsecret" } } }, "scope": { "project": { "domain": { "name": "example.com" }, "name": "project-x" } } } }
{ "token": { "expires_at": "2013-02-27T18:30:59.999999Z", "issued_at": "2013-02-27T16:30:59.999999Z", "methods": [ "password" ], "user": { "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "id": "0ca8f6", "links": { "self": "http://identity:35357/v3/users/0ca8f6" }, "name": "Joe" } } }
{ "token": { "catalog": "FIXME(dolph): need an example here", "expires_at": "2013-02-27T18:30:59.999999Z", "issued_at": "2013-02-27T16:30:59.999999Z", "methods": [ "password" ], "project": { "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "id": "263fd9", "links": { "self": "http://identity:35357/v3/projects/263fd9" }, "name": "project-x" }, "roles": [ { "id": "76e72a", "links": { "self": "http://identity:35357/v3/roles/76e72a" }, "name": "admin" }, { "id": "f4f392", "links": { "self": "http://identity:35357/v3/roles/f4f392" }, "name": "member" } ], "user": { "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "id": "0ca8f6", "links": { "self": "http://identity:35357/v3/users/0ca8f6" }, "name": "Joe" } } }
{ "token": { "catalog": "FIXME(dolph): need an example here", "expires_at": "2013-02-27T18:30:59.999999Z", "issued_at": "2013-02-27T16:30:59.999999Z", "methods": [ "password" ], "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "roles": [ { "id": "76e72a", "links": { "self": "http://identity:35357/v3/roles/76e72a" }, "name": "admin" }, { "id": "f4f392", "links": { "self": "http://identity:35357/v3/roles/f4f392" }, "name": "member" } ], "user": { "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "id": "0ca8f6", "links": { "self": "http://identity:35357/v3/users/0ca8f6" }, "name": "Joe" } } }
{ "error": { "code": 401, "message": "The request you have made requires authentication", "title": "Not Authorized" } }
{ "error": { "code": 401, "identity": { "methods": [ "password", "token", "challenge-response" ] }, "message": "Need to authenticate with one or more supported methods", "title": "Not Authorized" } }
{ "error": { "code": 401, "identity": { "challenge-response": { "challenge": "What was the zip code of your birthplace?", "session_id": "123456" }, "methods": [ "challenge-response" ] }, "message": "Additional authentications steps required.", "title": "Not Authorized" } }
Pass your own token in the X-Auth-Token
header and the token to be validated in the
X-Subject-Token
header. The Identity
API returns the same response as when the subject
token was issued by POST /auth/tokens
.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
X-Subject-Token | header | xsd:string |
The token ID. |
Parameter | Style | Type | Description |
issued_at (Optional) | plain | xsd:string |
A |
expires_at (Optional) | plain | xsd:string |
The date and time stamp for when the token expires. |
issued_at (Optional) | plain | xsd:string |
The date and time stamp for when the token was issued. |
methods | plain | xsd:string |
The authentication method, which is
With password authentication, you can specify user ID and password, user name and password scoped by domain ID or name, or user ID and password scoped by project ID or name with or without domain scope. With token authentication, you specify the token ID. |
user (Optional) | plain | xsd:string |
A |
domain (Optional) | plain | xsd:string |
Specify either |
id (Optional) | plain | xsd:string |
The domain ID. |
links (Optional) | plain | xsd:dict |
The domain links. |
name (Optional) | plain | xsd:string |
The domain name. |
id (Optional) | plain | xsd:string |
The user ID. |
links (Optional) | plain | xsd:dict |
The user links. |
name (Optional) | plain | xsd:string |
The user name. |
Headers: X-Auth-Token: 1dd7e3 X-Subject-Token: c67580
{ "token": { "expires_at": "2013-02-27T18:30:59.999999Z", "issued_at": "2013-02-27T16:30:59.999999Z", "methods": [ "password" ], "user": { "domain": { "id": "1789d1", "links": { "self": "http://identity:35357/v3/domains/1789d1" }, "name": "example.com" }, "id": "0ca8f6", "links": { "self": "http://identity:35357/v3/users/0ca8f6" }, "name": "Joe" } } }
This call is similar to GET
/auth/tokens
, but no response body is
provided, even in the X-Subject-Token
header.
