Keystone OpenAPI specification (preview)¶
Identity API provided by Keystone service
version¶
v3¶
auth¶
Get possible project scopes for token.
GET/HEAD /v3/auth/projects GET/HEAD /v3/OS-FEDERATION/projects
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"projects": {
"type": "array",
"items": {
"type": "object",
"properties": {
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain for the project."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project."
},
"name": {
"type": "string",
"description": "The name of the project"
},
"enabled": {
"type": "boolean",
"description": "If set to true, project is enabled. If set to false, project is disabled."
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
projects |
body |
array |
|
projects[].domain_id |
body |
string |
The ID of the domain for the project. |
projects[].id |
body |
string |
The ID of the project. |
projects[].name |
body |
string |
The name of the project |
projects[].enabled |
body |
boolean |
If set to true, project is enabled. If set to false, project is disabled. |
projects[].links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
projects[].links[].href |
body |
string |
|
projects[].links[].rel |
body |
string |
|
links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
links[].href |
body |
string |
|
links[].rel |
body |
string |
403¶
Error
404¶
Error
Get possible domain scopes for token.
GET/HEAD /v3/auth/domains GET/HEAD /v3/OS-FEDERATION/domains
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domains": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain."
},
"name": {
"type": "string",
"description": "The name of the domain"
},
"description": {
"type": "string",
"description": "The description of the domain."
},
"enabled": {
"type": "boolean",
"description": "If set to true, domain is enabled. If set to false, domain is disabled."
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domains |
body |
array |
|
domains[].id |
body |
string |
The ID of the domain. |
domains[].name |
body |
string |
The name of the domain |
domains[].description |
body |
string |
The description of the domain. |
domains[].enabled |
body |
boolean |
If set to true, domain is enabled. If set to false, domain is disabled. |
domains[].links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
domains[].links[].href |
body |
string |
|
domains[].links[].rel |
body |
string |
|
links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
links[].href |
body |
string |
|
links[].rel |
body |
string |
403¶
Error
404¶
Error
Get possible system scopes for token.
GET/HEAD /v3/auth/system
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"system": {
"type": "array",
"description": "A list of systems to access based on role assignments.",
"items": {
"type": "object",
"additionalProperties": {
"type": "boolean"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
system |
body |
array |
A list of systems to access based on role assignments. |
403¶
Error
404¶
Error
Get service catalog for token.
GET/HEAD /v3/auth/catalog
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"catalog": {
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
catalog |
body |
array |
|
catalog[].endpoints |
body |
array |
|
catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
catalog[].endpoints[].interface |
body |
string |
|
catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
catalog[].endpoints[].url |
body |
string |
The endpoint url |
catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
catalog[].name |
body |
string |
The service name. |
403¶
Error
404¶
Error
Validate a token.
HEAD/GET /v3/auth/tokens
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
},
"is_domain": {
"type": "boolean"
},
"domain": {
"type": "object",
"description": "A domain object including the id and name representing the domain the token is scoped to. This is only included in tokens that are scoped to a domain.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A domain UUID"
},
"name": {
"type": "string",
"description": "A domain name"
}
}
},
"project": {
"type": "object",
"description": "A project object including the id, name and domain object representing the project the token is scoped to. This is only included in tokens that are scoped to a project.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"roles": {
"type": "array",
"description": "A list of role objects",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A role UUID"
},
"name": {
"type": "string",
"description": "A role name"
}
}
}
},
"system": {
"type": "object",
"description": "A system object containing information about which parts of the system the token is scoped to. If the token is scoped to the entire deployment system, the system object will consist of {\"all\": true}. This is only included in tokens that are scoped to the system.",
"additionalProperties": {
"type": "boolean"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
|
token.is_domain |
body |
boolean |
|
token.domain |
body |
object |
A domain object including the id and name representing the domain the token is scoped to. This is only included in tokens that are scoped to a domain. |
token.domain.id |
body |
string |
A domain UUID |
token.domain.name |
body |
string |
A domain name |
token.project |
body |
object |
A project object including the id, name and domain object representing the project the token is scoped to. This is only included in tokens that are scoped to a project. |
token.project.id |
body |
string |
A user domain UUID |
token.project.name |
body |
string |
A user domain name |
token.roles |
body |
array |
A list of role objects |
token.roles[].id |
body |
string |
A role UUID |
token.roles[].name |
body |
string |
A role name |
token.system |
body |
object |
A system object containing information about which parts of the system the token is scoped to. If the token is scoped to the entire deployment system, the system object will consist of {“all”: true}. This is only included in tokens that are scoped to the system. |
403¶
Error
404¶
Error
Issue a token.
POST /v3/auth/tokens
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
auth |
body |
object |
An auth object. |
auth.identity |
body |
object |
An identity object. |
auth.identity.methods |
body |
array |
The authentication method. |
auth.identity.password |
body |
object |
The password object, contains the authentication information. |
auth.identity.password.user |
body |
object |
A |
auth.identity.password.user.id |
body |
string |
User ID |
auth.identity.password.user.name |
body |
string |
User Name |
auth.identity.password.user.password |
body |
string |
User Password |
auth.identity.password.user.domain |
body |
object |
User Domain object |
auth.identity.password.user.domain.id |
body |
string |
User Domain ID |
auth.identity.password.user.domain.name |
body |
string |
User Domain Name |
auth.identity.token |
body |
object |
A |
auth.identity.token.id |
body |
string |
Authorization Token value |
auth.identity.totp |
body |
object |
Multi Factor Authentication information |
auth.identity.totp.user |
body |
object |
|
auth.identity.totp.user.id |
body |
string |
The user ID |
auth.identity.totp.user.name |
body |
string |
The user name |
auth.identity.totp.user.domain |
body |
object |
User Domain object |
auth.identity.totp.user.domain.id |
body |
string |
User Domain ID |
auth.identity.totp.user.domain.name |
body |
string |
User Domain Name |
auth.identity.totp.user.passcode |
body |
string |
MFA passcode |
auth.identity.application_credential |
body |
object |
An application credential object. |
auth.identity.application_credential.id |
body |
string |
The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user. |
auth.identity.application_credential.name |
body |
string |
The name of the application credential used for authentication. If provided, must be accompanied by a user object. |
auth.identity.application_credential.secret |
body |
string |
The secret for authenticating the application credential. |
auth.identity.application_credential.user |
body |
object |
A user object, required if an application credential is identified by name and not ID. |
auth.identity.application_credential.user.id |
body |
string |
The user ID |
auth.identity.application_credential.user.name |
body |
string |
The user name |
auth.identity.application_credential.user.domain |
body |
object |
User Domain object |
auth.identity.application_credential.user.domain.id |
body |
string |
User Domain ID |
auth.identity.application_credential.user.domain.name |
body |
string |
User Domain Name |
auth.scope |
body |
object |
The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain’s ID or name with equivalent results. |
auth.scope.project |
body |
object |
|
auth.scope.project.name |
body |
string |
Project Name |
auth.scope.project.id |
body |
string |
Project Id |
auth.scope.project.domain |
body |
object |
|
auth.scope.project.domain.id |
body |
string |
Project domain Id |
auth.scope.project.domain.name |
body |
string |
Project domain Name |
auth.scope.domain |
body |
object |
|
auth.scope.domain.id |
body |
string |
Domain id |
auth.scope.domain.name |
body |
string |
Domain name |
auth.scope.OS-TRUST:trust |
body |
object |
|
auth.scope.OS-TRUST:trust.id |
body |
string |
|
auth.scope.system |
body |
object |
|
auth.scope.system.all |
body |
boolean |
{
"type": "object",
"properties": {
"auth": {
"type": "object",
"description": "An auth object.",
"properties": {
"identity": {
"type": "object",
"description": "An identity object.",
"properties": {
"methods": {
"type": "array",
"description": "The authentication method.",
"items": {
"type": "string",
"enum": [
"password",
"token",
"totp",
"application_credential"
]
}
},
"password": {
"type": "object",
"description": "The password object, contains the authentication information.",
"properties": {
"user": {
"type": "object",
"description": "A `user` object",
"properties": {
"id": {
"type": "string",
"description": "User ID"
},
"name": {
"type": "string",
"description": "User Name"
},
"password": {
"type": "string",
"format": "password",
"description": "User Password"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
}
},
"token": {
"type": "object",
"description": "A `token` object",
"properties": {
"id": {
"type": "string",
"format": "password",
"description": "Authorization Token value"
}
},
"required": [
"id"
]
},
"totp": {
"type": "object",
"description": "Multi Factor Authentication information",
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
},
"passcode": {
"type": "string",
"format": "password",
"description": "MFA passcode"
}
},
"required": [
"passcode"
]
}
},
"required": [
"user"
]
},
"application_credential": {
"type": "object",
"description": "An application credential object.",
"properties": {
"id": {
"type": "string",
"description": "The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user."
},
"name": {
"type": "string",
"description": "The name of the application credential used for authentication. If provided, must be accompanied by a user object."
},
"secret": {
"type": "string",
"format": "password",
"description": "The secret for authenticating the application credential."
},
"user": {
"type": "object",
"description": "A user object, required if an application credential is identified by name and not ID.",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
},
"required": [
"secret"
]
}
},
"required": [
"methods"
]
},
"scope": {
"type": "object",
"description": "The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain\u2019s ID or name with equivalent results.",
"properties": {
"project": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Project Name"
},
"id": {
"type": "string",
"description": "Project Id"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Project domain Id"
},
"name": {
"type": "string",
"description": "Project domain Name"
}
}
}
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Domain id"
},
"name": {
"type": "string",
"description": "Domain name"
}
}
},
"OS-TRUST:trust": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
}
},
"system": {
"type": "object",
"properties": {
"all": {
"type": "boolean"
}
}
}
}
}
},
"required": [
"identity"
]
}
},
"definitions": {
"user_domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
},
"is_domain": {
"type": "boolean"
},
"domain": {
"type": "object",
"description": "A domain object including the id and name representing the domain the token is scoped to. This is only included in tokens that are scoped to a domain.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A domain UUID"
},
"name": {
"type": "string",
"description": "A domain name"
}
}
},
"project": {
"type": "object",
"description": "A project object including the id, name and domain object representing the project the token is scoped to. This is only included in tokens that are scoped to a project.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"roles": {
"type": "array",
"description": "A list of role objects",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A role UUID"
},
"name": {
"type": "string",
"description": "A role name"
}
}
}
},
"system": {
"type": "object",
"description": "A system object containing information about which parts of the system the token is scoped to. If the token is scoped to the entire deployment system, the system object will consist of {\"all\": true}. This is only included in tokens that are scoped to the system.",
"additionalProperties": {
"type": "boolean"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
|
token.is_domain |
body |
boolean |
|
token.domain |
body |
object |
A domain object including the id and name representing the domain the token is scoped to. This is only included in tokens that are scoped to a domain. |
token.domain.id |
body |
string |
A domain UUID |
token.domain.name |
body |
string |
A domain name |
token.project |
body |
object |
A project object including the id, name and domain object representing the project the token is scoped to. This is only included in tokens that are scoped to a project. |
token.project.id |
body |
string |
A user domain UUID |
token.project.name |
body |
string |
A user domain name |
token.roles |
body |
array |
A list of role objects |
token.roles[].id |
body |
string |
A role UUID |
token.roles[].name |
body |
string |
A role name |
token.system |
body |
object |
A system object containing information about which parts of the system the token is scoped to. If the token is scoped to the entire deployment system, the system object will consist of {“all”: true}. This is only included in tokens that are scoped to the system. |
401¶
Unauthorized
{
"type": "object",
"properties": {
"receipt": {
"type": "object",
"properties": {
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
},
"required_auth_methods": {
"type": "array",
"items": {
"type": "string"
},
"description": "A list of authentication rules that may be used with the auth receipt to complete the authentication process."
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
receipt |
body |
object |
|
receipt.expires_at |
body |
string |
The date and time when the token expires. |
receipt.issues_at |
body |
string |
The date and time when the token was issued. |
receipt.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
receipt.user |
body |
object |
A user object |
receipt.user.id |
body |
string |
A user UUID |
receipt.user.name |
body |
string |
A user name |
receipt.user.domain |
body |
object |
|
receipt.user.domain.id |
body |
string |
A user domain UUID |
receipt.user.domain.name |
body |
string |
A user domain name |
receipt.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
receipt.user.OS-FEDERATION |
body |
object |
|
required_auth_methods |
body |
array |
A list of authentication rules that may be used with the auth receipt to complete the authentication process. |
403¶
Error
404¶
Error
Exchange a scoped token for a SAML assertion.
POST /v3/auth/OS-FEDERATION/saml2
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
auth |
body |
object |
An auth object. |
auth.identity |
body |
object |
An identity object. |
auth.identity.methods |
body |
array |
The authentication method. |
auth.identity.password |
body |
object |
The password object, contains the authentication information. |
auth.identity.password.user |
body |
object |
A |
auth.identity.password.user.id |
body |
string |
User ID |
auth.identity.password.user.name |
body |
string |
User Name |
auth.identity.password.user.password |
body |
string |
User Password |
auth.identity.password.user.domain |
body |
object |
User Domain object |
auth.identity.password.user.domain.id |
body |
string |
User Domain ID |
auth.identity.password.user.domain.name |
body |
string |
User Domain Name |
auth.identity.token |
body |
object |
A |
auth.identity.token.id |
body |
string |
Authorization Token value |
auth.identity.totp |
body |
object |
Multi Factor Authentication information |
auth.identity.totp.user |
body |
object |
|
auth.identity.totp.user.id |
body |
string |
The user ID |
auth.identity.totp.user.name |
body |
string |
The user name |
auth.identity.totp.user.domain |
body |
object |
User Domain object |
auth.identity.totp.user.domain.id |
body |
string |
User Domain ID |
auth.identity.totp.user.domain.name |
body |
string |
User Domain Name |
auth.identity.totp.user.passcode |
body |
string |
MFA passcode |
auth.identity.application_credential |
body |
object |
An application credential object. |
auth.identity.application_credential.id |
body |
string |
The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user. |
auth.identity.application_credential.name |
body |
string |
The name of the application credential used for authentication. If provided, must be accompanied by a user object. |
auth.identity.application_credential.secret |
body |
string |
The secret for authenticating the application credential. |
auth.identity.application_credential.user |
body |
object |
A user object, required if an application credential is identified by name and not ID. |
auth.identity.application_credential.user.id |
body |
string |
The user ID |
auth.identity.application_credential.user.name |
body |
string |
The user name |
auth.identity.application_credential.user.domain |
body |
object |
User Domain object |
auth.identity.application_credential.user.domain.id |
body |
string |
User Domain ID |
auth.identity.application_credential.user.domain.name |
body |
string |
User Domain Name |
auth.scope |
body |
object |
The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain’s ID or name with equivalent results. |
auth.scope.project |
body |
object |
|
auth.scope.project.name |
body |
string |
Project Name |
auth.scope.project.id |
body |
string |
Project Id |
auth.scope.project.domain |
body |
object |
|
auth.scope.project.domain.id |
body |
string |
Project domain Id |
auth.scope.project.domain.name |
body |
string |
Project domain Name |
auth.scope.domain |
body |
object |
|
auth.scope.domain.id |
body |
string |
Domain id |
auth.scope.domain.name |
body |
string |
Domain name |
auth.scope.OS-TRUST:trust |
body |
object |
|
auth.scope.OS-TRUST:trust.id |
body |
string |
|
auth.scope.system |
body |
object |
|
auth.scope.system.all |
body |
boolean |
{
"type": "object",
"properties": {
"auth": {
"type": "object",
"description": "An auth object.",
"properties": {
"identity": {
"type": "object",
"description": "An identity object.",
"properties": {
"methods": {
"type": "array",
"description": "The authentication method.",
"items": {
"type": "string",
"enum": [
"password",
"token",
"totp",
"application_credential"
]
}
},
"password": {
"type": "object",
"description": "The password object, contains the authentication information.",
"properties": {
"user": {
"type": "object",
"description": "A `user` object",
"properties": {
"id": {
"type": "string",
"description": "User ID"
},
"name": {
"type": "string",
"description": "User Name"
},
"password": {
"type": "string",
"format": "password",
"description": "User Password"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
}
},
"token": {
"type": "object",
"description": "A `token` object",
"properties": {
"id": {
"type": "string",
"format": "password",
"description": "Authorization Token value"
}
},
"required": [
"id"
]
},
"totp": {
"type": "object",
"description": "Multi Factor Authentication information",
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
},
"passcode": {
"type": "string",
"format": "password",
"description": "MFA passcode"
}
},
"required": [
"passcode"
]
}
},
"required": [
"user"
]
},
"application_credential": {
"type": "object",
"description": "An application credential object.",
"properties": {
"id": {
"type": "string",
"description": "The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user."
},
"name": {
"type": "string",
"description": "The name of the application credential used for authentication. If provided, must be accompanied by a user object."
},
"secret": {
"type": "string",
"format": "password",
"description": "The secret for authenticating the application credential."
},
"user": {
"type": "object",
"description": "A user object, required if an application credential is identified by name and not ID.",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
},
"required": [
"secret"
]
}
},
"required": [
"methods"
]
},
"scope": {
"type": "object",
"description": "The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain\u2019s ID or name with equivalent results.",
"properties": {
"project": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Project Name"
},
"id": {
"type": "string",
"description": "Project Id"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Project domain Id"
},
"name": {
"type": "string",
"description": "Project domain Name"
}
}
}
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Domain id"
},
"name": {
"type": "string",
"description": "Domain name"
}
}
},
"OS-TRUST:trust": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
}
},
"system": {
"type": "object",
"properties": {
"all": {
"type": "boolean"
}
}
}
}
}
},
"required": [
"identity"
]
}
},
"definitions": {
"user_domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
Responses¶
200¶
Ok
403¶
Error
404¶
Error
Exchange a scoped token for an ECP assertion.
