openapi: 3.1.0
info:
description: |-
Identity API provided by Keystone service
title: OpenStack Identity API
version: '3.14'
paths:
/:
get:
description: |-
GET operation on /
operationId: versions:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RootGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- version
head:
description: |-
HEAD operation on /
operationId: versions:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- version
/v3:
get:
description: |-
GET operation on /v3
operationId: version:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RootGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- v3
head:
description: |-
HEAD operation on /v3
operationId: version:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- v3
/v3/OS-EP-FILTER/endpoint_groups:
get:
description: |-
List all endpoint groups.
GET /v3/OS-EP-FILTER/endpoint_groups
operationId: OS-EP-FILTER/endpoint_groups:get
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_name'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
List all endpoint groups.
GET /v3/OS-EP-FILTER/endpoint_groups
operationId: OS-EP-FILTER/endpoint_groups:head
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_name'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
post:
description: |-
Create new endpoint groups.
POST /v3/OS-EP-FILTER/endpoint_groups
operationId: OS-EP-FILTER/endpoint_groups:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}:
delete:
description: |-
DELETE operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
get:
description: |-
Get Endpoint Group
GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
Get Endpoint Group
GET /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_endpoint_group_id'
patch:
description: |-
Update existing endpoint groups
PATCH /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints:
get:
description: |-
GET operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id/endpoints:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsEndpointsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id/endpoints:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_endpoints_endpoint_group_id'
/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects:
get:
description: |-
GET operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects
operationId: OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_projects_endpoint_group_id'
/v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}:
delete:
description: |-
DELETE operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
operationId:
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
get:
description: |-
GET operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
operationId:
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsProjectGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
operationId:
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_projects_endpoint_group_id'
- $ref: '#/components/parameters/OS_EP_FILTER_endpoint_groups_projects_project_id'
put:
description: |-
PUT operation on /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id}
operationId:
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsProjectPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpoint_GroupsProjectPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
/v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects:
get:
description: |-
Return a list of projects associated with the endpoint.
operationId: OS-EP-FILTER/endpoints/endpoint_id/projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterEndpointsProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
Return a list of projects associated with the endpoint.
operationId: OS-EP-FILTER/endpoints/endpoint_id/projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_endpoints_projects_endpoint_id'
/v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups:
get:
description: |-
GET operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups
operationId: OS-EP-FILTER/projects/project_id/endpoint_groups:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterProjectsEndpoint_GroupsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups
operationId: OS-EP-FILTER/projects/project_id/endpoint_groups:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_projects_endpoint_groups_project_id'
/v3/OS-EP-FILTER/projects/{project_id}/endpoints:
get:
description: |-
GET operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints
operationId: OS-EP-FILTER/projects/project_id/endpoints:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterProjectsEndpointsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints
operationId: OS-EP-FILTER/projects/project_id/endpoints:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_projects_endpoints_project_id'
/v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}:
delete:
description: |-
DELETE operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
operationId: OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
get:
description: |-
GET operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
operationId: OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterProjectsEndpointGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
head:
description: |-
HEAD operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
operationId: OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
parameters:
- $ref: '#/components/parameters/OS_EP_FILTER_projects_endpoints_endpoint_id'
- $ref: '#/components/parameters/OS_EP_FILTER_projects_endpoints_project_id'
put:
description: |-
PUT operation on /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id}
operationId: OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterProjectsEndpointPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Ep_FilterProjectsEndpointPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-EP-FILTER
/v3/OS-FEDERATION/domains:
get:
deprecated: true
description: |-
Get possible domain scopes for token.
GET/HEAD /v3/auth/domains
GET/HEAD /v3/OS-FEDERATION/domains
operationId: OS-FEDERATION/domains:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationDomainsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
deprecated: true
description: |-
Get possible domain scopes for token.
GET/HEAD /v3/auth/domains
GET/HEAD /v3/OS-FEDERATION/domains
operationId: OS-FEDERATION/domains:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/identity_providers:
get:
description: |-
List all identity providers.