The Identity API returns the same response as
when the subject token was issued by POST
/auth/tokens
, even if an error occurs
because the token is not valid. A 204 response
indicates that the X-Subject-Token
is
valid.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
X-Subject-Token | header | xsd:string |
The token ID. |
Headers: X-Auth-Token: 1dd7e3 X-Subject-Token: c67580
This operation does not return a response body.
This call is similar to HEAD
/auth/tokens
, except that the
X-Subject-Token
token is immediately
not valid (regardless of the expires_at
attribute). An additional X-Auth-Token
is
not required.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
X-Subject-Token | header | xsd:string |
The token ID. |
Headers: X-Auth-Token: 1dd7e3 X-Subject-Token: c67580
This operation does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
type | plain | xsd:string |
The MIME Media Type of the serialized policy blob. |
name (Optional) | plain | xsd:string |
The service name. |
Parameter | Style | Type | Description |
links | plain | csapi:dict |
Policy links. |
services | plain | xsd:string |
A |
description (Optional) | plain | xsd:string |
The description. |
id | plain | xsd:string |
The service ID. |
links | plain | xsd:string |
The service links. |
name | plain | xsd:string |
The service name. |
type | plain | xsd:string |
The service type. |
{ "service": { "type": "volume" } }
{ "service": { "id": "--service-id--", "type": "volume" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
type (Optional) | query | xsd:string |
Filters by service type. Service types include compute, ec2, image, and identity. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
service | plain | xsd:string |
A |
id | plain | xsd:string |
The service ID. |
type | plain | xsd:string |
The service type. |
{ "links": { "next": null, "previous": null, "self": "http://identity:5000/v3/services" }, "services": [ { "description": "Keystone Identity Service", "id": "--service-id--", "links": { "self": "http://identity:5000/v3/services/--service-id--" }, "name": "keystone", "type": "identity" }, { "id": "--service-id--", "links": { "self": "http://identity:5000/v3/services/--service-id--" }, "type": "volume" } ] }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
service_id | URI | capi:uuid |
The service ID. |
Parameter | Style | Type | Description |
service | plain | xsd:string |
A |
description (Optional) | plain | xsd:string |
The description. |
id | plain | xsd:string |
The service ID. |
links | plain | xsd:string |
The service links. |
name | plain | xsd:string |
The service name. |
type | plain | xsd:string |
The service type. |
{ "service": { "description": "Keystone Identity Service", "id": "--service-id--", "links": { "self": "http://identity:5000/v3/services/--service-id--" }, "name": "keystone", "type": "identity" } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
service_id | URI | capi:uuid |
The service ID. |
type | plain | xsd:string |
The MIME Media Type of the serialized policy blob. |
Parameter | Style | Type | Description |
services | plain | xsd:string |
A |
id | plain | xsd:string |
The service ID. |
type | plain | xsd:string |
The service type. |
{ "type": "volume" }
{ "service": { "id": "--service-id--", "type": "volume" } }
Deleting a service when endpoints exist should either (1) delete all associated endpoints or (2) fail until endpoints are deleted.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
service_id | URI | capi:uuid |
The service ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
endpoint | plain | xsd:string |
An |
interface | plain | xsd:string |
The interface type, which is |
name | plain | xsd:string |
The name. |
region | plain | xsd:string |
The service region. |
url | plain | xsd:string |
The service URL. |
service_id | plain | xsd:string |
The service ID. |
Parameter | Style | Type | Description |
endpoint | plain | xsd:string |
An |
interface | plain | xsd:string |
The interface type, which is |
links | plain | csapi:dict |
Policy links. |
name | plain | xsd:string |
The name. |
region | plain | xsd:string |
The service region. |
url | plain | xsd:string |
The service URL. |
service_id | plain | xsd:string |
The service ID. |
{ "endpoint": { "interface": "[admin|public|internal]", "name": "name", "region": "--optional--", "url": "...", "service_id": "--service-id--" } }
{ "endpoint": { "id": "--endpoint-id--", "interface": "internal", "links": { "self": "http://identity:35357/v3/endpoints/--endpoint-id--" }, "name": "the internal volume endpoint", "region": "--optional--", "service_id": "--service-id--", "url": "..." } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
interface (Optional) | query | xsd:string |
Filters by interface. |
service_id (Optional) | query | xsd:string |
Filters by service_id. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
endpoint | plain | xsd:string |
An |
interface | plain | xsd:string |
The interface type, which is |
name (Optional) | plain | xsd:string |
The name of the resource. |
region | plain | xsd:string |
The service region. |
url | plain | xsd:string |
The service URL. |
service_id | plain | xsd:string |
The service ID. |