POST /v3/auth/OS-FEDERATION/saml2/ecp
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
auth |
body |
object |
An auth object. |
auth.identity |
body |
object |
An identity object. |
auth.identity.methods |
body |
array |
The authentication method. |
auth.identity.password |
body |
object |
The password object, contains the authentication information. |
auth.identity.password.user |
body |
object |
A |
auth.identity.password.user.id |
body |
string |
User ID |
auth.identity.password.user.name |
body |
string |
User Name |
auth.identity.password.user.password |
body |
string |
User Password |
auth.identity.password.user.domain |
body |
object |
User Domain object |
auth.identity.password.user.domain.id |
body |
string |
User Domain ID |
auth.identity.password.user.domain.name |
body |
string |
User Domain Name |
auth.identity.token |
body |
object |
A |
auth.identity.token.id |
body |
string |
Authorization Token value |
auth.identity.totp |
body |
object |
Multi Factor Authentication information |
auth.identity.totp.user |
body |
object |
|
auth.identity.totp.user.id |
body |
string |
The user ID |
auth.identity.totp.user.name |
body |
string |
The user name |
auth.identity.totp.user.domain |
body |
object |
User Domain object |
auth.identity.totp.user.domain.id |
body |
string |
User Domain ID |
auth.identity.totp.user.domain.name |
body |
string |
User Domain Name |
auth.identity.totp.user.passcode |
body |
string |
MFA passcode |
auth.identity.application_credential |
body |
object |
An application credential object. |
auth.identity.application_credential.id |
body |
string |
The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user. |
auth.identity.application_credential.name |
body |
string |
The name of the application credential used for authentication. If provided, must be accompanied by a user object. |
auth.identity.application_credential.secret |
body |
string |
The secret for authenticating the application credential. |
auth.identity.application_credential.user |
body |
object |
A user object, required if an application credential is identified by name and not ID. |
auth.identity.application_credential.user.id |
body |
string |
The user ID |
auth.identity.application_credential.user.name |
body |
string |
The user name |
auth.identity.application_credential.user.domain |
body |
object |
User Domain object |
auth.identity.application_credential.user.domain.id |
body |
string |
User Domain ID |
auth.identity.application_credential.user.domain.name |
body |
string |
User Domain Name |
auth.scope |
body |
object |
The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain’s ID or name with equivalent results. |
auth.scope.project |
body |
object |
|
auth.scope.project.name |
body |
string |
Project Name |
auth.scope.project.id |
body |
string |
Project Id |
auth.scope.project.domain |
body |
object |
|
auth.scope.project.domain.id |
body |
string |
Project domain Id |
auth.scope.project.domain.name |
body |
string |
Project domain Name |
auth.scope.domain |
body |
object |
|
auth.scope.domain.id |
body |
string |
Domain id |
auth.scope.domain.name |
body |
string |
Domain name |
auth.scope.OS-TRUST:trust |
body |
object |
|
auth.scope.OS-TRUST:trust.id |
body |
string |
|
auth.scope.system |
body |
object |
|
auth.scope.system.all |
body |
boolean |
{
"type": "object",
"properties": {
"auth": {
"type": "object",
"description": "An auth object.",
"properties": {
"identity": {
"type": "object",
"description": "An identity object.",
"properties": {
"methods": {
"type": "array",
"description": "The authentication method.",
"items": {
"type": "string",
"enum": [
"password",
"token",
"totp",
"application_credential"
]
}
},
"password": {
"type": "object",
"description": "The password object, contains the authentication information.",
"properties": {
"user": {
"type": "object",
"description": "A `user` object",
"properties": {
"id": {
"type": "string",
"description": "User ID"
},
"name": {
"type": "string",
"description": "User Name"
},
"password": {
"type": "string",
"format": "password",
"description": "User Password"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
}
},
"token": {
"type": "object",
"description": "A `token` object",
"properties": {
"id": {
"type": "string",
"format": "password",
"description": "Authorization Token value"
}
},
"required": [
"id"
]
},
"totp": {
"type": "object",
"description": "Multi Factor Authentication information",
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
},
"passcode": {
"type": "string",
"format": "password",
"description": "MFA passcode"
}
},
"required": [
"passcode"
]
}
},
"required": [
"user"
]
},
"application_credential": {
"type": "object",
"description": "An application credential object.",
"properties": {
"id": {
"type": "string",
"description": "The ID of the application credential used for authentication. If not provided, the application credential must be identified by its name and its owning user."
},
"name": {
"type": "string",
"description": "The name of the application credential used for authentication. If provided, must be accompanied by a user object."
},
"secret": {
"type": "string",
"format": "password",
"description": "The secret for authenticating the application credential."
},
"user": {
"type": "object",
"description": "A user object, required if an application credential is identified by name and not ID.",
"properties": {
"id": {
"type": "string",
"description": "The user ID"
},
"name": {
"type": "string",
"description": "The user name"
},
"domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
},
"required": [
"secret"
]
}
},
"required": [
"methods"
]
},
"scope": {
"type": "object",
"description": "The authorization scope, including the system (Since v3.10), a project, or a domain (Since v3.4). If multiple scopes are specified in the same request (e.g. project and domain or domain and system) an HTTP 400 Bad Request will be returned, as a token cannot be simultaneously scoped to multiple authorization targets. An ID is sufficient to uniquely identify a project but if a project is specified by name, then the domain of the project must also be specified in order to uniquely identify the project by name. A domain scope may be specified by either the domain\u2019s ID or name with equivalent results.",
"properties": {
"project": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Project Name"
},
"id": {
"type": "string",
"description": "Project Id"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Project domain Id"
},
"name": {
"type": "string",
"description": "Project domain Name"
}
}
}
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "Domain id"
},
"name": {
"type": "string",
"description": "Domain name"
}
}
},
"OS-TRUST:trust": {
"type": "object",
"properties": {
"id": {
"type": "string"
}
}
},
"system": {
"type": "object",
"properties": {
"all": {
"type": "boolean"
}
}
}
}
}
},
"required": [
"identity"
]
}
},
"definitions": {
"user_domain": {
"type": "object",
"description": "User Domain object",
"properties": {
"id": {
"type": "string",
"description": "User Domain ID"
},
"name": {
"type": "string",
"description": "User Domain Name"
}
}
}
}
}
Responses¶
200¶
Ok
403¶
Error
404¶
Error
GET operation on /v3/auth/OS-FEDERATION/websso/{protocol_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
POST operation on /v3/auth/OS-FEDERATION/websso/{protocol_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
GET operation on /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
POST operation on /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
OS-FEDERATION¶
Get possible project scopes for token.
GET/HEAD /v3/auth/projects GET/HEAD /v3/OS-FEDERATION/projects
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"projects": {
"type": "array",
"items": {
"type": "object",
"properties": {
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain for the project."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project."
},
"name": {
"type": "string",
"description": "The name of the project"
},
"enabled": {
"type": "boolean",
"description": "If set to true, project is enabled. If set to false, project is disabled."
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
projects |
body |
array |
|
projects[].domain_id |
body |
string |
The ID of the domain for the project. |
projects[].id |
body |
string |
The ID of the project. |
projects[].name |
body |
string |
The name of the project |
projects[].enabled |
body |
boolean |
If set to true, project is enabled. If set to false, project is disabled. |
projects[].links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
projects[].links[].href |
body |
string |
|
projects[].links[].rel |
body |
string |
|
links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
links[].href |
body |
string |
|
links[].rel |
body |
string |
403¶
Error
404¶
Error
Get possible domain scopes for token.
GET/HEAD /v3/auth/domains GET/HEAD /v3/OS-FEDERATION/domains
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domains": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain."
},
"name": {
"type": "string",
"description": "The name of the domain"
},
"description": {
"type": "string",
"description": "The description of the domain."
},
"enabled": {
"type": "boolean",
"description": "If set to true, domain is enabled. If set to false, domain is disabled."
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
},
"links": {
"type": "array",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"items": {
"type": "object",
"description": "Links to the resources in question. See [API Guide / Links and References](https://docs.openstack.org/api-guide/compute/links_and_references.html) for more info.",
"properties": {
"href": {
"type": "string",
"format": "uri"
},
"rel": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domains |
body |
array |
|
domains[].id |
body |
string |
The ID of the domain. |
domains[].name |
body |
string |
The name of the domain |
domains[].description |
body |
string |
The description of the domain. |
domains[].enabled |
body |
boolean |
If set to true, domain is enabled. If set to false, domain is disabled. |
domains[].links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
domains[].links[].href |
body |
string |
|
domains[].links[].rel |
body |
string |
|
links |
body |
array |
Links to the resources in question. See API Guide / Links and References for more info. |
links[].href |
body |
string |
|
links[].rel |
body |
string |
403¶
Error
404¶
Error
Authenticate from dedicated uri endpoint.
GET/HEAD /OS-FEDERATION/identity_providers/ {idp_id}/protocols/{protocol_id}/auth
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
Authenticate from dedicated uri endpoint.
POST /OS-FEDERATION/identity_providers/ {idp_id}/protocols/{protocol_id}/auth
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
idp_id |
path |
string |
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth API |
protocol_id |
path |
string |
protocol_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth API |
{
"type": "object",
"description": "Request of the OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/auth:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"token": {
"type": "object",
"properties": {
"audit_ids": {
"type": "array",
"description": "A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users.",
"items": {
"type": "string"
}
},
"catalog": {
"description": "A catalog object.",
"type": "array",
"items": {
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The endpoint UUID"
},
"interface": {
"type": "string",
"enum": [
"public",
"internal",
"admin"
]
},
"region": {
"type": "string",
"description": "Region name of the endpoint"
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint url"
}
}
}
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service"
},
"name": {
"type": "string",
"description": "The service name."
}
}
}
},
"expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token expires."
},
"issues_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the token was issued."
},
"methods": {
"type": "array",
"description": "The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors.",
"items": {
"type": "string"
}
},
"user": {
"type": "object",
"description": "A user object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user UUID"
},
"name": {
"type": "string",
"description": "A user name"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "A user domain UUID"
},
"name": {
"type": "string",
"description": "A user domain name"
}
}
},
"password_expires_at": {
"type": "string",
"format": "date-time",
"description": "DateTime of the user password expiration"
},
"OS-FEDERATION": {
"type": "object"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
token |
body |
object |
|
token.audit_ids |
body |
array |
A list of one or two audit IDs. An audit ID is a unique, randomly generated, URL-safe string that you can use to track a token. The first audit ID is the current audit ID for the token. The second audit ID is present for only re-scoped tokens and is the audit ID from the token before it was re-scoped. A re- scoped token is one that was exchanged for another token of the same or different scope. You can use these audit IDs to track the use of a token or chain of tokens across multiple requests and endpoints without exposing the token ID to non-privileged users. |
token.catalog |
body |
array |
A catalog object. |
token.catalog[].endpoints |
body |
array |
|
token.catalog[].endpoints[].id |
body |
string |
The endpoint UUID |
token.catalog[].endpoints[].interface |
body |
string |
|
token.catalog[].endpoints[].region |
body |
string |
Region name of the endpoint |
token.catalog[].endpoints[].url |
body |
string |
The endpoint url |
token.catalog[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
token.catalog[].type |
body |
string |
The service type, which describes the API implemented by the service |
token.catalog[].name |
body |
string |
The service name. |
token.expires_at |
body |
string |
The date and time when the token expires. |
token.issues_at |
body |
string |
The date and time when the token was issued. |
token.methods |
body |
array |
The authentication methods, which are commonly password, token, or other methods. Indicates the accumulated set of authentication methods that were used to obtain the token. For example, if the token was obtained by password authentication, it contains password. Later, if the token is exchanged by using the token authentication method one or more times, the subsequently created tokens contain both password and token in their methods attribute. Unlike multi-factor authentication, the methods attribute merely indicates the methods that were used to authenticate the user in exchange for a token. The client is responsible for determining the total number of authentication factors. |
token.user |
body |
object |
A user object |
token.user.id |
body |
string |
A user UUID |
token.user.name |
body |
string |
A user name |
token.user.domain |
body |
object |
|
token.user.domain.id |
body |
string |
A user domain UUID |
token.user.domain.name |
body |
string |
A user domain name |
token.user.password_expires_at |
body |
string |
DateTime of the user password expiration |
token.user.OS-FEDERATION |
body |
object |
403¶
Error
404¶
Error
List all identity providers.
GET/HEAD /OS-FEDERATION/identity_providers
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"identity_providers": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Identity Provider unique ID"
},
"description": {
"type": "string",
"description": "The Identity Provider description"
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of a domain that is associated with the Identity Provider."
},
"authorization_ttl": {
"type": "integer",
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database."
},
"enabled": {
"type": "boolean",
"description": "Whether the Identity Provider is enabled or not"
},
"remote_ids": {
"type": "array",
"description": "List of the unique Identity Provider\u2019s remote IDs",
"items": {
"type": "string"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
identity_providers |
body |
array |
|
identity_providers[].id |
body |
string |
The Identity Provider unique ID |
identity_providers[].description |
body |
string |
The Identity Provider description |
identity_providers[].domain_id |
body |
string |
The ID of a domain that is associated with the Identity Provider. |
identity_providers[].authorization_ttl |
body |
integer |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. |
identity_providers[].enabled |
body |
boolean |
Whether the Identity Provider is enabled or not |
identity_providers[].remote_ids |
body |
array |
List of the unique Identity Provider’s remote IDs |
403¶
Error
404¶
Error
Get an IDP resource.
GET/HEAD /OS-FEDERATION/identity_providers/{idp_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"identity_provider": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Identity Provider unique ID"
},
"description": {
"type": "string",
"description": "The Identity Provider description"
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of a domain that is associated with the Identity Provider."
},
"authorization_ttl": {
"type": "integer",
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database."
},
"enabled": {
"type": "boolean",
"description": "Whether the Identity Provider is enabled or not"
},
"remote_ids": {
"type": "array",
"description": "List of the unique Identity Provider\u2019s remote IDs",
"items": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
identity_provider |
body |
object |
|
identity_provider.id |
body |
string |
The Identity Provider unique ID |
identity_provider.description |
body |
string |
The Identity Provider description |
identity_provider.domain_id |
body |
string |
The ID of a domain that is associated with the Identity Provider. |
identity_provider.authorization_ttl |
body |
integer |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. |
identity_provider.enabled |
body |
boolean |
Whether the Identity Provider is enabled or not |
identity_provider.remote_ids |
body |
array |
List of the unique Identity Provider’s remote IDs |
403¶
Error
404¶
Error
Create an idp resource for federated authentication.
PUT /OS-FEDERATION/identity_providers/{idp_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
idp_id |
path |
string |
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id} API |
identity_provider |
body |
object |
|
identity_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the identity provider is enabled or not |
identity_provider.description |
body |
[‘string’, ‘null’] |
The identity provider description |
identity_provider.authorization_ttl |
body |
[‘integer’, ‘null’] |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. If left unset, the default value configured in keystone will be used, if enabled. |
identity_provider.remote_ids |
body |
[‘array’, ‘null’] |
List of the unique identity provider’s remote IDs |
identity_provider.domain_id |
body |
[‘string’, ‘null’] |
The ID of a domain that is associated with the identity provider. Federated users that authenticate with the identity provider will be created under the domain specified. |
{
"type": "object",
"description": "An identity provider object",
"properties": {
"identity_provider": {
"type": "object",
"properties": {
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the identity provider is enabled or not"
},
"description": {
"type": [
"string",
"null"
],
"description": "The identity provider description"
},
"authorization_ttl": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database. If left unset, the default value configured in keystone will be used, if enabled."
},
"remote_ids": {
"type": [
"array",
"null"
],
"description": "List of the unique identity provider's remote IDs",
"items": {
"type": "string"
},
"uniqueItems": true
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of a domain that is associated with the identity provider. Federated users that authenticate with the identity provider will be created under the domain specified."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Responses¶
201¶
Ok
{
"type": "object",
"properties": {
"identity_provider": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Identity Provider unique ID"
},
"description": {
"type": "string",
"description": "The Identity Provider description"
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of a domain that is associated with the Identity Provider."
},
"authorization_ttl": {
"type": "integer",
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database."
},
"enabled": {
"type": "boolean",
"description": "Whether the Identity Provider is enabled or not"
},
"remote_ids": {
"type": "array",
"description": "List of the unique Identity Provider\u2019s remote IDs",
"items": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
identity_provider |
body |
object |
|
identity_provider.id |
body |
string |
The Identity Provider unique ID |
identity_provider.description |
body |
string |
The Identity Provider description |
identity_provider.domain_id |
body |
string |
The ID of a domain that is associated with the Identity Provider. |
identity_provider.authorization_ttl |
body |
integer |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. |
identity_provider.enabled |
body |
boolean |
Whether the Identity Provider is enabled or not |
identity_provider.remote_ids |
body |
array |
List of the unique Identity Provider’s remote IDs |
403¶
Error
404¶
Error
PATCH operation on /v3/OS-FEDERATION/identity_providers/{idp_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
idp_id |
path |
string |
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id} API |
identity_provider |
body |
object |
|
identity_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the identity provider is enabled or not |
identity_provider.description |
body |
[‘string’, ‘null’] |
The identity provider description |
identity_provider.authorization_ttl |
body |
[‘integer’, ‘null’] |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. If left unset, the default value configured in keystone will be used, if enabled. |
identity_provider.remote_ids |
body |
[‘array’, ‘null’] |
List of the unique identity provider’s remote IDs |
{
"type": "object",
"description": "An identity provider object",
"properties": {
"identity_provider": {
"type": "object",
"properties": {
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the identity provider is enabled or not"
},
"description": {
"type": [
"string",
"null"
],
"description": "The identity provider description"
},
"authorization_ttl": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database. If left unset, the default value configured in keystone will be used, if enabled."
},
"remote_ids": {
"type": [
"array",
"null"
],
"description": "List of the unique identity provider's remote IDs",
"items": {
"type": "string"
},
"uniqueItems": true
}
},
"additionalProperties": false,
"minProperties": 1
}
},
"required": [
"identity_provider"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"identity_provider": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Identity Provider unique ID"
},
"description": {
"type": "string",
"description": "The Identity Provider description"
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of a domain that is associated with the Identity Provider."
},
"authorization_ttl": {
"type": "integer",
"description": "The length of validity in minutes for group memberships carried over through mapping and persisted in the database."
},
"enabled": {
"type": "boolean",
"description": "Whether the Identity Provider is enabled or not"
},
"remote_ids": {
"type": "array",
"description": "List of the unique Identity Provider\u2019s remote IDs",
"items": {
"type": "string"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
identity_provider |
body |
object |
|
identity_provider.id |
body |
string |
The Identity Provider unique ID |
identity_provider.description |
body |
string |
The Identity Provider description |
identity_provider.domain_id |
body |
string |
The ID of a domain that is associated with the Identity Provider. |
identity_provider.authorization_ttl |
body |
integer |
The length of validity in minutes for group memberships carried over through mapping and persisted in the database. |
identity_provider.enabled |
body |
boolean |
Whether the Identity Provider is enabled or not |
identity_provider.remote_ids |
body |
array |
List of the unique Identity Provider’s remote IDs |
403¶
Error
404¶
Error
Get protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/ {idp_id}/protocols/{protocol_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"protocol": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The federation protocol ID"
},
"mapping_id": {
"type": "string"
},
"remote_id_attribute": {
"type": "string",
"maxLength": 64
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
protocol |
body |
object |
|
protocol.id |
body |
string |
The federation protocol ID |
protocol.mapping_id |
body |
string |
|
protocol.remote_id_attribute |
body |
string |
403¶
Error
404¶
Error
Create protocol for an IDP.
PUT /OS-Federation/identity_providers/{idp_id}/protocols/{protocol_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
idp_id |
path |
string |
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols API |
protocol_id |
path |
string |
protocol_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} API |
protocol |
body |
object |
|
protocol.mapping_id |
body |
string |
|
protocol.remote_id_attribute |
body |
[‘string’, ‘null’] |
{
"type": "object",
"properties": {
"protocol": {
"type": "object",
"properties": {
"mapping_id": {
"type": "string",
"minLength": 1,
"maxLength": 64
},
"remote_id_attribute": {
"type": [
"string",
"null"
],
"maxLength": 64
}
},
"additionalProperties": false,
"required": [
"mapping_id"
]
}
},
"additionalProperties": false,
"required": [
"protocol"
]
}
Responses¶
201¶
Ok
{
"type": "object",
"properties": {
"protocol": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The federation protocol ID"
},
"mapping_id": {
"type": "string"
},
"remote_id_attribute": {
"type": "string",
"maxLength": 64
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
protocol |
body |
object |
|
protocol.id |
body |
string |
The federation protocol ID |
protocol.mapping_id |
body |
string |
|
protocol.remote_id_attribute |
body |
string |
403¶
Error
404¶
Error
Update protocol for an IDP.