GET/HEAD /OS-FEDERATION/identity_providers
operationId: OS-FEDERATION/identity_providers:get
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_enabled'
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
List all identity providers.
GET/HEAD /OS-FEDERATION/identity_providers
operationId: OS-FEDERATION/identity_providers:head
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_enabled'
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/identity_providers/{idp_id}:
delete:
description: |-
DELETE operation on /v3/OS-FEDERATION/identity_providers/{idp_id}
operationId: OS-FEDERATION/identity_providers/idp_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
get:
description: |-
Get an IDP resource.
GET/HEAD /OS-FEDERATION/identity_providers/{idp_id}
operationId: OS-FEDERATION/identity_providers/idp_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProviderGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
Get an IDP resource.
GET/HEAD /OS-FEDERATION/identity_providers/{idp_id}
operationId: OS-FEDERATION/identity_providers/idp_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_idp_id'
patch:
description: |-
PATCH operation on /v3/OS-FEDERATION/identity_providers/{idp_id}
operationId: OS-FEDERATION/identity_providers/idp_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProviderPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProviderPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
put:
description: |-
Create an idp resource for federated authentication.
PUT /OS-FEDERATION/identity_providers/{idp_id}
operationId: OS-FEDERATION/identity_providers/idp_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProviderPut'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProviderPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols:
get:
description: |-
List protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/{idp_id}/protocols
operationId: OS-FEDERATION/identity_providers/idp_id/protocols:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
List protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/{idp_id}/protocols
operationId: OS-FEDERATION/identity_providers/idp_id/protocols:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_protocols_idp_id'
/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}:
delete:
description: |-
Delete a protocol from an IDP.
DELETE /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
get:
description: |-
Get protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
Get protocols for an IDP.
HEAD/GET /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_protocols_idp_id'
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_protocols_protocol_id'
patch:
description: |-
Update protocol for an IDP.
PATCH /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolPatchRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
put:
description: |-
Create protocol for an IDP.
PUT /OS-Federation/identity_providers/{idp_id}/protocols/{protocol_id}
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth:
get:
description: |-
Authenticate from dedicated uri endpoint.
GET/HEAD /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}/auth
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/auth:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolsAuthGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
Authenticate from dedicated uri endpoint.
GET/HEAD /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}/auth
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/auth:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_protocols_auth_idp_id'
- $ref: '#/components/parameters/OS_FEDERATION_identity_providers_protocols_auth_protocol_id'
post:
description: |-
Authenticate from dedicated uri endpoint.
POST /OS-FEDERATION/identity_providers/
{idp_id}/protocols/{protocol_id}/auth
operationId:
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/auth:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolsAuthPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationIdentity_ProvidersProtocolsAuthPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/mappings:
get:
description: |-
GET operation on /v3/OS-FEDERATION/mappings
operationId: OS-FEDERATION/mappings:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
HEAD operation on /v3/OS-FEDERATION/mappings
operationId: OS-FEDERATION/mappings:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/mappings/{mapping_id}:
delete:
description: |-
Delete a mapping.
DELETE /OS-FEDERATION/mappings/{mapping_id}
operationId: OS-FEDERATION/mappings/mapping_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
get:
description: |-
GET operation on /v3/OS-FEDERATION/mappings/{mapping_id}
operationId: OS-FEDERATION/mappings/mapping_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
HEAD operation on /v3/OS-FEDERATION/mappings/{mapping_id}
operationId: OS-FEDERATION/mappings/mapping_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_mappings_mapping_id'
patch:
description: |-
Update an attribute mapping for identity federation.
PATCH /OS-FEDERATION/mappings/{mapping_id}
operationId: OS-FEDERATION/mappings/mapping_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingPatchRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
put:
description: |-
Create a mapping.
PUT /OS-FEDERATION/mappings/{mapping_id}
operationId: OS-FEDERATION/mappings/mapping_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationMappingPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/projects:
get:
deprecated: true
description: |-
Get possible project scopes for token.