[ { "id": "--endpoint-id--", "interface": "public", "links": { "self": "http://identity:35357/v3/endpoints/--endpoint-id--" }, "name": "the public volume endpoint", "service_id": "--service-id--" }, { "id": "--endpoint-id--", "interface": "internal", "links": { "self": "http://identity:35357/v3/endpoints/--endpoint-id--" }, "name": "the internal volume endpoint", "service_id": "--service-id--" } ]
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
endpoint_id | URI | capi:uuid |
The endpoint ID. |
endpoint | plain | xsd:string |
An |
interface (Optional) | plain | xsd:string |
The interface type, which is |
name | plain | xsd:string |
The name. |
region (Optional) | plain | xsd:string |
The service region. |
url (Optional) | plain | xsd:string |
The service URL. |
service_id (Optional) | plain | xsd:string |
The service ID. |
Parameter | Style | Type | Description |
endpoint | plain | xsd:string |
An |
interface | plain | xsd:string |
The interface type, which is |
links | plain | csapi:dict |
Policy links. |
name | plain | xsd:string |
The name. |
region | plain | xsd:string |
The service region. |
url | plain | xsd:string |
The service URL. |
service_id | plain | xsd:string |
The service ID. |
{ "endpoint": { "interface": "--optional--", "name": "--optional--", "region": "--optional--", "url": "--optional--", "service_id": "--optional--" } }
{ "endpoint": { "id": "--endpoint-id--", "interface": "internal", "links": { "self": "http://identity:35357/v3/endpoints/--endpoint-id--" }, "name": "the internal volume endpoint", "region": "--optional--", "service_id": "--service-id--", "url": "..." } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
endpoint_id | URI | capi:uuid |
The endpoint ID. |
This operation does not accept a request body and does not return a response body.
Domains represent collections of users, groups, and projects. Each is owned by exactly one domain. Users, however, can be associated with multiple projects by granting roles to the user on a project, including projects owned by other domains.
Each domain defines a namespace where certain API-visible name attributes exist, which affects whether those names must be globally unique or unique within that domain. In the Identity API, the uniqueness of the following attributes is as follows:
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
description (Optional) | plain | xsd:string |
The domain description. |
enabled (Optional) | plain | xsd:boolean |
Set to true to enable the domain. Otherwise, set to false. |
name | plain | xsd:string |
The domain name. |
Parameter | Style | Type | Description |
domain (Optional) | plain | xsd:string |
Specify either |
description (Optional) | plain | xsd:string |
The description. |
enabled (Optional) | plain | xsd:boolean |
If true, the domain is enabled. If false, the domain is disabled. |
id (Optional) | plain | xsd:string |
The domain ID. |
links | plain | csapi:dict |
Policy links. |
name (Optional) | plain | xsd:string |
The name of the resource. |
{ "domain": { "description": "--optional--", "enabled": "--optional--", "name": "..." } }
{ "domain": { "description": "desc of domain", "enabled": true, "id": "--domain-id--", "links": { "self": "http://identity:35357/v3/domains/--domain-id--" }, "name": "my domain" } }
Parameter | Style | Type | Description |
name (Optional) | query | xsd:string |
Filters on a name. |
enabled (Optional) | query | xsd:string |
Filters on enabled or disabled roles. Values are true or false. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
description (Optional) | plain | xsd:string |
The description. |
enabled (Optional) | plain | xsd:boolean |
If true, the domain is enabled. If false, the domain is disabled. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
name (Optional) | plain | xsd:string |
The name of the resource. |
{ "domains": [ { "description": "desc of domain", "enabled": true, "id": "--domain-id--", "links": { "self": "http://identity:35357/v3/domains/--domain-id--" }, "name": "my domain" }, { "description": "desc of another domain", "enabled": true, "id": "--domain-id--", "links": { "self": "http://identity:35357/v3/domains/--domain-id--" }, "name": "another domain" } ] }
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
Parameter | Style | Type | Description |
domains | plain | xsd:string |
A |
description (Optional) | plain | xsd:string |
The description. |
enabled (Optional) | plain | xsd:boolean |
If true, the domain is enabled. If false, the domain is disabled. |
id (Optional) | plain | xsd:string |
The domain ID. |
links | plain | csapi:dict |
Policy links. |
name (Optional) | plain | xsd:string |
The name of the resource. |
{ "domain": { "description": "desc of domain", "enabled": true, "id": "--domain-id--", "links": { "self": "http://identity:35357/v3/domains/--domain-id--" }, "name": "my domain" } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
description (Optional) | plain | xsd:string |
The domain description. |
enabled (Optional) | plain | xsd:boolean |
Set to true to enable the domain. Otherwise, set to false. |
name | plain | xsd:string |
The domain name. |
{ "domain": { "description": "my updated domain", "enabled": true, "name": "myUpdatedDomain" } }