PATCH /OS-FEDERATION/identity_providers/ {idp_id}/protocols/{protocol_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
idp_id |
path |
string |
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols API |
protocol_id |
path |
string |
protocol_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} API |
protocol |
body |
object |
|
protocol.mapping_id |
body |
string |
|
protocol.remote_id_attribute |
body |
[‘string’, ‘null’] |
{
"type": "object",
"properties": {
"protocol": {
"type": "object",
"properties": {
"mapping_id": {
"type": "string",
"minLength": 1,
"maxLength": 64
},
"remote_id_attribute": {
"type": [
"string",
"null"
],
"maxLength": 64
}
},
"additionalProperties": false,
"required": [
"mapping_id"
]
}
},
"additionalProperties": false,
"required": [
"protocol"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"protocol": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The federation protocol ID"
},
"mapping_id": {
"type": "string"
},
"remote_id_attribute": {
"type": "string",
"maxLength": 64
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
protocol |
body |
object |
|
protocol.id |
body |
string |
The federation protocol ID |
protocol.mapping_id |
body |
string |
|
protocol.remote_id_attribute |
body |
string |
403¶
Error
404¶
Error
List protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/{idp_id}/protocols
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The federation protocol ID"
},
"mapping_id": {
"type": "string"
},
"remote_id_attribute": {
"type": "string",
"maxLength": 64
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
protocols |
body |
array |
|
protocols[].id |
body |
string |
The federation protocol ID |
protocols[].mapping_id |
body |
string |
|
protocols[].remote_id_attribute |
body |
string |
403¶
Error
404¶
Error
GET operation on /v3/OS-FEDERATION/mappings/{mapping_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"mapping": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Federation Mapping unique ID"
},
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
mapping |
body |
object |
|
mapping.id |
body |
string |
The Federation Mapping unique ID |
mapping.rules |
body |
array |
|
mapping.rules[].local |
body |
array |
|
mapping.rules[].local[].user |
body |
object |
|
mapping.rules[].local[].user.id |
body |
string |
|
mapping.rules[].local[].user.name |
body |
string |
|
mapping.rules[].local[].user.email |
body |
string |
|
mapping.rules[].local[].user.domain |
body |
object |
|
mapping.rules[].local[].user.domain.id |
body |
string |
|
mapping.rules[].local[].user.domain.name |
body |
string |
|
mapping.rules[].local[].user.type |
body |
string |
|
mapping.rules[].local[].projects |
body |
array |
|
mapping.rules[].local[].projects[].name |
body |
string |
|
mapping.rules[].local[].projects[].roles |
body |
array |
|
mapping.rules[].local[].projects[].roles[].name |
body |
string |
|
mapping.rules[].local[].projects[].domain |
body |
object |
|
mapping.rules[].local[].projects[].domain.id |
body |
string |
|
mapping.rules[].local[].projects[].domain.name |
body |
string |
|
mapping.rules[].local[].group |
body |
object |
|
mapping.rules[].local[].groups |
body |
string |
|
mapping.rules[].local[].group_ids |
body |
string |
|
mapping.rules[].local[].domain |
body |
object |
|
mapping.rules[].local[].domain.id |
body |
string |
|
mapping.rules[].local[].domain.name |
body |
string |
|
mapping.rules[].remote |
body |
array |
|
mapping.schema_version |
body |
string |
Mapping schema version |
403¶
Error
404¶
Error
Create a mapping.
PUT /OS-FEDERATION/mappings/{mapping_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
mapping_id |
path |
string |
mapping_id parameter for /v3/OS-FEDERATION/mappings/{mapping_id} API |
mapping |
body |
object |
|
mapping.rules |
body |
array |
|
mapping.rules[].local |
body |
array |
|
mapping.rules[].local[].user |
body |
object |
|
mapping.rules[].local[].user.id |
body |
string |
|
mapping.rules[].local[].user.name |
body |
string |
|
mapping.rules[].local[].user.email |
body |
string |
|
mapping.rules[].local[].user.domain |
body |
object |
|
mapping.rules[].local[].user.domain.id |
body |
string |
|
mapping.rules[].local[].user.domain.name |
body |
string |
|
mapping.rules[].local[].user.type |
body |
string |
|
mapping.rules[].local[].projects |
body |
array |
|
mapping.rules[].local[].projects[].name |
body |
string |
|
mapping.rules[].local[].projects[].roles |
body |
array |
|
mapping.rules[].local[].projects[].roles[].name |
body |
string |
|
mapping.rules[].local[].projects[].domain |
body |
object |
|
mapping.rules[].local[].projects[].domain.id |
body |
string |
|
mapping.rules[].local[].projects[].domain.name |
body |
string |
|
mapping.rules[].local[].group |
body |
object |
|
mapping.rules[].local[].groups |
body |
string |
|
mapping.rules[].local[].group_ids |
body |
string |
|
mapping.rules[].local[].domain |
body |
object |
|
mapping.rules[].local[].domain.id |
body |
string |
|
mapping.rules[].local[].domain.name |
body |
string |
|
mapping.rules[].remote |
body |
array |
|
mapping.schema_version |
body |
string |
Mapping schema version |
{
"type": "object",
"properties": {
"mapping": {
"type": "object",
"required": [
"rules"
],
"properties": {
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
Responses¶
201¶
Ok
{
"type": "object",
"properties": {
"mapping": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Federation Mapping unique ID"
},
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
mapping |
body |
object |
|
mapping.id |
body |
string |
The Federation Mapping unique ID |
mapping.rules |
body |
array |
|
mapping.rules[].local |
body |
array |
|
mapping.rules[].local[].user |
body |
object |
|
mapping.rules[].local[].user.id |
body |
string |
|
mapping.rules[].local[].user.name |
body |
string |
|
mapping.rules[].local[].user.email |
body |
string |
|
mapping.rules[].local[].user.domain |
body |
object |
|
mapping.rules[].local[].user.domain.id |
body |
string |
|
mapping.rules[].local[].user.domain.name |
body |
string |
|
mapping.rules[].local[].user.type |
body |
string |
|
mapping.rules[].local[].projects |
body |
array |
|
mapping.rules[].local[].projects[].name |
body |
string |
|
mapping.rules[].local[].projects[].roles |
body |
array |
|
mapping.rules[].local[].projects[].roles[].name |
body |
string |
|
mapping.rules[].local[].projects[].domain |
body |
object |
|
mapping.rules[].local[].projects[].domain.id |
body |
string |
|
mapping.rules[].local[].projects[].domain.name |
body |
string |
|
mapping.rules[].local[].group |
body |
object |
|
mapping.rules[].local[].groups |
body |
string |
|
mapping.rules[].local[].group_ids |
body |
string |
|
mapping.rules[].local[].domain |
body |
object |
|
mapping.rules[].local[].domain.id |
body |
string |
|
mapping.rules[].local[].domain.name |
body |
string |
|
mapping.rules[].remote |
body |
array |
|
mapping.schema_version |
body |
string |
Mapping schema version |
403¶
Error
404¶
Error
Update an attribute mapping for identity federation.
PATCH /OS-FEDERATION/mappings/{mapping_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
mapping_id |
path |
string |
mapping_id parameter for /v3/OS-FEDERATION/mappings/{mapping_id} API |
mapping |
body |
object |
|
mapping.rules |
body |
array |
|
mapping.rules[].local |
body |
array |
|
mapping.rules[].local[].user |
body |
object |
|
mapping.rules[].local[].user.id |
body |
string |
|
mapping.rules[].local[].user.name |
body |
string |
|
mapping.rules[].local[].user.email |
body |
string |
|
mapping.rules[].local[].user.domain |
body |
object |
|
mapping.rules[].local[].user.domain.id |
body |
string |
|
mapping.rules[].local[].user.domain.name |
body |
string |
|
mapping.rules[].local[].user.type |
body |
string |
|
mapping.rules[].local[].projects |
body |
array |
|
mapping.rules[].local[].projects[].name |
body |
string |
|
mapping.rules[].local[].projects[].roles |
body |
array |
|
mapping.rules[].local[].projects[].roles[].name |
body |
string |
|
mapping.rules[].local[].projects[].domain |
body |
object |
|
mapping.rules[].local[].projects[].domain.id |
body |
string |
|
mapping.rules[].local[].projects[].domain.name |
body |
string |
|
mapping.rules[].local[].group |
body |
object |
|
mapping.rules[].local[].groups |
body |
string |
|
mapping.rules[].local[].group_ids |
body |
string |
|
mapping.rules[].local[].domain |
body |
object |
|
mapping.rules[].local[].domain.id |
body |
string |
|
mapping.rules[].local[].domain.name |
body |
string |
|
mapping.rules[].remote |
body |
array |
|
mapping.schema_version |
body |
string |
Mapping schema version |
{
"type": "object",
"properties": {
"mapping": {
"type": "object",
"required": [
"rules"
],
"properties": {
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"mapping": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Federation Mapping unique ID"
},
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
mapping |
body |
object |
|
mapping.id |
body |
string |
The Federation Mapping unique ID |
mapping.rules |
body |
array |
|
mapping.rules[].local |
body |
array |
|
mapping.rules[].local[].user |
body |
object |
|
mapping.rules[].local[].user.id |
body |
string |
|
mapping.rules[].local[].user.name |
body |
string |
|
mapping.rules[].local[].user.email |
body |
string |
|
mapping.rules[].local[].user.domain |
body |
object |
|
mapping.rules[].local[].user.domain.id |
body |
string |
|
mapping.rules[].local[].user.domain.name |
body |
string |
|
mapping.rules[].local[].user.type |
body |
string |
|
mapping.rules[].local[].projects |
body |
array |
|
mapping.rules[].local[].projects[].name |
body |
string |
|
mapping.rules[].local[].projects[].roles |
body |
array |
|
mapping.rules[].local[].projects[].roles[].name |
body |
string |
|
mapping.rules[].local[].projects[].domain |
body |
object |
|
mapping.rules[].local[].projects[].domain.id |
body |
string |
|
mapping.rules[].local[].projects[].domain.name |
body |
string |
|
mapping.rules[].local[].group |
body |
object |
|
mapping.rules[].local[].groups |
body |
string |
|
mapping.rules[].local[].group_ids |
body |
string |
|
mapping.rules[].local[].domain |
body |
object |
|
mapping.rules[].local[].domain.id |
body |
string |
|
mapping.rules[].local[].domain.name |
body |
string |
|
mapping.rules[].remote |
body |
array |
|
mapping.schema_version |
body |
string |
Mapping schema version |
403¶
Error
404¶
Error
GET operation on /v3/OS-FEDERATION/mappings
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"mappings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The Federation Mapping unique ID"
},
"rules": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"required": [
"local",
"remote"
],
"additionalProperties": false,
"properties": {
"local": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": false,
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
},
"email": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
},
"type": {
"type": "string",
"enum": [
"ephemeral",
"local"
]
}
},
"additionalProperties": false
},
"projects": {
"type": "array",
"items": {
"type": "object",
"required": [
"name",
"roles"
],
"additionalProperties": false,
"properties": {
"name": {
"type": "string"
},
"roles": {
"type": "array",
"items": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"group": {
"type": "object",
"oneOf": [
{
"type": "object",
"properties": {
"id": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"id"
]
},
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"name",
"domain"
]
}
]
},
"groups": {
"type": "string"
},
"group_ids": {
"type": "string"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"name": {
"type": "string"
}
},
"additionalProperties": false
}
}
}
},
"remote": {
"minItems": 1,
"type": "array",
"items": {
"type": "object",
"oneOf": [
{
"type": "object",
"required": [
"type"
],
"properties": {
"type": {
"type": "string"
}
},
"additionalProperties": false
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"any_one_of"
],
"properties": {
"type": {
"type": "string"
},
"any_one_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"not_any_of"
],
"properties": {
"type": {
"type": "string"
},
"not_any_of": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"blacklist"
],
"properties": {
"type": {
"type": "string"
},
"blacklist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
},
{
"type": "object",
"additionalProperties": false,
"required": [
"type",
"whitelist"
],
"properties": {
"type": {
"type": "string"
},
"whitelist": {
"type": "array"
},
"regex": {
"type": "boolean"
}
}
}
]
}
}
}
}
},
"schema_version": {
"type": "string",
"description": "Mapping schema version"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
mappings |
body |
array |
|
mappings[].id |
body |
string |
The Federation Mapping unique ID |
mappings[].rules |
body |
array |
|
mappings[].rules[].local |
body |
array |
|
mappings[].rules[].local[].user |
body |
object |
|
mappings[].rules[].local[].user.id |
body |
string |
|
mappings[].rules[].local[].user.name |
body |
string |
|
mappings[].rules[].local[].user.email |
body |
string |
|
mappings[].rules[].local[].user.domain |
body |
object |
|
mappings[].rules[].local[].user.domain.id |
body |
string |
|
mappings[].rules[].local[].user.domain.name |
body |
string |
|
mappings[].rules[].local[].user.type |
body |
string |
|
mappings[].rules[].local[].projects |
body |
array |
|
mappings[].rules[].local[].projects[].name |
body |
string |
|
mappings[].rules[].local[].projects[].roles |
body |
array |
|
mappings[].rules[].local[].projects[].roles[].name |
body |
string |
|
mappings[].rules[].local[].projects[].domain |
body |
object |
|
mappings[].rules[].local[].projects[].domain.id |
body |
string |
|
mappings[].rules[].local[].projects[].domain.name |
body |
string |
|
mappings[].rules[].local[].group |
body |
object |
|
mappings[].rules[].local[].groups |
body |
string |
|
mappings[].rules[].local[].group_ids |
body |
string |
|
mappings[].rules[].local[].domain |
body |
object |
|
mappings[].rules[].local[].domain.id |
body |
string |
|
mappings[].rules[].local[].domain.name |
body |
string |
|
mappings[].rules[].remote |
body |
array |
|
mappings[].schema_version |
body |
string |
Mapping schema version |
403¶
Error
404¶
Error
List service providers.
GET/HEAD /OS-FEDERATION/service_providers
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"service_providers": {
"type": "array",
"items": {
"type": "object",
"description": "A service provider object",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The service provider ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": true
},
"description": "A list of service provider objects"
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service_providers |
body |
array |
A list of service provider objects |
service_providers[].id |
body |
string |
The service provider ID |
service_providers[].links |
body |
object |
The link to the resource in question. |
service_providers[].links.self |
body |
string |
|
service_providers[].auth_url |
body |
string |
The URL to authenticate against |
service_providers[].sp_url |
body |
string |
The service provider’s URL |
service_providers[].description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_providers[].enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_providers[].relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Get a service provider.
GET/HEAD /OS-FEDERATION/service_providers/{service_provider_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A service provider object",
"properties": {
"service_provider": {
"type": "object",
"description": "A service provider object",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The service provider ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service_provider |
body |
object |
A service provider object |
service_provider.id |
body |
string |
The service provider ID |
service_provider.links |
body |
object |
The link to the resource in question. |
service_provider.links.self |
body |
string |
|
service_provider.auth_url |
body |
string |
The URL to authenticate against |
service_provider.sp_url |
body |
string |
The service provider’s URL |
service_provider.description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_provider.relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
403¶
Error
404¶
Error
Create a service provider.
PUT /OS-FEDERATION/service_providers/{service_provider_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
service_provider_id |
path |
string |
service_provider_id parameter for /v3/OS-FEDERATION/service_providers/{service_provider_id} API |
service_provider |
body |
object |
|
service_provider.auth_url |
body |
string |
The URL to authenticate against |
service_provider.sp_url |
body |
string |
The service provider’s URL |
service_provider.description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_provider.relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
{
"type": "object",
"description": "A service provider object",
"properties": {
"service_provider": {
"type": "object",
"properties": {
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": false,
"required": [
"auth_url",
"sp_url"
]
}
},
"additionalProperties": false,
"required": [
"service_provider"
]
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "A service provider object",
"properties": {
"service_provider": {
"type": "object",
"description": "A service provider object",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The service provider ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service_provider |
body |
object |
A service provider object |
service_provider.id |
body |
string |
The service provider ID |
service_provider.links |
body |
object |
The link to the resource in question. |
service_provider.links.self |
body |
string |
|
service_provider.auth_url |
body |
string |
The URL to authenticate against |
service_provider.sp_url |
body |
string |
The service provider’s URL |
service_provider.description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_provider.relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
403¶
Error
404¶
Error
Update a service provider.
PATCH /OS-FEDERATION/service_providers/{service_provider_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
service_provider_id |
path |
string |
service_provider_id parameter for /v3/OS-FEDERATION/service_providers/{service_provider_id} API |
service_provider |
body |
object |
|
service_provider.auth_url |
body |
string |
The URL to authenticate against |
service_provider.sp_url |
body |
string |
The service provider’s URL |
service_provider.description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_provider.relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
{
"type": "object",
"description": "A service provider object",
"properties": {
"service_provider": {
"type": "object",
"properties": {
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": false,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"service_provider"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A service provider object",
"properties": {
"service_provider": {
"type": "object",
"description": "A service provider object",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The service provider ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"auth_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The URL to authenticate against"
},
"sp_url": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+",
"description": "The service provider's URL"
},
"description": {
"type": [
"string",
"null"
],
"description": "The description of the service provider"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
],
"description": "Whether the service provider is enabled or not"
},
"relay_state_prefix": {
"type": [
"string",
"null"
],
"description": "The prefix of the RelayState SAML attribute"
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service_provider |
body |
object |
A service provider object |
service_provider.id |
body |
string |
The service provider ID |
service_provider.links |
body |
object |
The link to the resource in question. |
service_provider.links.self |
body |
string |
|
service_provider.auth_url |
body |
string |
The URL to authenticate against |
service_provider.sp_url |
body |
string |
The service provider’s URL |
service_provider.description |
body |
[‘string’, ‘null’] |
The description of the service provider |
service_provider.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
Whether the service provider is enabled or not |
service_provider.relay_state_prefix |
body |
[‘string’, ‘null’] |
The prefix of the RelayState SAML attribute |
403¶
Error
404¶
Error
credentials¶
List credentials.
GET /v3/credentials
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"credentials": {
"type": "array",
"items": {
"type": "object",
"description": "A credential object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID for the credential."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true
},
"description": "A list of credential objects."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
credentials |
body |
array |
A list of credential objects. |
credentials[].id |
body |
string |
The UUID for the credential. |
credentials[].links |
body |
object |
The link to the resource in question. |
credentials[].links.self |
body |
string |
|
credentials[].blob |
body |
string |
The credential itself, as a serialized blob. |
credentials[].project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credentials[].type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credentials[].user_id |
body |
string |
The ID of the user who owns the credential. |
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create new credentials.