GET/HEAD /v3/auth/projects
GET/HEAD /v3/OS-FEDERATION/projects
operationId: OS-FEDERATION/projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
deprecated: true
description: |-
Get possible project scopes for token.
GET/HEAD /v3/auth/projects
GET/HEAD /v3/OS-FEDERATION/projects
operationId: OS-FEDERATION/projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/saml2/metadata:
get:
description: |-
Get SAML2 metadata.
GET/HEAD /OS-FEDERATION/saml2/metadata
operationId: OS-FEDERATION/saml2/metadata:get
responses:
'200':
content:
text/xml:
schema:
$ref: '#/components/schemas/Os_FederationSaml2MetadataGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
Get SAML2 metadata.
GET/HEAD /OS-FEDERATION/saml2/metadata
operationId: OS-FEDERATION/saml2/metadata:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/service_providers:
get:
description: |-
List service providers.
GET/HEAD /OS-FEDERATION/service_providers
operationId: OS-FEDERATION/service_providers:get
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_service_providers_enabled'
- $ref: '#/components/parameters/OS_FEDERATION_service_providers_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProvidersGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
List service providers.
GET/HEAD /OS-FEDERATION/service_providers
operationId: OS-FEDERATION/service_providers:head
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_service_providers_enabled'
- $ref: '#/components/parameters/OS_FEDERATION_service_providers_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-FEDERATION/service_providers/{service_provider_id}:
delete:
description: |-
Delete a service provider.
DELETE /OS-FEDERATION/service_providers/{service_provider_id}
operationId: OS-FEDERATION/service_providers/service_provider_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
get:
description: |-
Get a service provider.
GET/HEAD /OS-FEDERATION/service_providers/{service_provider_id}
operationId: OS-FEDERATION/service_providers/service_provider_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProviderGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
head:
description: |-
Get a service provider.
GET/HEAD /OS-FEDERATION/service_providers/{service_provider_id}
operationId: OS-FEDERATION/service_providers/service_provider_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
parameters:
- $ref: '#/components/parameters/OS_FEDERATION_service_providers_service_provider_id'
patch:
description: |-
Update a service provider.
PATCH /OS-FEDERATION/service_providers/{service_provider_id}
operationId: OS-FEDERATION/service_providers/service_provider_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProviderPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProviderPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
put:
description: |-
Create a service provider.
PUT /OS-FEDERATION/service_providers/{service_provider_id}
operationId: OS-FEDERATION/service_providers/service_provider_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProviderPut'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_FederationService_ProviderPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-FEDERATION
/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects:
get:
description: |-
The list only contains those role assignments to the domain that were specified
as being inherited to projects within that domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_roles_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsGroupsRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List group’s inherited project roles on domain
tags:
- OS-INHERIT
head:
description: |-
List roles (inherited) for a group on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id}
/roles/inherited_to_projects
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_domains_groups_roles_inherited_to_projects_domain_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_groups_roles_inherited_to_projects_group_id'
/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects:
delete:
description: |-
Revokes an inherited project role from a group in a domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Revoke an inherited project role from group on domain
tags:
- OS-INHERIT
get:
description: |-
Check for an inherited grant for a group on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsGroupsRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
head:
description: |-
Checks whether a group has an inherited project role in a domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check if group has an inherited project role on domain
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_domains_groups_roles_inherited_to_projects_domain_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_groups_roles_inherited_to_projects_group_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_groups_roles_inherited_to_projects_role_id'
put:
description: |-
The inherited role is only applied to the owned projects (both existing and
future projects), and will not appear as a role in a domain scoped token.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_group_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsGroupsRolesInherited_To_ProjectsPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsGroupsRolesInherited_To_ProjectsPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to group on projects owned by a domain
tags:
- OS-INHERIT
/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects:
get:
description: |-
The list only contains those role assignments to the domain that were specified
as being inherited to projects within that domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_roles_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsUsersRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List user’s inherited project roles on a domain
tags:
- OS-INHERIT
head:
description: |-
List roles (inherited) for a user on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}
/roles/inherited_to_projects
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_domains_users_roles_inherited_to_projects_domain_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_users_roles_inherited_to_projects_user_id'
/v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects:
delete:
description: |-
Revokes an inherited project role from a user in a domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Revoke an inherited project role from user on domain
tags:
- OS-INHERIT
get:
description: |-
Check for an inherited grant for a user on a domain.