{ "domain": { "description": "my updated domain", "enabled": true, "id": "--domain-id--", "links": { "self": "http://identity:35357/v3/domains/--domain-id--" }, "name": "myUpdatedDomain" } }
To minimize the risk of accidentally deleting a
domain, you must first disable the domain by using the
update domain API. If you try to delete an enabled
domain, the call returns an HTTP 403
Forbidden
response.
Deleting a domain deletes all entities owned by it, such as users, groups, and projects, as well as any credentials and granted roles that relate to those entities.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
This operation does not accept a request body and does not return a response body.
Lists roles for a user on a domain.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
user_id | URI | capi:uuid |
The user ID. |
{ "roles": [ { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "admin" }, { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "manager" } ], "links": { "self": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles", "previous": null, "next": null } }
This operation does not accept a request body.
Grants a role to a specified domain user.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Validates that a user has a role on a domain.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Revokes a role from a specified domain user.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Lists roles for a specified domain group.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
group_id | URI | capi:uuid |
The group ID. |
{ "roles": [ { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "admin" }, { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "manager" } ], "links": { "self": "http://identity:35357/v3/domains/--domain-id--/groups/--group-id--/roles", "previous": null, "next": null } }
This operation does not accept a request body.
Grants a specified role to a specified domain group.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid | The role ID. |
This operation does not accept a request body and does not return a response body.
Validates that a group has a role on a domain.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid | The role ID. |
This operation does not accept a request body and does not return a response body.
Revokes a role from a group on a domain.
Parameter | Style | Type | Description |
domain_id | URI | capi:uuid |
The domain ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid | The role ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
{ "project": { "description": "...", "domain_id": "...", "enabled": "...", "name": "..." } }
{ "project": { "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "a project name" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
domain_id (Optional) | query | xsd:string |
Filters on domain_id. |
name (Optional) | query | xsd:string |
Filters on a name. |
enabled (Optional) | query | xsd:string |
Filters on enabled or disabled roles. Values are true or false. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
{ "projects": [ { "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "a project name" }, { "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "another project" } ], "links": { "self": "http://identity:35357/v3/projects", "previous": null, "next": null } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
{ "project": { "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "a project name" } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
{ "project": { "description": "my updated project", "domain_id": "...", "enabled": true, "name": "myUpdatedProject" } }
{ "project": { "description": "my updated project", "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "myUpdatedProject" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
This operation does not accept a request body and does not return a response body.
Lists roles for a user in a project.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
user_id | URI | capi:uuid |
The user ID. |
{ "roles": [ { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "admin" }, { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "manager" } ], "links": { "self": "http://identity:35357/v3/projects/--project-id--/users/--user-id--/roles", "previous": null, "next": null } }
This operation does not accept a request body.
Grants a role to a user on a project.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Validates that a user has a specified role on a project.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Revokes a role from a project user.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
user_id | URI | capi:uuid |
The user ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Lists roles for a project group.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
group_id | URI | capi:uuid |
The group ID. |
{ "roles": [ { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "admin" }, { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "manager" } ], "links": { "self": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles", "previous": null, "next": null } }
This operation does not accept a request body.