POST /v3/credentials
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
credential |
body |
object |
|
credential.id |
body |
string |
The UUID for the credential. |
credential.blob |
body |
string |
The credential itself, as a serialized blob. |
credential.project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credential.type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credential.user_id |
body |
string |
The ID of the user who owns the credential. |
{
"type": "object",
"description": "A credential object.",
"properties": {
"credential": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The UUID for the credential."
},
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true,
"required": [
"blob",
"type",
"user_id"
],
"if": {
"properties": {
"type": {
"const": "ec2"
}
}
},
"then": {
"title": "ec2 credential requires project_id",
"required": [
"blob",
"type",
"user_id",
"project_id"
]
}
}
},
"required": [
"credential"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A credential object.",
"properties": {
"credential": {
"type": "object",
"description": "A credential object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID for the credential."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
credential |
body |
object |
A credential object. |
credential.id |
body |
string |
The UUID for the credential. |
credential.links |
body |
object |
The link to the resource in question. |
credential.links.self |
body |
string |
|
credential.blob |
body |
string |
The credential itself, as a serialized blob. |
credential.project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credential.type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credential.user_id |
body |
string |
The ID of the user who owns the credential. |
403¶
Error
404¶
Error
Retrieve existing credentials.
GET /v3/credentials/{credential_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A credential object.",
"properties": {
"credential": {
"type": "object",
"description": "A credential object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID for the credential."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
credential |
body |
object |
A credential object. |
credential.id |
body |
string |
The UUID for the credential. |
credential.links |
body |
object |
The link to the resource in question. |
credential.links.self |
body |
string |
|
credential.blob |
body |
string |
The credential itself, as a serialized blob. |
credential.project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credential.type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credential.user_id |
body |
string |
The ID of the user who owns the credential. |
403¶
Error
404¶
Error
Update existing credentials.
PATCH /v3/credentials/{credential_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
credential_id |
path |
string |
credential_id parameter for /v3/credentials/{credential_id} API |
credential |
body |
object |
|
credential.blob |
body |
string |
The credential itself, as a serialized blob. |
credential.project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credential.type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credential.user_id |
body |
string |
The ID of the user who owns the credential. |
{
"type": "object",
"description": "A credential object.",
"properties": {
"credential": {
"type": "object",
"properties": {
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"required": [
"credential"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A credential object.",
"properties": {
"credential": {
"type": "object",
"description": "A credential object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID for the credential."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"blob": {
"type": "string",
"description": "The credential itself, as a serialized blob."
},
"project_id": {
"type": [
"string",
"null"
],
"description": "The ID for the project. Mandatory for `EC2` type."
},
"type": {
"type": "string",
"description": "The credential type, such as ec2 or cert. The implementation determines the list of supported types."
},
"user_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the user who owns the credential."
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
credential |
body |
object |
A credential object. |
credential.id |
body |
string |
The UUID for the credential. |
credential.links |
body |
object |
The link to the resource in question. |
credential.links.self |
body |
string |
|
credential.blob |
body |
string |
The credential itself, as a serialized blob. |
credential.project_id |
body |
[‘string’, ‘null’] |
The ID for the project. Mandatory for |
credential.type |
body |
string |
The credential type, such as ec2 or cert. The implementation determines the list of supported types. |
credential.user_id |
body |
string |
The ID of the user who owns the credential. |
403¶
Error
404¶
Error
domains¶
List domains.
GET/HEAD /v3/domains
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domains": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"additionalProperties": false
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domains |
body |
array |
|
domains[].id |
body |
string |
|
domains[].links |
body |
object |
The link to the resource in question. |
domains[].links.self |
body |
string |
|
domains[].description |
body |
[‘string’, ‘null’] |
The resource description. |
domains[].enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domains[].name |
body |
string |
The resource name. |
domains[].options |
body |
object |
|
domains[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
domains[].tags |
body |
array |
|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create domain.
POST /v3/domains
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain |
body |
object |
|
domain.explicit_domain_id |
body |
string |
The ID of the domain. |
domain.description |
body |
[‘string’, ‘null’] |
The resource description. |
domain.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domain.name |
body |
string |
The resource name. |
domain.options |
body |
object |
|
domain.options.immutable |
body |
[‘boolean’, ‘null’] |
|
domain.tags |
body |
array |
{
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"explicit_domain_id": {
"description": "The ID of the domain.",
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"domain"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"domain"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domain |
body |
object |
|
domain.id |
body |
string |
|
domain.links |
body |
object |
The link to the resource in question. |
domain.links.self |
body |
string |
|
domain.description |
body |
[‘string’, ‘null’] |
The resource description. |
domain.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domain.name |
body |
string |
The resource name. |
domain.options |
body |
object |
|
domain.options.immutable |
body |
[‘boolean’, ‘null’] |
|
domain.tags |
body |
array |
403¶
Error
404¶
Error
Get domain
GET/HEAD /v3/domains/{domain_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"domain"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domain |
body |
object |
|
domain.id |
body |
string |
|
domain.links |
body |
object |
The link to the resource in question. |
domain.links.self |
body |
string |
|
domain.description |
body |
[‘string’, ‘null’] |
The resource description. |
domain.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domain.name |
body |
string |
The resource name. |
domain.options |
body |
object |
|
domain.options.immutable |
body |
[‘boolean’, ‘null’] |
|
domain.tags |
body |
array |
403¶
Error
404¶
Error
Update domain.
PATCH /v3/domains/{domain_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/domains/{domain_id} API |
domain |
body |
object |
|
domain.description |
body |
[‘string’, ‘null’] |
The resource description. |
domain.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domain.name |
body |
string |
The resource name. |
domain.options |
body |
object |
|
domain.options.immutable |
body |
[‘boolean’, ‘null’] |
|
domain.tags |
body |
array |
{
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"domain"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"description": "If set to true, domain is enabled. If set to false, domain is disabled.",
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"domain"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
domain |
body |
object |
|
domain.id |
body |
string |
|
domain.links |
body |
object |
The link to the resource in question. |
domain.links.self |
body |
string |
|
domain.description |
body |
[‘string’, ‘null’] |
The resource description. |
domain.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
If set to true, domain is enabled. If set to false, domain is disabled. |
domain.name |
body |
string |
The resource name. |
domain.options |
body |
object |
|
domain.options.immutable |
body |
[‘boolean’, ‘null’] |
|
domain.tags |
body |
array |
403¶
Error
404¶
Error
domain-configuration¶
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config GET/HEAD /v3/domains/{domain_id}/config/{group} GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Create domain config.
PUT /v3/domains/{domain_id}/config
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
config |
body |
object |
A config object. |
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Responses¶
201¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Update domain config option.
PATCH /v3/domains/{domain_id}/config PATCH /v3/domains/{domain_id}/config/{group} PATCH /v3/domains/{domain_id}/config/{group}/{option}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
config |
body |
object |
A config object. |
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config GET/HEAD /v3/domains/{domain_id}/config/{group} GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
},
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Update domain config option.
PATCH /v3/domains/{domain_id}/config PATCH /v3/domains/{domain_id}/config/{group} PATCH /v3/domains/{domain_id}/config/{group}/{option}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
group |
path |
string |
group parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
config |
body |
object |
A config object. |
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
},
"maxProperties": 1
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
},
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config GET/HEAD /v3/domains/{domain_id}/config/{group} GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"additionalProperties": true,
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
403¶
Error
404¶
Error
Update domain config option.
PATCH /v3/domains/{domain_id}/config PATCH /v3/domains/{domain_id}/config/{group} PATCH /v3/domains/{domain_id}/config/{group}/{option}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
group |
path |
string |
group parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
option |
path |
string |
option parameter for /v3/domains/{domain_id}/config/{group}/{option} API |
config |
body |
object |
{
"type": "object",
"properties": {
"config": {
"type": "object",
"additionalProperties": true,
"maxProperties": 1
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"additionalProperties": true,
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
403¶
Error
404¶
Error
Get default domain config.
GET/HEAD /v3/domains/config/default
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Get default domain group config.
GET/HEAD /v3/domains/config/{group}/default
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"description": "A config object.",
"additionalProperties": {
"type": "object",
"additionalProperties": true
},
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
A config object. |
403¶
Error
404¶
Error
Get default domain group option config.
GET/HEAD /v3/domains/config/{group}/{option}/default
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"config": {
"type": "object",
"additionalProperties": true,
"maxProperties": 1
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
config |
body |
object |
403¶
Error
404¶
Error
roles¶
Get user grant.
GET/HEAD /v3/domains/{domain_id}/users/{user_id}/roles
Responses¶
200¶
Ok
{
"type": "object",
"description": "List of roles assigned to the resource",
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].name |
body |
string |
The role name. |
roles[].description |
body |
string |
The role description. |
roles[].links |
body |
object |
|
roles[].links.self |
body |
string |
The link to the resource in question. |
links |
body |
object |
403¶
Error
404¶
Error
List all domain grants for a specific group.
GET/HEAD /v3/domains/{domain_id}/groups/{group_id}/roles
Responses¶
200¶
Ok
{
"type": "object",
"description": "List of roles assigned to the resource",
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].name |
body |
string |
The role name. |
roles[].description |
body |
string |
The role description. |
roles[].links |
body |
object |
|
roles[].links.self |
body |
string |
The link to the resource in question. |
links |
body |
object |
403¶
Error
404¶
Error
List roles.
GET/HEAD /v3/roles
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
},
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].links |
body |
object |
|
roles[].name |
body |
string |
The resource name. |
roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
roles[].options |
body |
object |
|
roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
links |
body |
object |
403¶
Error
404¶
Error
Create role.
POST /v3/roles
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
role |
body |
object |
A role object. |
role.name |
body |
string |
The resource name. |
role.description |
body |
[‘string’, ‘null’] |
The resource description. |
role.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
role.options |
body |
object |
|
role.options.immutable |
body |
[‘boolean’, ‘null’] |
{
"type": "object",
"properties": {
"role": {
"type": "object",
"description": "A role object.",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"role"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
},
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role |
body |
object |
A role object. |
role.id |
body |
string |
The role ID. |
role.links |
body |
object |
|
role.name |
body |
string |
The resource name. |
role.description |
body |
[‘string’, ‘null’] |
The resource description. |
role.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
role.options |
body |
object |
|
role.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Get role.
GET/HEAD /v3/roles/{role_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
},
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role |
body |
object |
A role object. |
role.id |
body |
string |
The role ID. |
role.links |
body |
object |
|
role.name |
body |
string |
The resource name. |
role.description |
body |
[‘string’, ‘null’] |
The resource description. |
role.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
role.options |
body |
object |
|
role.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Update role.
PATCH /v3/roles/{role_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
role_id |
path |
string |
role_id parameter for /v3/roles/{role_id} API |
role |
body |
object |
A role object. |
role.name |
body |
string |
The resource name. |
role.description |
body |
[‘string’, ‘null’] |
The resource description. |
role.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
role.options |
body |
object |
|
role.options.immutable |
body |
[‘boolean’, ‘null’] |
{
"type": "object",
"properties": {
"role": {
"type": "object",
"description": "A role object.",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"role"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
},
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role |
body |
object |
A role object. |
role.id |
body |
string |
The role ID. |
role.links |
body |
object |
|
role.name |
body |
string |
The resource name. |
role.description |
body |
[‘string’, ‘null’] |
The resource description. |
role.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
role.options |
body |
object |
|
role.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
List Implied Roles.
GET/HEAD /v3/roles/{prior_role_id}/implies
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role_inference": {
"type": "object",
"properties": {
"prior_role": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
},
"implies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role_inference |
body |
object |
|
role_inference.prior_role |
body |
object |
|
role_inference.prior_role.id |
body |
string |
The role ID. |
role_inference.prior_role.name |
body |
string |
The role name. |
role_inference.prior_role.description |
body |
string |
The role description. |
role_inference.prior_role.links |
body |
object |
|
role_inference.prior_role.links.self |
body |
string |
The link to the resource in question. |
role_inference.implies |
body |
array |
|
role_inference.implies[].id |
body |
string |
The role ID. |
role_inference.implies[].name |
body |
string |
The role name. |
role_inference.implies[].description |
body |
string |
The role description. |
role_inference.implies[].links |
body |
object |
|
role_inference.implies[].links.self |
body |
string |
The link to the resource in question. |
403¶
Error
404¶
Error
Get implied role.
GET/HEAD /v3/roles/{prior_role_id}/implies/{implied_role_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role_inference": {
"type": "object",
"properties": {
"prior_role": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
},
"implies": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role_inference |
body |
object |
|
role_inference.prior_role |
body |
object |
|
role_inference.prior_role.id |
body |
string |
The role ID. |
role_inference.prior_role.name |
body |
string |
The role name. |
role_inference.prior_role.description |
body |
string |
The role description. |
role_inference.prior_role.links |
body |
object |
|
role_inference.prior_role.links.self |
body |
string |
The link to the resource in question. |
role_inference.implies |
body |
object |
|
role_inference.implies.id |
body |
string |
The role ID. |
role_inference.implies.name |
body |
string |
The role name. |
role_inference.implies.description |
body |
string |
The role description. |
role_inference.implies.links |
body |
object |
|
role_inference.implies.links.self |
body |
string |
The link to the resource in question. |
403¶
Error
404¶
Error
Create implied role.
PUT /v3/roles/{prior_role_id}/implies/{implied_role_id}
Responses¶
201¶
Ok
{
"type": "object",
"properties": {
"role_inference": {
"type": "object",
"properties": {
"prior_role": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
},
"implies": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role_inference |
body |
object |
|
role_inference.prior_role |
body |
object |
|
role_inference.prior_role.id |
body |
string |
The role ID. |
role_inference.prior_role.name |
body |
string |
The role name. |
role_inference.prior_role.description |
body |
string |
The role description. |
role_inference.prior_role.links |
body |
object |
|
role_inference.prior_role.links.self |
body |
string |
The link to the resource in question. |
role_inference.implies |
body |
object |
|
role_inference.implies.id |
body |
string |
The role ID. |
role_inference.implies.name |
body |
string |
The role name. |
role_inference.implies.description |
body |
string |
The role description. |
role_inference.implies.links |
body |
object |
|
role_inference.implies.links.self |
body |
string |
The link to the resource in question. |
403¶
Error
404¶
Error
ec2tokens¶
endpoints¶
List all endpoints.
GET /v3/endpoints
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"endpoints": {
"type": "array",
"items": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"interface": {
"type": "string",
"enum": [
"internal",
"admin",
"public"
],
"description": "The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface."
},
"region": {
"type": "string",
"description": "The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": "3.2"
}
},
"region_id": {
"type": "string",
"format": "uuid",
"description": "The geographic location of the service ",
"x-openstack": {
"min-ver": "3.2"
}
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint URL."
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoints |
body |
array |
|
endpoints[].enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
endpoints[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoints[].interface |
body |
string |
The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface. |
endpoints[].region |
body |
string |
The geographic location of the service endpoint. |
endpoints[].region_id |
body |
string |
The geographic location of the service |
endpoints[].service_id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoints[].url |
body |
string |
The endpoint URL. |
403¶
Error
404¶
Error
Create new endpoints.
POST /v3/endpoints
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint |
body |
object |
|
endpoint.id |
body |
string |
The endpoint ID. |
endpoint.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint.region |
body |
[‘string’, ‘null’] |
(Deprecated in v3.2) The geographic location of the service endpoint. |
endpoint.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint.url |
body |
string |
The endpoint URL. |
endpoint.name |
body |
string |
The name of the endpoint. |
endpoint.description |
body |
[‘string’, ‘null’] |
A description of the endpoint. |
{
"type": "object",
"description": "An endpoint object",
"properties": {
"endpoint": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The endpoint ID."
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
},
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"region": {
"type": [
"string",
"null"
],
"description": "(Deprecated in v3.2) The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": 3.2
}
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"url": {
"type": "string",
"description": "The endpoint URL.",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+"
},
"name": {
"type": "string",
"description": "The name of the endpoint."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the endpoint."
}
},
"additionalProperties": true,
"required": [
"interface",
"service_id",
"url"
]
}
},
"additionalProperties": false
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"endpoint": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"interface": {
"type": "string",
"enum": [
"internal",
"admin",
"public"
],
"description": "The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface."
},
"region": {
"type": "string",
"description": "The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": "3.2"
}
},
"region_id": {
"type": "string",
"format": "uuid",
"description": "The geographic location of the service ",
"x-openstack": {
"min-ver": "3.2"
}
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint URL."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint |
body |
object |
|
endpoint.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
endpoint.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.interface |
body |
string |
The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface. |
endpoint.region |
body |
string |
The geographic location of the service endpoint. |
endpoint.region_id |
body |
string |
The geographic location of the service |
endpoint.service_id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.url |
body |
string |
The endpoint URL. |
403¶
Error
404¶
Error
Show endpoint details
GET /v3/endpoints/{endpoint_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"endpoint": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"interface": {
"type": "string",
"enum": [
"internal",
"admin",
"public"
],
"description": "The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface."
},
"region": {
"type": "string",
"description": "The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": "3.2"
}
},
"region_id": {
"type": "string",
"format": "uuid",
"description": "The geographic location of the service ",
"x-openstack": {
"min-ver": "3.2"
}
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint URL."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint |
body |
object |
|
endpoint.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
endpoint.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.interface |
body |
string |
The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface. |
endpoint.region |
body |
string |
The geographic location of the service endpoint. |
endpoint.region_id |
body |
string |
The geographic location of the service |
endpoint.service_id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.url |
body |
string |
The endpoint URL. |
403¶
Error
404¶
Error
Update existing endpoints.
PATCH /v3/endpoints/{endpoint_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_id |
path |
string |
endpoint_id parameter for /v3/endpoints/{endpoint_id} API |
endpoint |
body |
object |
|
endpoint.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint.region |
body |
[‘string’, ‘null’] |
(Deprecated in v3.2) The geographic location of the service endpoint. |
endpoint.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint.url |
body |
string |
The endpoint URL. |
endpoint.name |
body |
string |
The name of the endpoint. |
endpoint.description |
body |
[‘string’, ‘null’] |
A description of the endpoint. |
{
"type": "object",
"description": "An endpoint object",
"properties": {
"endpoint": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
},
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"region": {
"type": [
"string",
"null"
],
"description": "(Deprecated in v3.2) The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": 3.2
}
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"url": {
"type": "string",
"description": "The endpoint URL.",
"minLength": 0,
"maxLength": 225,
"pattern": "^[a-zA-Z0-9+.-]+:.+"
},
"name": {
"type": "string",
"description": "The name of the endpoint."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the endpoint."
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"endpoint"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"endpoint": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"interface": {
"type": "string",
"enum": [
"internal",
"admin",
"public"
],
"description": "The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface."
},
"region": {
"type": "string",
"description": "The geographic location of the service endpoint.",
"x-openstack": {
"max-ver": "3.2"
}
},
"region_id": {
"type": "string",
"format": "uuid",
"description": "The geographic location of the service ",
"x-openstack": {
"min-ver": "3.2"
}
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs."