GET/HEAD /OS-INHERIT/domains/{domain_id}/users/{user_id}/roles
/{role_id}/inherited_to_projects
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsUsersRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
head:
description: |-
Checks whether a user has an inherited project role in a domain.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check if user has an inherited project role on domain
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_domains_users_roles_inherited_to_projects_domain_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_users_roles_inherited_to_projects_role_id'
- $ref: '#/components/parameters/OS_INHERIT_domains_users_roles_inherited_to_projects_user_id'
put:
description: |-
Assigns a role to a user in projects owned by a domain.
The inherited role is only applied to the owned projects (both existing and
future projects), and will not appear as a role in a domain scoped token.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/domain_user_role_inherited_to_projects`
operationId:
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsUsersRolesInherited_To_ProjectsPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritDomainsUsersRolesInherited_To_ProjectsPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to user on projects owned by domain
tags:
- OS-INHERIT
/v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects:
delete:
description: |-
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Revoke an inherited project role from group on project
tags:
- OS-INHERIT
get:
description: |-
Check for an inherited grant for a group on a project.
GET/HEAD /OS-INHERIT/projects/{project_id}/groups/{group_id}
/roles/{role_id}/inherited_to_projects
operationId:
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsGroupsRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
head:
description: |-
Checks whether a group has a role assignment with the `inherited_to_projects` flag in a project.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check if group has an inherited project role on project
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_projects_groups_roles_inherited_to_projects_group_id'
- $ref: '#/components/parameters/OS_INHERIT_projects_groups_roles_inherited_to_projects_project_id'
- $ref: '#/components/parameters/OS_INHERIT_projects_groups_roles_inherited_to_projects_role_id'
put:
description: |-
The inherited role assignment is anchored to a project and applied to its
subtree in the projects hierarchy (both existing and future projects).
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_group_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsGroupsRolesInherited_To_ProjectsPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsGroupsRolesInherited_To_ProjectsPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to group on projects in a subtree
tags:
- OS-INHERIT
/v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects:
delete:
description: |-
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Revoke an inherited project role from user on project
tags:
- OS-INHERIT
get:
description: |-
Check for an inherited grant for a user on a project.
GET/HEAD /OS-INHERIT/projects/{project_id}/users/{user_id}
/roles/{role_id}/inherited_to_projects
operationId:
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsUsersRolesInherited_To_ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-INHERIT
head:
description: |-
Checks whether a user has a role assignment with the `inherited_to_projects` flag in a project.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check if user has an inherited project role on project
tags:
- OS-INHERIT
parameters:
- $ref: '#/components/parameters/OS_INHERIT_projects_users_roles_inherited_to_projects_project_id'
- $ref: '#/components/parameters/OS_INHERIT_projects_users_roles_inherited_to_projects_role_id'
- $ref: '#/components/parameters/OS_INHERIT_projects_users_roles_inherited_to_projects_user_id'
put:
description: |-
The inherited role assignment is anchored to a project and applied to its
subtree in the projects hierarchy (both existing and future projects).