Grants a role to a project group.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Validates that a project group has a role.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Revokes a role from a project group.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
project_id | URI | xsd:string | The project ID. |
group_id | URI | capi:uuid |
The group ID. |
role_id | URI | capi:uuid |
The role ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
{ "user": { "default_project_id": "...", "description": "...", "domain_id": "--optional--", "email": "...", "enabled": "...", "name": "...", "password": "--optional--" } }
{ "user": { "default_project_id": "--default-project-id--", "description": "a user", "domain_id": "1789d1", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "admin" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
domain_id (Optional) | query | xsd:string |
Filters on domain_id. |
name (Optional) | query | xsd:string |
Filters on a name. |
enabled (Optional) | query | xsd:string |
Filters on enabled or disabled roles. Values are true or false. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
{ "users": [ { "default_project_id": "--default-project-id--", "description": "a user", "domain_id": "1789d1", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "admin" }, { "default_project_id": "--default-project-id--", "description": "another user", "domain_id": "1789d1", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "someone" } ], "links": { "self": "http://identity:35357/v3/users", "previous": null, "next": null } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
user_id | URI | capi:uuid | The user ID. |
{ "user": { "default_project_id": "--default-project-id--", "description": "a user", "domain_id": "1789d1", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "admin" } }
This operation does not accept a request body.
Updates the password for or enables or disables a specified user.
This operation might return the HTTP 501 Not
Implemented
code if the back-end driver
does not allow this functionality.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
user_id | URI | capi:uuid | The user ID. |
{ "user": { "default_project_id": "...", "description": "my updated user", "email": "...", "enabled": true } }
{ "user": { "default_project_id": "--default-project-id--", "description": "my updated user", "domain_id": "1789d1", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "admin" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
user_id | URI | capi:uuid | The user ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
user_id | URI | capi:uuid | The user ID. |
{ "groups": [ { "description": "Developers cleared for work on all general projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Developers" }, { "description": "Developers cleared for work on secret projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Secure Developers" } ], "links": { "self": "http://identity:35357/v3/users/--user-id--/groups", "previous": null, "next": null } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
user_id | URI | capi:uuid | The user ID. |
{ "projects": [ { "description": "description of this project", "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "parent_id": "--parent-project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "a project name" }, { "description": "description of this project", "domain_id": "--domain-id--", "enabled": true, "id": "--project-id--", "parent_id": "--parent-project-id--", "links": { "self": "http://identity:35357/v3/projects/--project-id--" }, "name": "another domain" } ], "links": { "self": "http://identity:35357/v3/users/--user-id--/projects", "previous": null, "next": null } }
This operation does not accept a request body.
{ "group": { "description": "--optional--", "domain_id": "--optional--", "name": "..." } }
{ "group": { "description": "Developers cleared for work on secret projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Secure Developers" } }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
domain_id (Optional) | query | xsd:string |
Filters on domain_id. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
description (Optional) | plain | xsd:string |
The description. |
id (Optional) | plain | xsd:string |
The domain ID. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
name (Optional) | plain | xsd:string |
The name of the resource. |
{ "groups": [ { "description": "Developers cleared for work on all general projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Developers" }, { "description": "Developers cleared for work on secret projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Secure Developers" }, { "description": "Testers cleared for work on all general projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Testers" } ], "links": { "self": "http://identity:35357/v3/groups", "previous": null, "next": null } }
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
Parameter | Style | Type | Description |
description (Optional) | plain | xsd:string |
The description. |
id (Optional) | plain | xsd:string |
The domain ID. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
name (Optional) | plain | xsd:string |
The name of the resource. |
{ "group": { "description": "Developers cleared for work on secret projects", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "Secure Developers" } }
This operation does not accept a request body.
Use this operation to update the name or description
of a group. This operation might return the HTTP
501 Not Implemented
code if the
back-end driver does not allow this functionality.