},
"url": {
"type": "string",
"format": "uri",
"description": "The endpoint URL."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint |
body |
object |
|
endpoint.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
endpoint.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.interface |
body |
string |
The interface type, which describes the visibility of the Value is: - public. Visible by end users on a publicly available network interface. - internal. Visible by end users on an unmetered internal network interface. - admin. Visible by administrative users on a secure network interface. |
endpoint.region |
body |
string |
The geographic location of the service endpoint. |
endpoint.region_id |
body |
string |
The geographic location of the service |
endpoint.service_id |
body |
string |
The UUID of the service to which the endpoint belongs. |
endpoint.url |
body |
string |
The endpoint URL. |
403¶
Error
404¶
Error
groups¶
List groups.
GET/HEAD /groups
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"groups": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
groups |
body |
array |
|
groups[].id |
body |
string |
The user ID. |
groups[].description |
body |
[‘string’, ‘null’] |
The resource description. |
groups[].domain_id |
body |
string |
|
groups[].name |
body |
string |
403¶
Error
404¶
Error
Create group.
POST /groups
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
group |
body |
object |
|
group.description |
body |
[‘string’, ‘null’] |
The resource description. |
group.domain_id |
body |
string |
|
group.id |
body |
string |
The user ID. |
group.name |
body |
string |
{
"oneOf": [
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
},
"additionalProperties": true,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"group"
]
},
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
},
"additionalProperties": true,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"group"
]
}
],
"x-openstack": {
"discriminator": "microversion"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
group |
body |
object |
|
group.id |
body |
string |
The user ID. |
group.description |
body |
[‘string’, ‘null’] |
The resource description. |
group.domain_id |
body |
string |
|
group.name |
body |
string |
403¶
Error
404¶
Error
Get a group reference.
GET/HEAD /groups/{group_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
group |
body |
object |
|
group.id |
body |
string |
The user ID. |
group.description |
body |
[‘string’, ‘null’] |
The resource description. |
group.domain_id |
body |
string |
|
group.name |
body |
string |
403¶
Error
404¶
Error
Update group.
PATCH /groups/{group_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
group_id |
path |
string |
group_id parameter for /v3/groups/{group_id} API |
group |
body |
object |
|
group.description |
body |
[‘string’, ‘null’] |
The resource description. |
group.id |
body |
string |
The user ID. |
group.name |
body |
string |
{
"oneOf": [
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"group"
]
},
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"group"
]
}
],
"x-openstack": {
"discriminator": "microversion"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"group": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
group |
body |
object |
|
group.id |
body |
string |
The user ID. |
group.description |
body |
[‘string’, ‘null’] |
The resource description. |
group.domain_id |
body |
string |
|
group.name |
body |
string |
403¶
Error
404¶
Error
Get list of users in group.
GET/HEAD /groups/{group_id}/users
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
users |
body |
array |
|
users[].id |
body |
string |
The user ID. |
users[].default_project_id |
body |
[‘string’, ‘null’] |
|
users[].description |
body |
[‘string’, ‘null’] |
The resource description. |
users[].domain_id |
body |
string |
|
users[].enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
users[].federated |
body |
array |
|
users[].federated[].idp_id |
body |
string |
|
users[].federated[].protocols |
body |
array |
|
users[].federated[].protocols[].protocol_id |
body |
string |
|
users[].federated[].protocols[].unique_id |
body |
string |
|
users[].links |
body |
object |
Links for the collection of resources. |
users[].links.next |
body |
[‘string’, ‘null’] |
|
users[].links.previous |
body |
[‘string’, ‘null’] |
|
users[].links.self |
body |
string |
|
users[].name |
body |
string |
|
users[].password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
users[].options |
body |
object |
|
users[].options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
users[].options.lock_password |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
users[].options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
users[].options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
limits¶
List limits.
GET /v3/limits
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"limits": {
"type": "array",
"items": {
"type": "object",
"description": "A limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The limit ID.",
"readOnly": true
},
"project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the project."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the limit belongs."
},
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
},
"description": "A list of limit objects."
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
limits |
body |
array |
A list of limit objects. |
limits[].id |
body |
string |
The limit ID. |
limits[].project_id |
body |
[‘string’, ‘null’] |
The ID of the project. |
limits[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
limits[].links |
body |
object |
The link to the resource in question. |
limits[].links.self |
body |
string |
|
limits[].resource_name |
body |
string |
The resource name. |
limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
limits[].service_id |
body |
string |
The UUID of the service to which the limit belongs. |
limits[].resource_limit |
body |
integer |
The override limit. |
limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create new limits.
POST /v3/limits
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
limits |
body |
array |
A list of limit objects. |
limits[].project_id |
body |
[‘string’, ‘null’] |
The ID of the project. |
limits[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
limits[].resource_name |
body |
string |
The resource name. |
limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
limits[].service_id |
body |
string |
The UUID of the service to which the limit belongs. |
limits[].resource_limit |
body |
integer |
The override limit. |
limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
{
"type": "object",
"properties": {
"limits": {
"type": "array",
"items": {
"type": "object",
"properties": {
"project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the project."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the limit belongs."
},
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"required": [
"service_id",
"resource_name",
"resource_limit"
],
"oneOf": [
{
"required": [
"service_id",
"resource_name",
"resource_limit",
"domain_id"
]
},
{
"required": [
"service_id",
"resource_name",
"resource_limit",
"project_id"
]
}
],
"additionalProperties": false
},
"minItems": 1,
"description": "A list of limit objects."
}
},
"additionalProperties": false,
"required": [
"limits"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"limits": {
"type": "array",
"items": {
"type": "object",
"description": "A limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The limit ID.",
"readOnly": true
},
"project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the project."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the limit belongs."
},
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
},
"description": "A list of limit objects."
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
limits |
body |
array |
A list of limit objects. |
limits[].id |
body |
string |
The limit ID. |
limits[].project_id |
body |
[‘string’, ‘null’] |
The ID of the project. |
limits[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
limits[].links |
body |
object |
The link to the resource in question. |
limits[].links.self |
body |
string |
|
limits[].resource_name |
body |
string |
The resource name. |
limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
limits[].service_id |
body |
string |
The UUID of the service to which the limit belongs. |
limits[].resource_limit |
body |
integer |
The override limit. |
limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
403¶
Error
404¶
Error
Retrieve an existing limit.
GET /v3/limits/{limit_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"limit": {
"type": "object",
"description": "A limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The limit ID.",
"readOnly": true
},
"project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the project."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the limit belongs."
},
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
limit |
body |
object |
A limit object. |
limit.id |
body |
string |
The limit ID. |
limit.project_id |
body |
[‘string’, ‘null’] |
The ID of the project. |
limit.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
limit.links |
body |
object |
The link to the resource in question. |
limit.links.self |
body |
string |
|
limit.resource_name |
body |
string |
The resource name. |
limit.region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
limit.service_id |
body |
string |
The UUID of the service to which the limit belongs. |
limit.resource_limit |
body |
integer |
The override limit. |
limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
403¶
Error
404¶
Error
Update an existing limit.
PATCH /v3/limits/{limit_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
limit_id |
path |
string |
limit_id parameter for /v3/limits/{limit_id} API |
limit |
body |
object |
Updates to make to a limit. |
limit.resource_limit |
body |
integer |
The override limit. |
limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
{
"type": "object",
"properties": {
"limit": {
"type": "object",
"description": "Updates to make to a limit.",
"properties": {
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"limit"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"limit": {
"type": "object",
"description": "A limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The limit ID.",
"readOnly": true
},
"project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the project."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the limit belongs."
},
"resource_limit": {
"description": "The override limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
limit |
body |
object |
A limit object. |
limit.id |
body |
string |
The limit ID. |
limit.project_id |
body |
[‘string’, ‘null’] |
The ID of the project. |
limit.domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
limit.links |
body |
object |
The link to the resource in question. |
limit.links.self |
body |
string |
|
limit.resource_name |
body |
string |
The resource name. |
limit.region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
limit.service_id |
body |
string |
The UUID of the service to which the limit belongs. |
limit.resource_limit |
body |
integer |
The override limit. |
limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
403¶
Error
404¶
Error
Retrieve enforcement model.
GET /v3/limits/model
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"model": {
"type": "object",
"description": "A model object describing the configured enforcement model used by the deployment.",
"properties": {
"description": {
"type": "string",
"description": "A short description of the enforcement model used."
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the enforcement model."
}
}
},
"additionalProperties": false
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
model |
body |
object |
A model object describing the configured enforcement model used by the deployment. |
model.description |
body |
string |
A short description of the enforcement model used. |
model.name |
body |
string |
The name of the enforcement model. |
403¶
Error
404¶
Error
OS-EP-FILTER¶
List all endpoint groups.
GET /v3/OS-EP-FILTER/endpoint_groups
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"endpoint_groups": {
"type": "array",
"items": {
"type": "object",
"description": "An endpoint group object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The endpoint group ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false
},
"description": "A list of endpoint group objects"
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_groups |
body |
array |
A list of endpoint group objects |
endpoint_groups[].id |
body |
string |
The endpoint group ID |
endpoint_groups[].links |
body |
object |
The link to the resource in question. |
endpoint_groups[].links.self |
body |
string |
|
endpoint_groups[].description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_groups[].filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_groups[].filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_groups[].filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_groups[].filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_groups[].filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_groups[].name |
body |
string |
The name of the endpoint group. |
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create new endpoint groups.
POST /v3/OS-EP-FILTER/endpoint_groups
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group |
body |
object |
|
endpoint_group.description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_group.filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_group.filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_group.filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_group.filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_group.filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_group.name |
body |
string |
The name of the endpoint group. |
{
"type": "object",
"description": "An endpoint group object",
"properties": {
"endpoint_group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false,
"required": [
"name",
"filters"
]
}
},
"additionalProperties": false
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "An endpoint group object",
"properties": {
"endpoint_group": {
"type": "object",
"description": "An endpoint group object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The endpoint group ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group |
body |
object |
An endpoint group object. |
endpoint_group.id |
body |
string |
The endpoint group ID |
endpoint_group.links |
body |
object |
The link to the resource in question. |
endpoint_group.links.self |
body |
string |
|
endpoint_group.description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_group.filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_group.filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_group.filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_group.filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_group.filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_group.name |
body |
string |
The name of the endpoint group. |
403¶
Error
404¶
Error
Get Endpoint Group
GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "An endpoint group object",
"properties": {
"endpoint_group": {
"type": "object",
"description": "An endpoint group object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The endpoint group ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group |
body |
object |
An endpoint group object. |
endpoint_group.id |
body |
string |
The endpoint group ID |
endpoint_group.links |
body |
object |
The link to the resource in question. |
endpoint_group.links.self |
body |
string |
|
endpoint_group.description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_group.filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_group.filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_group.filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_group.filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_group.filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_group.name |
body |
string |
The name of the endpoint group. |
403¶
Error
404¶
Error
Update existing endpoint groups
PATCH /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group_id |
path |
string |
endpoint_group_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id} API |
endpoint_group |
body |
object |
|
endpoint_group.description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_group.filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_group.filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_group.filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_group.filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_group.filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_group.name |
body |
string |
The name of the endpoint group. |
{
"type": "object",
"description": "An endpoint group object",
"properties": {
"endpoint_group": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"endpoint_group"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "An endpoint group object",
"properties": {
"endpoint_group": {
"type": "object",
"description": "An endpoint group object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The endpoint group ID"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
],
"description": "The endpoint group description."
},
"filters": {
"type": "object",
"description": "Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin.",
"properties": {
"interface": {
"type": "string",
"enum": [
"admin",
"internal",
"public"
],
"description": "The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface."
},
"service_id": {
"type": "string",
"description": "The UUID of the service to which the endpoint belongs"
},
"region_id": {
"type": [
"string",
"null"
],
"description": "(Since v3.2) The ID of the region that contains the service endpoint.",
"x-openstack": {
"min-ver": 3.2
}
},
"enabled": {
"type": "boolean",
"description": "Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog."
}
}
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the endpoint group."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group |
body |
object |
An endpoint group object. |
endpoint_group.id |
body |
string |
The endpoint group ID |
endpoint_group.links |
body |
object |
The link to the resource in question. |
endpoint_group.links.self |
body |
string |
|
endpoint_group.description |
body |
[‘string’, ‘null’] |
The endpoint group description. |
endpoint_group.filters |
body |
object |
Describes the filtering performed by the endpoint group. The filter used must be an endpoint property, such as interface, service_id, region, and enabled. Note that if using interface as a filter, the only available values are public, internal, and admin. |
endpoint_group.filters.interface |
body |
string |
The interface type, which describes the visibility of the endpoint. Value is: -public. Visible by end users on a publicly available network interface. -internal. Visible by end users on an unmetered internal network interface. -admin. Visible by administrative users on a secure network interface. |
endpoint_group.filters.service_id |
body |
string |
The UUID of the service to which the endpoint belongs |
endpoint_group.filters.region_id |
body |
[‘string’, ‘null’] |
(Since v3.2) The ID of the region that contains the service endpoint. |
endpoint_group.filters.enabled |
body |
boolean |
Indicates whether the endpoint appears in the service catalog -false. The endpoint does not appear in the service catalog. -true. The endpoint appears in the service catalog. |
endpoint_group.name |
body |
string |
The name of the endpoint group. |
403¶
Error
404¶
Error
PUT operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
project_id |
path |
string |
project_id parameter for /v3/OS-EP-FILTER/projects/{project_id}/endpoints API |
endpoint_id |
path |
string |
endpoint_id parameter for /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id} API |
{
"type": "object",
"description": "Request of the OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:put operation"
}
403¶
Error
404¶
Error
PUT operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
endpoint_group_id |
path |
string |
endpoint_group_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id} API |
project_id |
path |
string |
project_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id} API |
{
"type": "object",
"description": "Request of the OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:put operation"
}
403¶
Error
404¶
Error
OS-INHERIT¶
Check for an inherited grant for a group on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id} /roles/{role_id}/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Create an inherited grant for a group on a domain.
PUT /OS-INHERIT/domains/{domain_id}/groups/{group_id} /roles/{role_id}/inherited_to_projects
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects API |
group_id |
path |
string |
group_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects API |
role_id |
path |
string |
role_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API |
{
"type": "object",
"description": "Request of the OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:put operation"
}
403¶
Error
404¶
Error
List roles (inherited) for a group on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id} /roles/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Check for an inherited grant for a user on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles /{role_id}/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Create an inherited grant for a user on a domain.
PUT /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id} /inherited_to_projects
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
domain_id |
path |
string |
domain_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects API |
user_id |
path |
string |
user_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects API |
role_id |
path |
string |
role_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API |
{
"type": "object",
"description": "Request of the OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:put operation"
}
403¶
Error
404¶
Error
List roles (inherited) for a user on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id} /roles/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Check for an inherited grant for a user on a project.
GET/HEAD /OS-INHERIT/projects/{project_id}/users/{user_id} /roles/{role_id}/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Create an inherited grant for a user on a project.
PUT /OS-INHERIT/projects/{project_id}/users/{user_id} /roles/{role_id}/inherited_to_projects
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
project_id |
path |
string |
project_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API |
user_id |
path |
string |
user_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API |
role_id |
path |
string |
role_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API |
{
"type": "object",
"description": "Request of the OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:put operation"
}
403¶
Error
404¶
Error
Check for an inherited grant for a group on a project.
GET/HEAD /OS-INHERIT/projects/{project_id}/groups/{group_id} /roles/{role_id}/inherited_to_projects
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:get operation"
}
403¶
Error
404¶
Error
Create an inherited grant for a group on a project.
PUT /OS-INHERIT/projects/{project_id}/groups/{group_id} /roles/{role_id}/inherited_to_projects
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
project_id |
path |
string |
project_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API |
group_id |
path |
string |
group_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API |
role_id |
path |
string |
role_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API |
{
"type": "object",
"description": "Request of the OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:put operation"
}
403¶
Error
404¶
Error
OS-OAUTH1¶
PATCH operation on /v3/OS-OAUTH1/consumers/{consumer_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
consumer_id |
path |
string |
consumer_id parameter for /v3/OS-OAUTH1/consumers/{consumer_id} API |
{
"type": "object",
"description": "Request of the OS-OAUTH1/consumers/consumer_id:patch operation",
"x-openstack": {
"action-name": "PATCH"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-OAUTH1/consumers/consumer_id:patch operation"
}
403¶
Error
404¶
Error
POST operation on /v3/OS-OAUTH1/consumers
Request¶
{
"type": "object",
"description": "Request of the OS-OAUTH1/consumers:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-OAUTH1/consumers:post operation"
}
403¶
Error
404¶
Error
POST operation on /v3/OS-OAUTH1/request_token
Request¶
{
"type": "object",
"description": "Request of the OS-OAUTH1/request_token:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-OAUTH1/request_token:post operation"
}
403¶
Error
404¶
Error
POST operation on /v3/OS-OAUTH1/access_token
Request¶
{
"type": "object",
"description": "Request of the OS-OAUTH1/access_token:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-OAUTH1/access_token:post operation"
}
403¶
Error
404¶
Error
PUT operation on /v3/OS-OAUTH1/authorize/{request_token_id}
OS-OAUTH2¶
Get an OAuth2.0 Access Token.
POST /v3/OS-OAUTH2/token
Request¶
{
"type": "object",
"description": "Request of the OS-OAUTH2/token:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the OS-OAUTH2/token:post operation"
}
403¶
Error
404¶
Error
OS-REVOKE¶
OS-SIMPLE-CERT¶
policies¶
PATCH operation on /v3/policies/{policy_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
policy_id |
path |
string |
policy_id parameter for /v3/policies/{policy_id} API |
{
"type": "object",
"description": "Request of the policies/policy_id:patch operation",
"x-openstack": {
"action-name": "PATCH"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the policies/policy_id:patch operation"
}
403¶
Error
404¶
Error
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
policy_id |
path |
string |
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} API |
endpoint_id |
path |
string |
endpoint_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} API |
{
"type": "object",
"description": "Request of the policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:put operation"
}
403¶
Error
404¶
Error
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
policy_id |
path |
string |
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} API |
service_id |
path |
string |
service_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} API |
{
"type": "object",
"description": "Request of the policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:put operation"
}
403¶
Error
404¶
Error
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
policy_id |
path |
string |
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API |
service_id |
path |
string |
service_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API |
region_id |
path |
string |
region_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API |
{
"type": "object",
"description": "Request of the policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:put operation"
}
403¶
Error
404¶
Error
projects¶
List projects.
GET/HEAD /v3/projects
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"projects": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
]
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"is_domain": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"parent_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
projects |
body |
array |
|
projects[].id |
body |
string |
|
projects[].links |
body |
object |
The link to the resource in question. |
projects[].links.self |
body |
string |
|
projects[].description |
body |
[‘string’, ‘null’] |
|
projects[].domain_id |
body |
[‘string’, ‘null’] |
|
projects[].enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
projects[].is_domain |
body |
[‘boolean’, ‘string’, ‘null’] |
|
projects[].parent_id |
body |
[‘string’, ‘null’] |
|
projects[].name |
body |
string |
The resource name. |
projects[].tags |
body |
array |
|
projects[].options |
body |
object |
|
projects[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create project.