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/ext/OS-INHERIT/1.0/rel/project_user_role_inherited_to_projects`
operationId:
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsUsersRolesInherited_To_ProjectsPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_InheritProjectsUsersRolesInherited_To_ProjectsPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to user on projects in a subtree
tags:
- OS-INHERIT
/v3/OS-OAUTH1/access_token:
get:
description: |-
GET operation on /v3/OS-OAUTH1/access_token
operationId: OS-OAUTH1/access_token:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Access_TokenGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
head:
description: |-
HEAD operation on /v3/OS-OAUTH1/access_token
operationId: OS-OAUTH1/access_token:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
post:
description: |-
POST operation on /v3/OS-OAUTH1/access_token
operationId: OS-OAUTH1/access_token:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Access_TokenPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Access_TokenPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
/v3/OS-OAUTH1/authorize/{request_token_id}:
parameters:
- $ref: '#/components/parameters/OS_OAUTH1_authorize_request_token_id'
put:
description: |-
PUT operation on /v3/OS-OAUTH1/authorize/{request_token_id}
operationId: OS-OAUTH1/authorize/request_token_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1AuthorizePutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1AuthorizePutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
/v3/OS-OAUTH1/consumers:
get:
description: |-
GET operation on /v3/OS-OAUTH1/consumers
operationId: OS-OAUTH1/consumers:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumersGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
head:
description: |-
HEAD operation on /v3/OS-OAUTH1/consumers
operationId: OS-OAUTH1/consumers:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
post:
description: |-
POST operation on /v3/OS-OAUTH1/consumers
operationId: OS-OAUTH1/consumers:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumersPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumersPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
/v3/OS-OAUTH1/consumers/{consumer_id}:
delete:
description: |-
DELETE operation on /v3/OS-OAUTH1/consumers/{consumer_id}
operationId: OS-OAUTH1/consumers/consumer_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
get:
description: |-
GET operation on /v3/OS-OAUTH1/consumers/{consumer_id}
operationId: OS-OAUTH1/consumers/consumer_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumerGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
head:
description: |-
HEAD operation on /v3/OS-OAUTH1/consumers/{consumer_id}
operationId: OS-OAUTH1/consumers/consumer_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
parameters:
- $ref: '#/components/parameters/OS_OAUTH1_consumers_consumer_id'
patch:
description: |-
PATCH operation on /v3/OS-OAUTH1/consumers/{consumer_id}
operationId: OS-OAUTH1/consumers/consumer_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumerPatchRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1ConsumerPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
/v3/OS-OAUTH1/request_token:
get:
description: |-
GET operation on /v3/OS-OAUTH1/request_token
operationId: OS-OAUTH1/request_token:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Request_TokenGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
head:
description: |-
HEAD operation on /v3/OS-OAUTH1/request_token
operationId: OS-OAUTH1/request_token:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
post:
description: |-
POST operation on /v3/OS-OAUTH1/request_token
operationId: OS-OAUTH1/request_token:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Request_TokenPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth1Request_TokenPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH1
/v3/OS-OAUTH2/token:
delete:
description: |-
The method is not allowed.
operationId: OS-OAUTH2/token:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
get:
description: |-
The method is not allowed.
operationId: OS-OAUTH2/token:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
head:
description: |-
The method is not allowed.
operationId: OS-OAUTH2/token:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
patch:
description: |-
The method is not allowed.
operationId: OS-OAUTH2/token:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPatchRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
post:
description: |-
Get an OAuth2.0 Access Token.
POST /v3/OS-OAUTH2/token
operationId: OS-OAUTH2/token:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
put:
description: |-
The method is not allowed.
operationId: OS-OAUTH2/token:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Oauth2TokenPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-OAUTH2
/v3/OS-REVOKE/events:
get:
description: |-
GET operation on /v3/OS-REVOKE/events
operationId: OS-REVOKE/events:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_RevokeEventsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-REVOKE
head:
description: |-
HEAD operation on /v3/OS-REVOKE/events
operationId: OS-REVOKE/events:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-REVOKE
/v3/OS-SIMPLE-CERT/ca:
get:
description: |-
GET operation on /v3/OS-SIMPLE-CERT/ca
operationId: OS-SIMPLE-CERT/ca:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Simple_CertCaGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-SIMPLE-CERT
head:
description: |-
HEAD operation on /v3/OS-SIMPLE-CERT/ca
operationId: OS-SIMPLE-CERT/ca:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-SIMPLE-CERT
/v3/OS-SIMPLE-CERT/certificates:
get:
description: |-
GET operation on /v3/OS-SIMPLE-CERT/certificates
operationId: OS-SIMPLE-CERT/certificates:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_Simple_CertCertificatesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-SIMPLE-CERT
head:
description: |-
HEAD operation on /v3/OS-SIMPLE-CERT/certificates
operationId: OS-SIMPLE-CERT/certificates:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-SIMPLE-CERT
/v3/OS-TRUST/trusts:
get:
description: |-
Dispatch for LIST trusts.