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
{ "group": { "description": "my updated group", "name": "myUpdatedGroup" } }
{ "group": { "description": "my updated group", "domain_id": "--domain-id--", "id": "--group-id--", "links": { "self": "http://identity:35357/v3/groups/--group-id--" }, "name": "myUpdatedGroup" } }
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
name (Optional) | query | xsd:string |
Filters on a name. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
domain_id (Optional) | query | xsd:string |
Filters on domain_id. |
description (Optional) | query | xsd:string |
Filters on a description. |
name (Optional) | query | xsd:string |
Filters on a name. |
enabled (Optional) | query | xsd:string |
Filters on enabled or disabled roles. Values are true or false. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
{ "users": [ { "default_project_id": "--default-project-id--", "description": "a user", "domain_id": "--domain-id--", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "admin" }, { "default_project_id": "--default-project-id--", "description": "another user", "domain_id": "--domain-id--", "email": "...", "enabled": true, "id": "--user-id--", "links": { "self": "http://identity:35357/v3/users/--user-id--" }, "name": "someone" } ], "links": { "self": "http://identity:35357/v3/groups/--group-id--/users", "previous": null, "next": null } }
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
user_id | URI | capi:uuid | The user ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
user_id | URI | capi:uuid | The user ID. |
This operation does not accept a request body and does not return a response body.
Validates that a user is in a group.
Parameter | Style | Type | Description |
group_id | URI | capi:uuid | The group ID. |
user_id | URI | capi:uuid | The user ID. |
This operation does not accept a request body and does not return a response body.
The following example shows how to create an
EC2-style credential where the credential blob is a string
containing a JSON-serialized dictionary with keys
access
and secret
. This
format is required when you specify the
ec2
type. To specify other
credentials, such as access_key
, simply
change the type and contents of the data blob.
{ "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }
{ "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "id": "--credential-id--", "links": { "self": "http://identity:35357/v3/credentials/--credential-id--" }, "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME media type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
[ { "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "id": "--credential-id--", "links": { "self": "http://identity:35357/v3/credentials/--credential-id--" }, "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }, { "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "id": "--credential-id--", "links": { "self": "http://identity:35357/v3/credentials/--credential-id--" }, "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" } ]
Shows details for a specified credential.
Parameter | Style | Type | Description |
credential_id | URI | capi:uuid | The credential ID. |
{ "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "id": "--credential-id--", "links": { "self": "http://identity:35357/v3/credentials/--credential-id--" }, "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }
This operation does not accept a request body.
Parameter | Style | Type | Description |
credential_id | URI | capi:uuid | The credential ID. |
{ "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }
{ "blob": "{\"access\":\"--access-key--\",\"secret\":\"--secret-key--\"}", "id": "--credential-id--", "links": { "self": "http://identity:35357/v3/credentials/--credential-id--" }, "project_id": "--project-id--", "type": "ec2", "user_id": "--user--id--" }
Parameter | Style | Type | Description |
credential_id | URI | capi:uuid | The credential ID. |
This operation does not accept a request body and does not return a response body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
{ "role": { "name": "a role name" } }
{ "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "a role name" }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
name (Optional) | query | xsd:string |
Filters on a name. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
{ "roles": [ { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "admin" }, { "id": "--role-id--", "links": { "self": "http://identity:35357/v3/roles/--role-id--" }, "name": "manager" } ], "links": { "self": "http://identity:35357/v3/roles", "previous": null, "next": null } }
The list of all role assignments can be long. To filter the list, use the query parameters.
Some typical examples are:
GET /role_assignments?user.id={user_id}
lists all role assignments for the specified
user.
GET
/role_assignments?scope.project.id={project_id}
lists all role assignments for the specified
project.
Each role assignment entity in the collection contains a link to the assignment that created this entity.
Use the effective
query parameter to
list effective assignments at the user, project, and
domain level. This parameter allows for the effects of
group membership. The group role assignment entities
themselves are not returned in the collection. This
represents the effective role assignments that would
be included in a scoped token. You can use the other
query parameters with the effective
parameter.
For example, to determine what a user can actually do, issue this request:
GET
/role_assignments?user.id={user_id}&effective
To return the equivalent set of role assignments that would be included in the token response of a project-scoped token, issue:
GET
/role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
In the response, the entity links
section for entities that are included by virtue of
group members also contains a url that you can use to
access the membership of the group.
Parameter | Style | Type | Description |
group.id (Optional) | query | xsd:string |
Filters on group ID.
Specify |
role.id (Optional) | query | xsd:string |
Filters on role ID.