POST /v3/projects
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
project |
body |
object |
|
project.description |
body |
[‘string’, ‘null’] |
|
project.domain_id |
body |
[‘string’, ‘null’] |
|
project.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.is_domain |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.parent_id |
body |
[‘string’, ‘null’] |
|
project.name |
body |
string |
The resource name. |
project.tags |
body |
array |
|
project.options |
body |
object |
|
project.options.immutable |
body |
[‘boolean’, ‘null’] |
{
"type": "object",
"properties": {
"project": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
]
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"is_domain": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"parent_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"required": [
"name"
]
}
},
"additionalProperties": false
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"project": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
]
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"is_domain": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"parent_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
project |
body |
object |
|
project.id |
body |
string |
|
project.links |
body |
object |
The link to the resource in question. |
project.links.self |
body |
string |
|
project.description |
body |
[‘string’, ‘null’] |
|
project.domain_id |
body |
[‘string’, ‘null’] |
|
project.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.is_domain |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.parent_id |
body |
[‘string’, ‘null’] |
|
project.name |
body |
string |
The resource name. |
project.tags |
body |
array |
|
project.options |
body |
object |
|
project.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Get project.
GET/HEAD /v3/projects/{project_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"project": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
]
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"is_domain": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"parent_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
project |
body |
object |
|
project.id |
body |
string |
|
project.links |
body |
object |
The link to the resource in question. |
project.links.self |
body |
string |
|
project.description |
body |
[‘string’, ‘null’] |
|
project.domain_id |
body |
[‘string’, ‘null’] |
|
project.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.is_domain |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.parent_id |
body |
[‘string’, ‘null’] |
|
project.name |
body |
string |
The resource name. |
project.tags |
body |
array |
|
project.options |
body |
object |
|
project.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Update project.
PATCH /v3/projects/{project_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
project_id |
path |
string |
project_id parameter for /v3/projects/{project_id} API |
project |
body |
object |
|
project.description |
body |
[‘string’, ‘null’] |
|
project.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.name |
body |
string |
The resource name. |
project.options |
body |
object |
|
project.options.immutable |
body |
[‘boolean’, ‘null’] |
|
project.tags |
body |
array |
{
"type": "object",
"properties": {
"project": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
]
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
}
}
}
},
"additionalProperties": false
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"project": {
"type": "object",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"description": {
"type": [
"string",
"null"
]
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"is_domain": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"parent_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"description": "The resource name.",
"minLength": 1,
"maxLength": 64,
"pattern": "[\\S]+"
},
"tags": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "^[^,/]*$"
},
"required": [],
"maxItems": 80,
"uniqueItems": true
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
project |
body |
object |
|
project.id |
body |
string |
|
project.links |
body |
object |
The link to the resource in question. |
project.links.self |
body |
string |
|
project.description |
body |
[‘string’, ‘null’] |
|
project.domain_id |
body |
[‘string’, ‘null’] |
|
project.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.is_domain |
body |
[‘boolean’, ‘string’, ‘null’] |
|
project.parent_id |
body |
[‘string’, ‘null’] |
|
project.name |
body |
string |
The resource name. |
project.tags |
body |
array |
|
project.options |
body |
object |
|
project.options.immutable |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
List tags associated with a given project.
GET /v3/projects/{project_id}/tags
List tags associated with a given project.
GET /v3/projects/{project_id}/tags
Update all tags associated with a given project.
PUT /v3/projects/{project_id}/tags
Delete all tags associated with a given project.
DELETE /v3/projects/{project_id}/tags
Get information for a single tag associated with a given project.
GET /v3/projects/{project_id}/tags/{value}
Get information for a single tag associated with a given project.
GET /v3/projects/{project_id}/tags/{value}
Add a single tag to a project.
PUT /v3/projects/{project_id}/tags/{value}
Delete a single tag from a project.
/v3/projects/{project_id}/tags/{value}
List grants for user on project.
GET/HEAD /v3/projects/{project_id}/users/{user_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "List of roles assigned to the resource",
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].name |
body |
string |
The role name. |
roles[].description |
body |
string |
The role description. |
roles[].links |
body |
object |
|
roles[].links.self |
body |
string |
The link to the resource in question. |
links |
body |
object |
403¶
Error
404¶
Error
List grants for group on project.
GET/HEAD /v3/projects/{project_id}/groups/{group_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "List of roles assigned to the resource",
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
},
"links": {
"type": "object",
"additionalProperties": {
"type": [
"string",
"null"
],
"format": "uri"
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].name |
body |
string |
The role name. |
roles[].description |
body |
string |
The role description. |
roles[].links |
body |
object |
|
roles[].links.self |
body |
string |
The link to the resource in question. |
links |
body |
object |
403¶
Error
404¶
Error
regions¶
GET operation on /v3/regions/{region_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"region": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
region |
body |
object |
|
region.description |
body |
string |
The region description. |
region.id |
body |
string |
The ID for the region. |
region.parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
403¶
Error
404¶
Error
PUT operation on /v3/regions/{region_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
region_id |
path |
string |
region_id parameter for /v3/regions/{region_id} API |
{
"type": "object",
"description": "Request of the regions/region_id:put operation",
"x-openstack": {
"action-name": "PUT"
}
}
Responses¶
201¶
Ok
{
"type": "object",
"description": "Response of the regions/region_id:put operation"
}
403¶
Error
404¶
Error
PATCH operation on /v3/regions/{region_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
region_id |
path |
string |
region_id parameter for /v3/regions/{region_id} API |
region |
body |
object |
|
region.description |
body |
string |
The region description. |
region.id |
body |
string |
The ID for the region. |
region.parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
{
"type": "object",
"properties": {
"region": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"region": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
region |
body |
object |
|
region.description |
body |
string |
The region description. |
region.id |
body |
string |
The ID for the region. |
region.parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
403¶
Error
404¶
Error
GET operation on /v3/regions
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"regions": {
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
regions |
body |
array |
|
regions[].description |
body |
string |
The region description. |
regions[].id |
body |
string |
The ID for the region. |
regions[].parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
403¶
Error
404¶
Error
POST operation on /v3/regions
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
region |
body |
object |
|
region.description |
body |
string |
The region description. |
region.id |
body |
string |
The ID for the region. |
region.parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
{
"type": "object",
"properties": {
"region": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"region": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The region description."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID for the region.",
"readOnly": true
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "To make this region a child of another region, set this parameter to the ID of the parent region."
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
region |
body |
object |
|
region.description |
body |
string |
The region description. |
region.id |
body |
string |
The ID for the region. |
region.parent_id |
body |
string |
To make this region a child of another region, set this parameter to the ID of the parent region. |
403¶
Error
404¶
Error
registered_limits¶
List registered limits.
GET /v3/registered_limits
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"registered_limits": {
"type": "array",
"items": {
"type": "object",
"description": "A registered limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The registered limit ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"description": "The default limit for the registered limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
},
"description": "A list of registered limit objects."
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
registered_limits |
body |
array |
A list of registered limit objects. |
registered_limits[].id |
body |
string |
The registered limit ID. |
registered_limits[].links |
body |
object |
The link to the resource in question. |
registered_limits[].links.self |
body |
string |
|
registered_limits[].service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limits[].resource_name |
body |
string |
The resource name. |
registered_limits[].default_limit |
body |
integer |
The default limit for the registered limit. |
registered_limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create new registered limits.
POST /v3/registered_limits
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
registered_limits |
body |
array |
A list of registered limit objects. |
registered_limits[].service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limits[].resource_name |
body |
string |
The resource name. |
registered_limits[].default_limit |
body |
integer |
The default limit for the registered limit. |
registered_limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
{
"type": "object",
"properties": {
"registered_limits": {
"type": "array",
"items": {
"type": "object",
"properties": {
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"description": "The default limit for the registered limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false,
"required": [
"service_id",
"resource_name",
"default_limit"
]
},
"minItems": 1,
"description": "A list of registered limit objects."
}
},
"additionalProperties": false,
"required": [
"registered_limits"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"registered_limits": {
"type": "array",
"items": {
"type": "object",
"description": "A registered limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The registered limit ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"description": "The default limit for the registered limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
},
"description": "A list of registered limit objects."
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
registered_limits |
body |
array |
A list of registered limit objects. |
registered_limits[].id |
body |
string |
The registered limit ID. |
registered_limits[].links |
body |
object |
The link to the resource in question. |
registered_limits[].links.self |
body |
string |
|
registered_limits[].service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limits[].region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limits[].resource_name |
body |
string |
The resource name. |
registered_limits[].default_limit |
body |
integer |
The default limit for the registered limit. |
registered_limits[].description |
body |
[‘string’, ‘null’] |
The resource description. |
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Retrieve an existing registered limit.
GET /v3/registered_limits/{registered_limit_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"registered_limit": {
"type": "object",
"description": "A registered limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The registered limit ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"description": "The default limit for the registered limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
registered_limit |
body |
object |
A registered limit object. |
registered_limit.id |
body |
string |
The registered limit ID. |
registered_limit.links |
body |
object |
The link to the resource in question. |
registered_limit.links.self |
body |
string |
|
registered_limit.service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limit.region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limit.resource_name |
body |
string |
The resource name. |
registered_limit.default_limit |
body |
integer |
The default limit for the registered limit. |
registered_limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
403¶
Error
404¶
Error
Update an existing registered limit.
PATCH /v3/registered_limits/{registered_limit_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
registered_limit_id |
path |
string |
registered_limit_id parameter for /v3/registered_limits/{registered_limit_id} API |
registered_limit |
body |
object |
Updates to make to a registered limit. |
registered_limit.service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limit.region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limit.resource_name |
body |
string |
The resource name. |
registered_limit.default_limit |
body |
integer |
|
registered_limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
{
"type": "object",
"properties": {
"registered_limit": {
"type": "object",
"description": "Updates to make to a registered limit.",
"properties": {
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255,
"description": "The ID of the region."
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false,
"required": [
"registered_limit"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"registered_limit": {
"type": "object",
"description": "A registered limit object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The registered limit ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"service_id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the registered limit belongs."
},
"region_id": {
"description": "The ID of the region.",
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 255
},
"resource_name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"default_limit": {
"description": "The default limit for the registered limit.",
"type": "integer",
"minimum": -1,
"maximum": 2147483647
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
registered_limit |
body |
object |
A registered limit object. |
registered_limit.id |
body |
string |
The registered limit ID. |
registered_limit.links |
body |
object |
The link to the resource in question. |
registered_limit.links.self |
body |
string |
|
registered_limit.service_id |
body |
string |
The UUID of the service to which the registered limit belongs. |
registered_limit.region_id |
body |
[‘string’, ‘null’] |
The ID of the region. |
registered_limit.resource_name |
body |
string |
The resource name. |
registered_limit.default_limit |
body |
integer |
The default limit for the registered limit. |
registered_limit.description |
body |
[‘string’, ‘null’] |
The resource description. |
403¶
Error
404¶
Error
role_assignments¶
List all role assignments.
GET/HEAD /v3/role_assignments
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"role_assignments": {
"type": "array",
"items": {
"type": "object",
"description": "A role assignment object.",
"properties": {
"links": {
"type": "object",
"properties": {
"assignment": {
"type": "string",
"format": "uri"
},
"membership": {
"type": "string",
"format": "uri"
},
"prior_role": {
"type": "string",
"format": "uri"
}
},
"required": [
"assignment"
],
"additionalProperties": false
},
"role": {
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"scope": {
"properties": {
"project": {
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"OS-INHERIT:inherited_to": {
"const": "projects"
},
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
]
},
"system": {
"type": "object",
"properties": {
"all": {
"const": true
}
},
"required": [
"all"
]
}
},
"oneOf": [
{
"required": [
"project"
]
},
{
"required": [
"domain"
]
},
{
"required": [
"system"
]
}
],
"additionalProperties": false
},
"user": {
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"group": {
"type": "object",
"properties": {
"domain": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"required": [
"id"
],
"additionalProperties": false
}
},
"required": [
"role",
"links",
"scope"
],
"oneOf": [
{
"required": [
"user"
]
},
{
"required": [
"group"
]
}
],
"additionalProperties": false
},
"description": "A list of role assignment objects."
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
role_assignments |
body |
array |
A list of role assignment objects. |
role_assignments[].links |
body |
object |
|
role_assignments[].links.assignment |
body |
string |
|
role_assignments[].links.membership |
body |
string |
|
role_assignments[].links.prior_role |
body |
string |
|
role_assignments[].role |
body |
object |
|
role_assignments[].role.domain |
body |
object |
|
role_assignments[].role.domain.id |
body |
string |
|
role_assignments[].role.domain.name |
body |
string |
The resource name. |
role_assignments[].role.id |
body |
string |
|
role_assignments[].role.name |
body |
string |
The resource name. |
role_assignments[].user |
body |
object |
|
role_assignments[].user.domain |
body |
object |
|
role_assignments[].user.domain.id |
body |
string |
|
role_assignments[].user.domain.name |
body |
string |
The resource name. |
role_assignments[].user.id |
body |
string |
|
role_assignments[].user.name |
body |
string |
The resource name. |
role_assignments[].group |
body |
object |
|
role_assignments[].group.domain |
body |
object |
|
role_assignments[].group.domain.id |
body |
string |
|
role_assignments[].group.domain.name |
body |
string |
The resource name. |
role_assignments[].group.id |
body |
string |
|
role_assignments[].group.name |
body |
string |
The resource name. |
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
role_inferences¶
List role inference rules.
GET/HEAD /v3/role_inferences
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"role_inferences": {
"type": "array",
"items": {
"type": "object",
"properties": {
"prior_role": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
},
"implies": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID."
},
"name": {
"type": "string",
"description": "The role name."
},
"description": {
"type": "string",
"description": "The role description."
},
"links": {
"type": "object",
"properties": {
"self": {
"type": "string",
"format": "uri",
"description": "The link to the resource in question."
}
}
}
}
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
role_inferences |
body |
array |
|
role_inferences[].prior_role |
body |
object |
|
role_inferences[].prior_role.id |
body |
string |
The role ID. |
role_inferences[].prior_role.name |
body |
string |
The role name. |
role_inferences[].prior_role.description |
body |
string |
The role description. |
role_inferences[].prior_role.links |
body |
object |
|
role_inferences[].prior_role.links.self |
body |
string |
The link to the resource in question. |
role_inferences[].implies |
body |
array |
|
role_inferences[].implies[].id |
body |
string |
The role ID. |
role_inferences[].implies[].name |
body |
string |
The role name. |
role_inferences[].implies[].description |
body |
string |
The role description. |
role_inferences[].implies[].links |
body |
object |
|
role_inferences[].implies[].links.self |
body |
string |
The link to the resource in question. |
403¶
Error
404¶
Error
s3tokens¶
services¶
List all services.
GET /v3/services
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"services": {
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The service description."
},
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"name": {
"type": "string",
"description": "The service name."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the "
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
services |
body |
array |
|
services[].description |
body |
string |
The service description. |
services[].enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
services[].id |
body |
string |
The UUID of the service to which the endpoint belongs. |
services[].name |
body |
string |
The service name. |
services[].type |
body |
string |
The service type, which describes the API implemented by the |
403¶
Error
404¶
Error
Create new services.
POST /v3/services
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
service |
body |
object |
|
service.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog - false. The service and its endpoints do not appear in the service catalog - true. |
service.type |
body |
string |
The service type, which describes the API implemented by the service. Value is compute, ec2, identity, image, network, or volume. |
service.name |
body |
string |
The service name. |
{
"type": "object",
"description": "A service object.",
"properties": {
"service": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog - false. The service and its endpoints do not appear in the service catalog - true."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service. Value is compute, ec2, identity, image, network, or volume.",
"minLength": 1,
"maxLength": 255
},
"name": {
"type": "string",
"description": "The service name.",
"minLength": 1,
"maxLength": 255
}
},
"additionalProperties": true,
"required": [
"type"
]
}
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"service": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The service description."
},
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"name": {
"type": "string",
"description": "The service name."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the "
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service |
body |
object |
|
service.description |
body |
string |
The service description. |
service.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
service.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
service.name |
body |
string |
The service name. |
service.type |
body |
string |
The service type, which describes the API implemented by the |
403¶
Error
404¶
Error
Show details for a service.
GET /v3/services/{service_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"service": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The service description."
},
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"name": {
"type": "string",
"description": "The service name."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the "
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service |
body |
object |
|
service.description |
body |
string |
The service description. |
service.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
service.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
service.name |
body |
string |
The service name. |
service.type |
body |
string |
The service type, which describes the API implemented by the |
403¶
Error
404¶
Error
Update existing services.
PATCH /v3/services/{service_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
service_id |
path |
string |
service_id parameter for /v3/services/{service_id} API |
service |
body |
object |
|
service.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog - false. The service and its endpoints do not appear in the service catalog - true. |
service.type |
body |
string |
The service type, which describes the API implemented by the service. Value is compute, ec2, identity, image, network, or volume. |
service.name |
body |
string |
The service name. |
{
"type": "object",
"description": "A service object.",
"properties": {
"service": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog - false. The service and its endpoints do not appear in the service catalog - true."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the service. Value is compute, ec2, identity, image, network, or volume.",
"minLength": 1,
"maxLength": 255
},
"name": {
"type": "string",
"description": "The service name.",
"minLength": 1,
"maxLength": 255
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"required": [
"service"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"service": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The service description."
},
"enabled": {
"type": "boolean",
"description": "Defines whether the service and its endpoints appear in the service catalog."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The UUID of the service to which the endpoint belongs.",
"readOnly": true
},
"name": {
"type": "string",
"description": "The service name."
},
"type": {
"type": "string",
"description": "The service type, which describes the API implemented by the "
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
service |
body |
object |
|
service.description |
body |
string |
The service description. |
service.enabled |
body |
boolean |
Defines whether the service and its endpoints appear in the service catalog. |
service.id |
body |
string |
The UUID of the service to which the endpoint belongs. |
service.name |
body |
string |
The service name. |
service.type |
body |
string |
The service type, which describes the API implemented by the |
403¶
Error
404¶
Error
system¶
List all system grants for a specific user.
GET/HEAD /system/users/{user_id}/roles
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"roles": {
"type": "array",
"items": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].links |
body |
object |
The link to the resource in question. |
roles[].links.self |
body |
string |
|
roles[].name |
body |
string |
The resource name. |
roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
roles[].options |
body |
object |
|
roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
List all system grants for a specific group.
GET/HEAD /system/groups/{group_id}/roles
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"roles": {
"type": "array",
"items": {
"type": "object",
"description": "A role object.",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"description": "The role ID.",
"readOnly": true
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
roles |
body |
array |
|
roles[].id |
body |
string |
The role ID. |
roles[].links |
body |
object |
The link to the resource in question. |
roles[].links.self |
body |
string |
|
roles[].name |
body |
string |
The resource name. |
roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
roles[].options |
body |
object |
|
roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
OS-TRUST¶
Dispatch for LIST trusts.
GET /v3/OS-TRUST/trusts
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"trusts": {
"type": "array",
"items": {
"type": "object",
"description": "A trust object.",
"properties": {
"deleted_at": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"readOnly": true,
"description": "The ID of the trust."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
}
},
"additionalProperties": false
}
},
"roles_links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"trustor_user_id": {
"type": "string",
"description": "Represents the user who created the trust, and who's authorization is being delegated."