GET /v3/OS-TRUST/trusts
operationId: OS-TRUST/trusts:get
parameters:
- $ref: '#/components/parameters/OS_TRUST_trusts_trustee_user_id'
- $ref: '#/components/parameters/OS_TRUST_trusts_trustor_user_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
head:
description: |-
Dispatch for LIST trusts.
GET /v3/OS-TRUST/trusts
operationId: OS-TRUST/trusts:head
parameters:
- $ref: '#/components/parameters/OS_TRUST_trusts_trustee_user_id'
- $ref: '#/components/parameters/OS_TRUST_trusts_trustor_user_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
post:
description: |-
Create a new trust.
The User creating the trust must be the trustor.
POST /v3/OS-TRUST/trusts
operationId: OS-TRUST/trusts:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
/v3/OS-TRUST/trusts/{trust_id}:
delete:
description: |-
Delete trust.
DELETE /v3/OS-TRUST/trusts/{trust_id}
operationId: OS-TRUST/trusts/trust_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
get:
description: |-
Get trust.
GET /v3/OS-TRUST/trusts/{trust_id}
operationId: OS-TRUST/trusts/trust_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
head:
description: |-
Get trust.
GET /v3/OS-TRUST/trusts/{trust_id}
operationId: OS-TRUST/trusts/trust_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
parameters:
- $ref: '#/components/parameters/OS_TRUST_trusts_trust_id'
/v3/OS-TRUST/trusts/{trust_id}/roles:
get:
description: |-
GET operation on /v3/OS-TRUST/trusts/{trust_id}/roles
operationId: OS-TRUST/trusts/trust_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustsRolesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
head:
description: |-
HEAD operation on /v3/OS-TRUST/trusts/{trust_id}/roles
operationId: OS-TRUST/trusts/trust_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
parameters:
- $ref: '#/components/parameters/OS_TRUST_trusts_roles_trust_id'
/v3/OS-TRUST/trusts/{trust_id}/roles/{role_id}:
get:
description: |-
Get a role that has been assigned to a trust.
operationId: OS-TRUST/trusts/trust_id/roles/role_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Os_TrustTrustsRoleGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
head:
description: |-
Get a role that has been assigned to a trust.
operationId: OS-TRUST/trusts/trust_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- OS-TRUST
parameters:
- $ref: '#/components/parameters/OS_TRUST_trusts_roles_role_id'
- $ref: '#/components/parameters/OS_TRUST_trusts_roles_trust_id'
/v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso:
get:
description: |-
GET operation on /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso
operationId:
auth/OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/websso:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationIdentity_ProvidersProtocolsWebssoGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
head:
description: |-
HEAD operation on /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso
operationId:
auth/OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/websso:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
parameters:
- $ref: '#/components/parameters/auth_OS_FEDERATION_identity_providers_protocols_websso_idp_id'
- $ref: '#/components/parameters/auth_OS_FEDERATION_identity_providers_protocols_websso_protocol_id'
post:
description: |-
POST operation on /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso
operationId:
auth/OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/websso:post
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationIdentity_ProvidersProtocolsWebssoPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/OS-FEDERATION/saml2:
get:
description: |-
GET operation on /v3/auth/OS-FEDERATION/saml2
operationId: auth/OS-FEDERATION/saml2:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2GetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
head:
description: |-
HEAD operation on /v3/auth/OS-FEDERATION/saml2
operationId: auth/OS-FEDERATION/saml2:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
post:
description: |-
Exchange a scoped token for a SAML assertion.