Specify |
scope.domain.id (Optional) | query | xsd:string |
Filters on domain ID.
Specify
|
scope.project.id (Optional) | query | xsd:string |
Filters on project ID.
Specify
|
user.id (Optional) | query | xsd:string |
Filters on user ID.
Specify |
effective (Optional) | query | xsd:key |
Lists effective assignments at the user, project, and domain level, allowing for the effects of group membership. The group role assignment entities themselves are not returned in the collection. This represents the effective role
assignments that would be included in a
scoped token. You can use the other query
parameters with the |
GET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
{ "role_assignments": [ { "links": { "assignment": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles/--role-id--" }, "role": { "id": "--role-id--" }, "scope": { "domain": { "id": "--domain-id--" } }, "user": { "id": "--user-id--" } }, { "group": { "id": "--group-id--" }, "links": { "assignment": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles/--role-id--" }, "role": { "id": "--role-id--" }, "scope": { "project": { "id": "--project-id--" } } } ], "links": { "self": "http://identity:35357/v3/role_assignments", "previous": null, "next": null } }
GET /role_assignments?user.id={user_id}&scope.project.id={project_id}&effective
{ "role_assignments": [ { "links": { "assignment": "http://identity:35357/v3/domains/--domain-id--/users/--user-id--/roles/--role-id--" }, "role": { "id": "--role-id--" }, "scope": { "domain": { "id": "--domain-id--" } }, "user": { "id": "--user-id--" } }, { "links": { "assignment": "http://identity:35357/v3/projects/--project-id--/groups/--group-id--/roles/--role-id--", "membership": "http://identity:35357/v3/groups/--group-id--/users/--user-id--" }, "role": { "id": "--role-id--" }, "scope": { "project": { "id": "--project-id--" } }, "user": { "id": "--user-id--" } } ], "links": { "self": "http://identity:35357/v3/role_assignments?effective", "previous": null, "next": null } }
This operation does not accept a request body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME Media Type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
Parameter | Style | Type | Description |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME media type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
{ "blob": { "default": false }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }
{ "blob": "--serialized-blob--", "id": "--policy-id--", "links": { "self": "http://identity:35357/v3/policies/--policy-id--" }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
type (Optional) | query | xsd:string |
Filters by service type. Service types include compute, ec2, image, and identity. |
page (Optional) | query | xsd:string |
Enables you to page through the list. |
per_page (Optional) | query | xsd:string |
Sets the page size for paging through the list. Default page size is 30. |
Parameter | Style | Type | Description |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME media type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
[ { "blob": "--serialized-blob--", "id": "--policy-id--", "links": { "self": "http://identity:35357/v3/policies/--policy-id--" }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }, { "blob": "--serialized-blob--", "id": "--policy-id--", "links": { "self": "http://identity:35357/v3/policies/--policy-id--" }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" } ]
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
policy_id | URI | capi:uuid | The policy ID. |
Parameter | Style | Type | Description |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME media type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
{ "blob": "--serialized-blob--", "id": "--policy-id--", "links": { "self": "http://identity:35357/v3/policies/--policy-id--" }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }
This operation does not accept a request body.
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
policy_id | URI | capi:uuid | The policy ID. |
Parameter | Style | Type | Description |
blob | plain | xsd:string |
The policy rule set itself, as a serialized blob. |
id | plain | csapi:uuid |
The credential ID. |
links | plain | csapi:dict |
Policy links. |
project_id | plain | csapi:uuid |
The UUID for the project. |
type | plain | xsd:string |
The MIME media type of the serialized policy blob. |
user_id | plain | xsd:string |
The ID of the user who owns the credential. |
{ "blob": "--serialized-blob--", "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }
{ "blob": "--serialized-blob--", "id": "--policy-id--", "links": { "self": "http://identity:35357/v3/policies/--policy-id--" }, "project_id": "--project-id--", "type": "--serialization-mime-type--", "user_id": "--user--id--" }
Parameter | Style | Type | Description |
X-Auth-Token | header | xsd:string |
A valid authentication token for an administrative user. |
policy_id | URI | capi:uuid | The policy ID. |
This operation does not accept a request body and does not return a response body.
©2016 Idigital Internet Inc. All rights reserved, AURO is a registered trademark. Sitemap