},
"trustee_user_id": {
"type": "string",
"description": "Represents the user who is capable of consuming the trust."
},
"impersonation": {
"type": "boolean",
"description": "If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token's user attribute will represent that of the trustee."
},
"project_id": {
"type": [
"string",
"null"
],
"format": "uuid",
"description": "Identifies the project upon which the trustor is delegating authorization."
},
"remaining_uses": {
"type": [
"integer",
"null"
],
"minimum": 1,
"description": "Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set."
},
"expires_at": {
"type": [
"null",
"string"
],
"description": "Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust."
},
"allow_redelegation": {
"type": [
"boolean",
"null"
],
"description": "If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default."
},
"redelegation_count": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation."
},
"redelegated_trust_id": {
"type": [
"string",
"null"
],
"description": [
"Returned with redelegated trust provides information about the predecessor in the trust chain."
]
}
},
"additionalProperties": false
},
"description": "A list of trust objects."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"truncated": {
"type": "boolean",
"description": "Flag indicating that the amount of entities exceeds global response limit"
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
trusts |
body |
array |
A list of trust objects. |
trusts[].deleted_at |
body |
[‘string’, ‘null’] |
|
trusts[].id |
body |
string |
The ID of the trust. |
trusts[].links |
body |
object |
Links for the collection of resources. |
trusts[].links.next |
body |
[‘string’, ‘null’] |
|
trusts[].links.previous |
body |
[‘string’, ‘null’] |
|
trusts[].links.self |
body |
string |
|
trusts[].roles |
body |
array |
|
trusts[].roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
trusts[].roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
trusts[].roles[].id |
body |
string |
|
trusts[].roles[].name |
body |
string |
The resource name. |
trusts[].roles[].options |
body |
object |
|
trusts[].roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
trusts[].roles[].links |
body |
object |
Links for the collection of resources. |
trusts[].roles[].links.next |
body |
[‘string’, ‘null’] |
|
trusts[].roles[].links.previous |
body |
[‘string’, ‘null’] |
|
trusts[].roles[].links.self |
body |
string |
|
trusts[].roles_links |
body |
object |
Links for the collection of resources. |
trusts[].roles_links.next |
body |
[‘string’, ‘null’] |
|
trusts[].roles_links.previous |
body |
[‘string’, ‘null’] |
|
trusts[].roles_links.self |
body |
string |
|
trusts[].trustor_user_id |
body |
string |
Represents the user who created the trust, and who’s authorization is being delegated. |
trusts[].trustee_user_id |
body |
string |
Represents the user who is capable of consuming the trust. |
trusts[].impersonation |
body |
boolean |
If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token’s user attribute will represent that of the trustee. |
trusts[].project_id |
body |
[‘string’, ‘null’] |
Identifies the project upon which the trustor is delegating authorization. |
trusts[].remaining_uses |
body |
[‘integer’, ‘null’] |
Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set. |
trusts[].expires_at |
body |
[‘null’, ‘string’] |
Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust. |
trusts[].allow_redelegation |
body |
[‘boolean’, ‘null’] |
If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default. |
trusts[].redelegation_count |
body |
[‘integer’, ‘null’] |
Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation. |
trusts[].redelegated_trust_id |
body |
[‘string’, ‘null’] |
[‘Returned with redelegated trust provides information about the predecessor in the trust chain.’] |
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
|
truncated |
body |
boolean |
Flag indicating that the amount of entities exceeds global response limit |
403¶
Error
404¶
Error
Create a new trust.
The User creating the trust must be the trustor.
POST /v3/OS-TRUST/trusts
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
trust |
body |
object |
|
trust.trustor_user_id |
body |
string |
Represents the user who created the trust, and who’s authorization is being delegated. |
trust.trustee_user_id |
body |
string |
Represents the user who is capable of consuming the trust. |
trust.impersonation |
body |
boolean |
If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token’s user attribute will represent that of the trustee. |
trust.project_id |
body |
[‘string’, ‘null’] |
Identifies the project upon which the trustor is delegating authorization. |
trust.remaining_uses |
body |
[‘integer’, ‘null’] |
Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set. |
trust.expires_at |
body |
[‘null’, ‘string’] |
Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust. |
trust.allow_redelegation |
body |
[‘boolean’, ‘null’] |
If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default. |
trust.redelegation_count |
body |
[‘integer’, ‘null’] |
Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation. |
trust.redelegated_trust_id |
body |
[‘string’, ‘null’] |
[‘Returned with redelegated trust provides information about the predecessor in the trust chain.’] |
trust.roles |
body |
array |
|
trust.roles[].id |
body |
string |
|
trust.roles[].name |
body |
string |
The resource name. |
{
"type": "object",
"description": "A trust object",
"properties": {
"trust": {
"type": "object",
"properties": {
"trustor_user_id": {
"type": "string",
"description": "Represents the user who created the trust, and who's authorization is being delegated."
},
"trustee_user_id": {
"type": "string",
"description": "Represents the user who is capable of consuming the trust."
},
"impersonation": {
"type": "boolean",
"description": "If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token's user attribute will represent that of the trustee."
},
"project_id": {
"type": [
"string",
"null"
],
"format": "uuid",
"description": "Identifies the project upon which the trustor is delegating authorization."
},
"remaining_uses": {
"type": [
"integer",
"null"
],
"minimum": 1,
"description": "Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set."
},
"expires_at": {
"type": [
"null",
"string"
],
"description": "Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust."
},
"allow_redelegation": {
"type": [
"boolean",
"null"
],
"description": "If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default."
},
"redelegation_count": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation."
},
"redelegated_trust_id": {
"type": [
"string",
"null"
],
"description": [
"Returned with redelegated trust provides information about the predecessor in the trust chain."
]
},
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"minProperties": 1,
"maxProperties": 1,
"additionalProperties": false
}
}
},
"additionalProperties": true,
"required": [
"trustor_user_id",
"trustee_user_id",
"impersonation"
]
}
},
"additionalProperties": false,
"required": [
"trust"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A trust object",
"properties": {
"trust": {
"type": "object",
"description": "A trust object.",
"properties": {
"deleted_at": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"readOnly": true,
"description": "The ID of the trust."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
}
},
"additionalProperties": false
}
},
"roles_links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"trustor_user_id": {
"type": "string",
"description": "Represents the user who created the trust, and who's authorization is being delegated."
},
"trustee_user_id": {
"type": "string",
"description": "Represents the user who is capable of consuming the trust."
},
"impersonation": {
"type": "boolean",
"description": "If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token's user attribute will represent that of the trustee."
},
"project_id": {
"type": [
"string",
"null"
],
"format": "uuid",
"description": "Identifies the project upon which the trustor is delegating authorization."
},
"remaining_uses": {
"type": [
"integer",
"null"
],
"minimum": 1,
"description": "Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set."
},
"expires_at": {
"type": [
"null",
"string"
],
"description": "Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust."
},
"allow_redelegation": {
"type": [
"boolean",
"null"
],
"description": "If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default."
},
"redelegation_count": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation."
},
"redelegated_trust_id": {
"type": [
"string",
"null"
],
"description": [
"Returned with redelegated trust provides information about the predecessor in the trust chain."
]
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
trust |
body |
object |
A trust object. |
trust.deleted_at |
body |
[‘string’, ‘null’] |
|
trust.id |
body |
string |
The ID of the trust. |
trust.links |
body |
object |
Links for the collection of resources. |
trust.links.next |
body |
[‘string’, ‘null’] |
|
trust.links.previous |
body |
[‘string’, ‘null’] |
|
trust.links.self |
body |
string |
|
trust.roles |
body |
array |
|
trust.roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
trust.roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
trust.roles[].id |
body |
string |
|
trust.roles[].name |
body |
string |
The resource name. |
trust.roles[].options |
body |
object |
|
trust.roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
trust.roles[].links |
body |
object |
Links for the collection of resources. |
trust.roles[].links.next |
body |
[‘string’, ‘null’] |
|
trust.roles[].links.previous |
body |
[‘string’, ‘null’] |
|
trust.roles[].links.self |
body |
string |
|
trust.roles_links |
body |
object |
Links for the collection of resources. |
trust.roles_links.next |
body |
[‘string’, ‘null’] |
|
trust.roles_links.previous |
body |
[‘string’, ‘null’] |
|
trust.roles_links.self |
body |
string |
|
trust.trustor_user_id |
body |
string |
Represents the user who created the trust, and who’s authorization is being delegated. |
trust.trustee_user_id |
body |
string |
Represents the user who is capable of consuming the trust. |
trust.impersonation |
body |
boolean |
If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token’s user attribute will represent that of the trustee. |
trust.project_id |
body |
[‘string’, ‘null’] |
Identifies the project upon which the trustor is delegating authorization. |
trust.remaining_uses |
body |
[‘integer’, ‘null’] |
Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set. |
trust.expires_at |
body |
[‘null’, ‘string’] |
Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust. |
trust.allow_redelegation |
body |
[‘boolean’, ‘null’] |
If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default. |
trust.redelegation_count |
body |
[‘integer’, ‘null’] |
Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation. |
trust.redelegated_trust_id |
body |
[‘string’, ‘null’] |
[‘Returned with redelegated trust provides information about the predecessor in the trust chain.’] |
403¶
Error
404¶
Error
Get trust.
GET /v3/OS-TRUST/trusts/{trust_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "A trust object",
"properties": {
"trust": {
"type": "object",
"description": "A trust object.",
"properties": {
"deleted_at": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"readOnly": true,
"description": "The ID of the trust."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The ID of the domain."
},
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
},
"options": {
"type": "object",
"properties": {
"immutable": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
}
},
"additionalProperties": false
}
},
"roles_links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"trustor_user_id": {
"type": "string",
"description": "Represents the user who created the trust, and who's authorization is being delegated."
},
"trustee_user_id": {
"type": "string",
"description": "Represents the user who is capable of consuming the trust."
},
"impersonation": {
"type": "boolean",
"description": "If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token's user attribute will represent that of the trustee."
},
"project_id": {
"type": [
"string",
"null"
],
"format": "uuid",
"description": "Identifies the project upon which the trustor is delegating authorization."
},
"remaining_uses": {
"type": [
"integer",
"null"
],
"minimum": 1,
"description": "Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set."
},
"expires_at": {
"type": [
"null",
"string"
],
"description": "Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust."
},
"allow_redelegation": {
"type": [
"boolean",
"null"
],
"description": "If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default."
},
"redelegation_count": {
"type": [
"integer",
"null"
],
"minimum": 0,
"description": "Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation."
},
"redelegated_trust_id": {
"type": [
"string",
"null"
],
"description": [
"Returned with redelegated trust provides information about the predecessor in the trust chain."
]
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
trust |
body |
object |
A trust object. |
trust.deleted_at |
body |
[‘string’, ‘null’] |
|
trust.id |
body |
string |
The ID of the trust. |
trust.links |
body |
object |
Links for the collection of resources. |
trust.links.next |
body |
[‘string’, ‘null’] |
|
trust.links.previous |
body |
[‘string’, ‘null’] |
|
trust.links.self |
body |
string |
|
trust.roles |
body |
array |
|
trust.roles[].description |
body |
[‘string’, ‘null’] |
The resource description. |
trust.roles[].domain_id |
body |
[‘string’, ‘null’] |
The ID of the domain. |
trust.roles[].id |
body |
string |
|
trust.roles[].name |
body |
string |
The resource name. |
trust.roles[].options |
body |
object |
|
trust.roles[].options.immutable |
body |
[‘boolean’, ‘null’] |
|
trust.roles[].links |
body |
object |
Links for the collection of resources. |
trust.roles[].links.next |
body |
[‘string’, ‘null’] |
|
trust.roles[].links.previous |
body |
[‘string’, ‘null’] |
|
trust.roles[].links.self |
body |
string |
|
trust.roles_links |
body |
object |
Links for the collection of resources. |
trust.roles_links.next |
body |
[‘string’, ‘null’] |
|
trust.roles_links.previous |
body |
[‘string’, ‘null’] |
|
trust.roles_links.self |
body |
string |
|
trust.trustor_user_id |
body |
string |
Represents the user who created the trust, and who’s authorization is being delegated. |
trust.trustee_user_id |
body |
string |
Represents the user who is capable of consuming the trust. |
trust.impersonation |
body |
boolean |
If set to true, then the user attribute of tokens generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation if set to false, then the token’s user attribute will represent that of the trustee. |
trust.project_id |
body |
[‘string’, ‘null’] |
Identifies the project upon which the trustor is delegating authorization. |
trust.remaining_uses |
body |
[‘integer’, ‘null’] |
Specifies how many times the trust can be used to obtain a token. This value is decreased each time a token is issued through the trust. Once it reaches 0, no further tokens will be issued through the trust. The default value is null, meaning there is no limit on the number of tokens issued through the trust. If redelegation is enabled it must not be set. |
trust.expires_at |
body |
[‘null’, ‘string’] |
Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated. In the redelegation case it must not exceed the value of the corresponding expires_at field of the redelegated trust or it may be ommitted, then the expires_at value is copied from the redelegated trust. |
trust.allow_redelegation |
body |
[‘boolean’, ‘null’] |
If set to true then a trust between a trustor and any third-party user may be issued by the trustee just like a regular trust. If set to false, stops further redelegation. False by default. |
trust.redelegation_count |
body |
[‘integer’, ‘null’] |
Specifies the maximum remaining depth of the redelegated trust chain. Each subsequent trust has this field decremented by 1 automatically. The initial trustor issuing new trust that can be redelegated, must set allow_redelegation to true and may set redelegation_count to an integer value less than or equal to max_redelegation_count configuration parameter in order to limit the possible length of derivated trust chains. The trust issued by the trustor using a project-scoped token (not redelegating), in which allow_redelegation is set to true (the new trust is redelegatable), will be populated with the value specified in the max_redelegation_count configuration parameter if redelegation_count is not set or set to null. If allow_redelegation is set to false then redelegation_count will be set to 0 in the trust. If the trust is being issued by the trustee of a redelegatable trust-scoped token (redelegation case) then redelegation_count should not be set, as it will automatically be set to the value in the redelegatable trust-scoped token decremented by 1. Note, if the resulting value is 0, this means that the new trust will not be redelegatable, regardless of the value of allow_redelegation. |
trust.redelegated_trust_id |
body |
[‘string’, ‘null’] |
[‘Returned with redelegated trust provides information about the predecessor in the trust chain.’] |
403¶
Error
404¶
Error
users¶
List users.
GET/HEAD /v3/users
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"users": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
users |
body |
array |
|
users[].id |
body |
string |
The user ID. |
users[].default_project_id |
body |
[‘string’, ‘null’] |
|
users[].description |
body |
[‘string’, ‘null’] |
The resource description. |
users[].domain_id |
body |
string |
|
users[].enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
users[].federated |
body |
array |
|
users[].federated[].idp_id |
body |
string |
|
users[].federated[].protocols |
body |
array |
|
users[].federated[].protocols[].protocol_id |
body |
string |
|
users[].federated[].protocols[].unique_id |
body |
string |
|
users[].links |
body |
object |
Links for the collection of resources. |
users[].links.next |
body |
[‘string’, ‘null’] |
|
users[].links.previous |
body |
[‘string’, ‘null’] |
|
users[].links.self |
body |
string |
|
users[].name |
body |
string |
|
users[].password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
users[].options |
body |
object |
|
users[].options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
users[].options.lock_password |
body |
[‘boolean’, ‘null’] |
|
users[].options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
users[].options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
users[].options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Create a user.
POST /v3/users
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
user |
body |
object |
|
user.password |
body |
[‘string’, ‘null’] |
|
user.id |
body |
string |
The user ID. |
user.default_project_id |
body |
[‘string’, ‘null’] |
|
user.description |
body |
[‘string’, ‘null’] |
The resource description. |
user.domain_id |
body |
string |
|
user.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].idp_id |
body |
string |
|
user.federated[].protocols |
body |
array |
|
user.federated[].protocols[].protocol_id |
body |
string |
|
user.federated[].protocols[].unique_id |
body |
string |
|
user.links |
body |
object |
Links for the collection of resources. |
user.links.next |
body |
[‘string’, ‘null’] |
|
user.links.previous |
body |
[‘string’, ‘null’] |
|
user.links.self |
body |
string |
|
user.name |
body |
string |
|
user.password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
user.options |
body |
object |
|
user.options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
user.options.lock_password |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
user.options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
user.options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].protocols |
body |
array |
{
"oneOf": [
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"password": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"required": [
"self"
],
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"user"
]
},
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"password": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"required": [
"self"
],
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"user"
]
}
],
"x-openstack": {
"discriminator": "microversion"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"password": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"required": [
"name"
],
"additionalProperties": true
}
},
"additionalProperties": false,
"required": [
"user"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
user |
body |
object |
|
user.password |
body |
[‘string’, ‘null’] |
|
user.id |
body |
string |
The user ID. |
user.default_project_id |
body |
[‘string’, ‘null’] |
|
user.description |
body |
[‘string’, ‘null’] |
The resource description. |
user.domain_id |
body |
string |
|
user.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].idp_id |
body |
string |
|
user.federated[].protocols |
body |
array |
|
user.federated[].protocols[].protocol_id |
body |
string |
|
user.federated[].protocols[].unique_id |
body |
string |
|
user.links |
body |
object |
Links for the collection of resources. |
user.links.next |
body |
[‘string’, ‘null’] |
|
user.links.previous |
body |
[‘string’, ‘null’] |
|
user.links.self |
body |
string |
|
user.name |
body |
string |
|
user.password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
user.options |
body |
object |
|
user.options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
user.options.lock_password |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
user.options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
user.options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Get a user resource.
GET/HEAD /v3/users/{user_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
user |
body |
object |
|
user.id |
body |
string |
The user ID. |
user.default_project_id |
body |
[‘string’, ‘null’] |
|
user.description |
body |
[‘string’, ‘null’] |
The resource description. |
user.domain_id |
body |
string |
|
user.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].idp_id |
body |
string |
|
user.federated[].protocols |
body |
array |
|
user.federated[].protocols[].protocol_id |
body |
string |
|
user.federated[].protocols[].unique_id |
body |
string |
|
user.links |
body |
object |
Links for the collection of resources. |
user.links.next |
body |
[‘string’, ‘null’] |
|
user.links.previous |
body |
[‘string’, ‘null’] |
|
user.links.self |
body |
string |
|
user.name |
body |
string |
|
user.password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
user.options |
body |
object |
|
user.options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
user.options.lock_password |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
user.options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
user.options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
Update a user.
PATCH /v3/users/{user_id}
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
user_id |
path |
string |
user_id parameter for /v3/users/{user_id} API |
user |
body |
object |
|
user.password |
body |
[‘string’, ‘null’] |
|
user.id |
body |
string |
The user ID. |
user.default_project_id |
body |
[‘string’, ‘null’] |
|
user.description |
body |
[‘string’, ‘null’] |
The resource description. |
user.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].idp_id |
body |
string |
|
user.federated[].protocols |
body |
array |
|
user.federated[].protocols[].protocol_id |
body |
string |
|
user.federated[].protocols[].unique_id |
body |
string |
|
user.links |
body |
object |
Links for the collection of resources. |
user.links.next |
body |
[‘string’, ‘null’] |
|
user.links.previous |
body |
[‘string’, ‘null’] |
|
user.links.self |
body |
string |
|
user.name |
body |
string |
|
user.password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
user.options |
body |
object |
|
user.options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
user.options.lock_password |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
user.options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
user.options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].protocols |
body |
array |
{
"oneOf": [
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"password": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"required": [
"self"
],
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"user"
]
},
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"password": {
"type": [
"string",
"null"
]
},
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"required": [
"self"
],
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
},
"additionalProperties": true,
"minProperties": 1
}
},
"additionalProperties": false,
"required": [
"user"
]
}
],
"x-openstack": {
"discriminator": "microversion"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The user ID.",
"readOnly": true
},
"default_project_id": {
"type": [
"string",
"null"
],
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"description": {
"type": [
"string",
"null"
],
"description": "The resource description."
},
"domain_id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"enabled": {
"type": [
"boolean",
"string",
"null"
],
"enum": [
true,
"True",
"TRUE",
"true",
false,
"False",
"FALSE",
"false",
"",
"1",
"0",
"y",
"Y",
"n",
"N",
"on",
"ON",
"off",
"OFF",
"yes",
"no"
]
},
"federated": {
"type": "array",
"items": {
"type": "object",
"properties": {
"idp_id": {
"type": "string"
},
"protocols": {
"type": "array",
"items": {
"type": "object",
"properties": {
"protocol_id": {
"type": "string"
},
"unique_id": {
"type": "string"
}
},
"required": [
"protocol_id",
"unique_id"
]
},
"minItems": 1
}
},
"required": [
"idp_id",
"protocols"
]
}
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+"
},
"password_expires_at": {
"type": [
"string",
"null"
],
"format": "date-time",
"description": "The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires.",
"readOnly": true
},
"options": {
"type": "object",
"properties": {
"ignore_change_password_upon_first_use": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_password_expiry": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_lockout_failure_attempts": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"lock_password": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"ignore_user_inactivity": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
},
"multi_factor_auth_rules": {
"type": [
"array",
"null"
],
"items": {
"type": "array",
"items": {
"type": "string"
},
"minItems": 1,
"uniqueItems": true
},
"uniqueItems": true
},
"multi_factor_auth_enabled": {
"type": [
"boolean",
"null"
],
"enum": [
true,
false,
null
]
}
},
"additionalProperties": false
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
user |
body |
object |
|
user.id |
body |
string |
The user ID. |
user.default_project_id |
body |
[‘string’, ‘null’] |
|
user.description |
body |
[‘string’, ‘null’] |
The resource description. |
user.domain_id |
body |
string |
|
user.enabled |
body |
[‘boolean’, ‘string’, ‘null’] |
|
user.federated |
body |
array |
|
user.federated[].idp_id |
body |
string |
|
user.federated[].protocols |
body |
array |
|
user.federated[].protocols[].protocol_id |
body |
string |
|
user.federated[].protocols[].unique_id |
body |
string |
|
user.links |
body |
object |
Links for the collection of resources. |
user.links.next |
body |
[‘string’, ‘null’] |
|
user.links.previous |
body |
[‘string’, ‘null’] |
|
user.links.self |
body |
string |
|
user.name |
body |
string |
|
user.password_expires_at |
body |
[‘string’, ‘null’] |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests. A null value indicates that the password never expires. |
user.options |
body |
object |
|
user.options.ignore_change_password_upon_first_use |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_password_expiry |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_lockout_failure_attempts |
body |
[‘boolean’, ‘null’] |
|
user.options.lock_password |
body |
[‘boolean’, ‘null’] |
|
user.options.ignore_user_inactivity |
body |
[‘boolean’, ‘null’] |
|
user.options.multi_factor_auth_rules |
body |
[‘array’, ‘null’] |
|
user.options.multi_factor_auth_enabled |
body |
[‘boolean’, ‘null’] |
403¶
Error
404¶
Error
POST operation on /v3/users/{user_id}/password
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
user_id |
path |
string |
user_id parameter for /v3/users/{user_id}/password API |
user |
body |
object |
|
user.original_password |
body |
string |
|
user.password |
body |
string |
{
"type": "object",
"properties": {
"user": {
"type": "object",
"properties": {
"original_password": {
"type": "string",
"format": "password"
},
"password": {
"type": "string",
"format": "password"
}
},
"required": [
"original_password",
"password"
],
"additionalProperties": false
}
}
}
Responses¶
204¶
Ok
403¶
Error
404¶
Error
Get groups for a user.
GET/HEAD /v3/users/{user_id}/groups
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"groups": {
"type": "array",
"description": "A list of group objects",
"items": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The description of the group."
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain of the group."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the group."
},
"name": {
"type": "string",
"description": "The name of the group."
},
"membership_expires_at": {
"type": "string",
"format": "date-time",
"description": "The date and time when the group membership expires. A null value indicates that the membership never expires.",
"x-openstack": {
"min-ver": "3.14"
}
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
groups |
body |
array |
A list of group objects |
groups[].description |
body |
string |
The description of the group. |
groups[].domain_id |
body |
string |
The ID of the domain of the group. |
groups[].id |
body |
string |
The ID of the group. |
groups[].name |
body |
string |
The name of the group. |
groups[].membership_expires_at |
body |
string |
The date and time when the group membership expires. A null value indicates that the membership never expires. |
403¶
Error
404¶
Error
GET operation on /v3/users/{user_id}/projects
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"projects": {
"type": "array",
"description": "A list of project objects",
"items": {
"type": "object",
"properties": {
"description": {
"type": "string",
"description": "The description of the project."
},
"domain_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the domain of the project."
},
"id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project."
},
"parent_id": {
"type": "string",
"format": "uuid",
"description": "The parent id of the project."
},
"name": {
"type": "string",
"description": "The name of the project."
}
}
}
}
}
}
Name |
Location |
Type |
Description |
|---|---|---|---|
projects |
body |
array |
A list of project objects |
projects[].description |
body |
string |
The description of the project. |
projects[].domain_id |
body |
string |
The ID of the domain of the project. |
projects[].id |
body |
string |
The ID of the project. |
projects[].parent_id |
body |
string |
The parent id of the project. |
projects[].name |
body |
string |
The name of the project. |
403¶
Error
404¶
Error
Create EC2 Credential for user.
POST /v3/users/{user_id}/credentials/OS-EC2
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
user_id |
path |
string |
user_id parameter for /v3/users/{user_id}/credentials/OS-EC2/{credential_id} API |
{
"type": "object",
"description": "Request of the users/user_id/credentials/OS-EC2:post operation",
"x-openstack": {
"action-name": "POST"
}
}
Responses¶
200¶
Ok
{
"type": "object",
"description": "Response of the users/user_id/credentials/OS-EC2:post operation"
}
403¶
Error
404¶
Error
List application credentials for user.
GET/HEAD /v3/users/{user_id}/application_credentials
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"application_credentials": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"readOnly": true,
"description": "The ID of the application credential."
},
"project_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to."
},
"name": {
"type": "string",
"description": "The name of the application credential. Must be unique to a user."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the application credential's purpose."
},
"expires_at": {
"type": [
"null",
"string"
]
},
"roles": {
"type": "array",
"description": "An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"id": {
"type": "string"
}
}
}
},
"unrestricted": {
"type": "boolean",
"description": "An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false."
},
"access_rules": {
"type": "array",
"description": "A list of access_rules objects",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"path": {
"type": "string"
},
"method": {
"type": "string"
},
"service": {
"type": "string"
}
}
}
}
}
}
}
},
"required": [
"application_credentials"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
application_credentials |
body |
array |
|
application_credentials[].id |
body |
string |
The ID of the application credential. |
application_credentials[].project_id |
body |
string |
The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to. |
application_credentials[].name |
body |
string |
The name of the application credential. Must be unique to a user. |
application_credentials[].description |
body |
[‘string’, ‘null’] |
A description of the application credential’s purpose. |
application_credentials[].expires_at |
body |
[‘null’, ‘string’] |
|
application_credentials[].roles |
body |
array |
An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token. |
application_credentials[].roles[].name |
body |
string |
|
application_credentials[].roles[].id |
body |
string |
|
application_credentials[].unrestricted |
body |
boolean |
An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false. |
application_credentials[].access_rules |
body |
array |
A list of access_rules objects |
application_credentials[].access_rules[].id |
body |
string |
|
application_credentials[].access_rules[].path |
body |
string |
|
application_credentials[].access_rules[].method |
body |
string |
|
application_credentials[].access_rules[].service |
body |
string |
403¶
Error
404¶
Error
Create application credential.
POST /v3/users/{user_id}/application_credentials
Request¶
Name |
Location |
Type |
Description |
|---|---|---|---|
user_id |
path |
string |
user_id parameter for /v3/users/{user_id}/application_credentials/{application_credential_id} API |
application_credential |
body |
object |
|
application_credential.id |
body |
string |
The UUID for the credential. |
application_credential.secret |
body |
[‘string’, ‘null’] |
The secret that the application credential will be created with. If not provided, one will be generated. |
application_credential.name |
body |
string |
The name of the application credential. Must be unique to a user. |
application_credential.description |
body |
[‘string’, ‘null’] |
A description of the application credential’s purpose. |
application_credential.expires_at |
body |
[‘string’, ‘null’] |
The expiration time of the application credential, if one was specified. |
application_credential.project_id |
body |
string |
The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to. |
application_credential.access_rules |
body |
array |
A list of access_rules objects. |
application_credential.access_rules[].id |
body |
string |
|
application_credential.access_rules[].path |
body |
string |
The API path that the application credential is permitted to access. |
application_credential.access_rules[].service |
body |
string |
The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service. |
application_credential.access_rules[].method |
body |
string |
The request method that the application credential is permitted to use for a given API endpoint. |
application_credential.unrestricted |
body |
[‘boolean’, ‘null’] |
A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. |
application_credential.system |
body |
[‘string’, ‘null’] |
|
application_credential.roles |
body |
array |
A list of one or more roles that this application credential has associated with its project. A token using this application credential will have these same roles. |
application_credential.roles[].id |
body |
string |
|
application_credential.roles[].name |
body |
string |
The resource name. |
{
"type": "object",
"description": "An application credential object.",
"properties": {
"application_credential": {
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The UUID for the credential."
},
"secret": {
"type": [
"string",
"null"
],
"description": "The secret that the application credential will be created with. If not provided, one will be generated."
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The name of the application credential. Must be unique to a user."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the application credential's purpose."
},
"expires_at": {
"type": [
"string",
"null"
],
"description": "The expiration time of the application credential, if one was specified."
},
"project_id": {
"type": "string",
"description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to."
},
"access_rules": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"path": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^/\\.*",
"description": "The API path that the application credential is permitted to access."
},
"service": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service."
},
"method": {
"type": "string",
"enum": [
"DELETE",
"GET",
"HEAD",
"PATCH",
"POST",
"PUT"
],
"description": "The request method that the application credential is permitted to use for a given API endpoint."
}
}
},
"description": "A list of access_rules objects."
},
"unrestricted": {
"type": [
"boolean",
"null"
],
"description": "A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts."
},
"system": {
"type": [
"string",
"null"
]
},
"roles": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$"
},
"name": {
"type": "string",
"minLength": 1,
"maxLength": 255,
"pattern": "[\\S]+",
"description": "The resource name."
}
},
"minProperties": 1,
"maxProperties": 1,
"additionalProperties": false
},
"description": "A list of one or more roles that this application credential has associated with its project. A token using this application credential will have these same roles."
}
},
"additionalProperties": false,
"required": [
"name"
]
}
},
"additionalProperties": false,
"required": [
"application_credential"
]
}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"application_credential": {
"type": "object",
"properties": {
"secret": {
"type": "string",
"description": "The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created."
},
"id": {
"type": "string",
"format": "uuid",
"readOnly": true,
"description": "The ID of the application credential."
},
"project_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to."
},
"name": {
"type": "string",
"description": "The name of the application credential. Must be unique to a user."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the application credential's purpose."
},
"expires_at": {
"type": [
"null",
"string"
]
},
"roles": {
"type": "array",
"description": "An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"id": {
"type": "string"
}
}
}
},
"unrestricted": {
"type": "boolean",
"description": "An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false."
},
"access_rules": {
"type": "array",
"description": "A list of access_rules objects",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"path": {
"type": "string"
},
"method": {
"type": "string"
},
"service": {
"type": "string"
}
}
}
}
}
}
},
"additionalProperties": false,
"required": [
"application_credential"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
application_credential |
body |
object |
|
application_credential.secret |
body |
string |
The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created. |
application_credential.id |
body |
string |
The ID of the application credential. |
application_credential.project_id |
body |
string |
The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to. |
application_credential.name |
body |
string |
The name of the application credential. Must be unique to a user. |
application_credential.description |
body |
[‘string’, ‘null’] |
A description of the application credential’s purpose. |
application_credential.expires_at |
body |
[‘null’, ‘string’] |
|
application_credential.roles |
body |
array |
An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token. |
application_credential.roles[].name |
body |
string |
|
application_credential.roles[].id |
body |
string |
|
application_credential.unrestricted |
body |
boolean |
An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false. |
application_credential.access_rules |
body |
array |
A list of access_rules objects |
application_credential.access_rules[].id |
body |
string |
|
application_credential.access_rules[].path |
body |
string |
|
application_credential.access_rules[].method |
body |
string |
|
application_credential.access_rules[].service |
body |
string |
403¶
Error
404¶
Error
Get application credential resource.
GET/HEAD /v3/users/{user_id}/application_credentials/ {application_credential_id}
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"application_credential": {
"type": "object",
"properties": {
"id": {
"type": "string",
"format": "uuid",
"readOnly": true,
"description": "The ID of the application credential."
},
"project_id": {
"type": "string",
"format": "uuid",
"description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to."
},
"name": {
"type": "string",
"description": "The name of the application credential. Must be unique to a user."
},
"description": {
"type": [
"string",
"null"
],
"description": "A description of the application credential's purpose."
},
"expires_at": {
"type": [
"null",
"string"
]
},
"roles": {
"type": "array",
"description": "An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token.",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"id": {
"type": "string"
}
}
}
},
"unrestricted": {
"type": "boolean",
"description": "An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false."
},
"access_rules": {
"type": "array",
"description": "A list of access_rules objects",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"path": {
"type": "string"
},
"method": {
"type": "string"
},
"service": {
"type": "string"
}
}
}
}
}
}
},
"additionalProperties": false,
"required": [
"application_credential"
]
}
Name |
Location |
Type |
Description |
|---|---|---|---|
application_credential |
body |
object |
|
application_credential.id |
body |
string |
The ID of the application credential. |
application_credential.project_id |
body |
string |
The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to. |
application_credential.name |
body |
string |
The name of the application credential. Must be unique to a user. |
application_credential.description |
body |
[‘string’, ‘null’] |
A description of the application credential’s purpose. |
application_credential.expires_at |
body |
[‘null’, ‘string’] |
|
application_credential.roles |
body |
array |
An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token. |
application_credential.roles[].name |
body |
string |
|
application_credential.roles[].id |
body |
string |
|
application_credential.unrestricted |
body |
boolean |
An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false. |
application_credential.access_rules |
body |
array |
A list of access_rules objects |
application_credential.access_rules[].id |
body |
string |
|
application_credential.access_rules[].path |
body |
string |
|
application_credential.access_rules[].method |
body |
string |
|
application_credential.access_rules[].service |
body |
string |
403¶
Error
404¶
Error
List access rules for user.
GET/HEAD /v3/users/{user_id}/access_rules
Responses¶
200¶
Ok
{
"type": "object",
"properties": {
"access_rules": {
"type": "array",
"items": {
"type": "object",
"description": "An access rule object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID of the access rule"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"path": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^/\\.*",
"description": "The API path that the application credential is permitted to access."
},
"service": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service."
},
"method": {
"type": "string",
"enum": [
"DELETE",
"GET",
"HEAD",
"PATCH",
"POST",
"PUT"
],
"description": "The request method that the application credential is permitted to use for a given API endpoint."
}
},
"additionalProperties": false
},
"description": "A list of access_rule objects."
},
"links": {
"type": "object",
"description": "Links for the collection of resources.",
"properties": {
"next": {
"type": [
"string",
"null"
],
"format": "uri"
},
"previous": {
"type": [
"string",
"null"
],
"format": "uri"
},
"self": {
"type": "string",
"format": "uri"
}
},
"required": [
"self"
],
"additionalProperties": false,
"readOnly": true
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
access_rules |
body |
array |
A list of access_rule objects. |
access_rules[].id |
body |
string |
The UUID of the access rule |
access_rules[].links |
body |
object |
The link to the resource in question. |
access_rules[].links.self |
body |
string |
|
access_rules[].path |
body |
string |
The API path that the application credential is permitted to access. |
access_rules[].service |
body |
string |
The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service. |
access_rules[].method |
body |
string |
The request method that the application credential is permitted to use for a given API endpoint. |
links |
body |
object |
Links for the collection of resources. |
links.next |
body |
[‘string’, ‘null’] |
|
links.previous |
body |
[‘string’, ‘null’] |
|
links.self |
body |
string |
403¶
Error
404¶
Error
Get access rule resource.
GET/HEAD /v3/users/{user_id}/access_rules/{access_rule_id}
Responses¶
200¶
Ok
{
"type": "object",
"description": "An access rule object.",
"properties": {
"access_rule": {
"type": "object",
"description": "An access rule object.",
"properties": {
"id": {
"type": "string",
"readOnly": true,
"description": "The UUID of the access rule"
},
"links": {
"type": "object",
"description": "The link to the resource in question.",
"properties": {
"self": {
"type": "string",
"format": "uri"
}
},
"additionalProperties": false,
"readOnly": true
},
"path": {
"type": "string",
"minLength": 0,
"maxLength": 225,
"pattern": "^/\\.*",
"description": "The API path that the application credential is permitted to access."
},
"service": {
"type": "string",
"minLength": 1,
"maxLength": 64,
"pattern": "^[a-zA-Z0-9-]+$",
"description": "The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service."
},
"method": {
"type": "string",
"enum": [
"DELETE",
"GET",
"HEAD",
"PATCH",
"POST",
"PUT"
],
"description": "The request method that the application credential is permitted to use for a given API endpoint."
}
},
"additionalProperties": false
}
},
"additionalProperties": false
}
Name |
Location |
Type |
Description |
|---|---|---|---|
access_rule |
body |
object |
An access rule object. |
access_rule.id |
body |
string |
The UUID of the access rule |
access_rule.links |
body |
object |
The link to the resource in question. |
access_rule.links.self |
body |
string |
|
access_rule.path |
body |
string |
The API path that the application credential is permitted to access. |
access_rule.service |
body |
string |
The service type identifier for the service that the application credential is permitted to access. Must be a service type that is listed in the service catalog and not a code name for a service. |
access_rule.method |
body |
string |
The request method that the application credential is permitted to use for a given API endpoint. |
403¶
Error
404¶
Error