POST /v3/auth/OS-FEDERATION/saml2
operationId: auth/OS-FEDERATION/saml2:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2PostRequest'
responses:
'200':
content:
text/xml:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2PostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/OS-FEDERATION/saml2/ecp:
get:
description: |-
GET operation on /v3/auth/OS-FEDERATION/saml2/ecp
operationId: auth/OS-FEDERATION/saml2/ecp:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2EcpGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
head:
description: |-
HEAD operation on /v3/auth/OS-FEDERATION/saml2/ecp
operationId: auth/OS-FEDERATION/saml2/ecp:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
post:
description: |-
Exchange a scoped token for an ECP assertion.
POST /v3/auth/OS-FEDERATION/saml2/ecp
operationId: auth/OS-FEDERATION/saml2/ecp:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2EcpPostRequest'
responses:
'200':
content:
text/xml:
schema:
$ref: '#/components/schemas/AuthOs_FederationSaml2EcpPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/OS-FEDERATION/websso/{protocol_id}:
get:
description: |-
GET operation on /v3/auth/OS-FEDERATION/websso/{protocol_id}
operationId: auth/OS-FEDERATION/websso/protocol_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationWebssoGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
head:
description: |-
HEAD operation on /v3/auth/OS-FEDERATION/websso/{protocol_id}
operationId: auth/OS-FEDERATION/websso/protocol_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
parameters:
- $ref: '#/components/parameters/auth_OS_FEDERATION_websso_protocol_id'
post:
description: |-
POST operation on /v3/auth/OS-FEDERATION/websso/{protocol_id}
operationId: auth/OS-FEDERATION/websso/protocol_id:post
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthOs_FederationWebssoPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/catalog:
get:
description: |-
New in version 3.3
This call returns a service catalog for the X-Auth-Token provided in the
request, even if the token does not contain a catalog itself (for example,
if it was generated using ?nocatalog).
The structure of the catalog object is identical to that contained in a token.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_catalog`
operationId: auth/catalog:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthCatalogGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get service catalog
tags:
- auth
head:
description: |-
Get service catalog for token.
GET/HEAD /v3/auth/catalog
operationId: auth/catalog:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/domains:
get:
description: |-
New in version 3.3
This call returns the list of domains that are available to be scoped
to based on the X-Auth-Token provided in the request.
The structure is the same as listing domains.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_domains`
operationId: auth/domains:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthDomainsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get available domain scopes
tags:
- auth
head:
description: |-
Get possible domain scopes for token.
GET/HEAD /v3/auth/domains
GET/HEAD /v3/OS-FEDERATION/domains
operationId: auth/domains:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/projects:
get:
description: |-
New in version 3.3
This call returns the list of projects that are available to be scoped
to based on the X-Auth-Token provided in the request.
The structure of the response is exactly the same as listing projects
for a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_projects`
operationId: auth/projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get available project scopes
tags:
- auth
head:
description: |-
Get possible project scopes for token.
GET/HEAD /v3/auth/projects
GET/HEAD /v3/OS-FEDERATION/projects
operationId: auth/projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/system:
get:
description: |-
New in version 3.10
This call returns the list of systems that are available to be scoped
to based on the X-Auth-Token provided in the request.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_system`
operationId: auth/system:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthSystemGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get available system scopes
tags:
- auth
head:
description: |-
Get possible system scopes for token.
GET/HEAD /v3/auth/system
operationId: auth/system:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/auth/tokens:
delete:
description: |-
Revokes a token.
This call is similar to the HEAD `/auth/tokens` call except that
the `X-Subject-Token` token is immediately not valid, regardless
of the `expires_at` attribute value. An additional
`X-Auth-Token` is not required.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens`
operationId: auth/tokens:delete
responses:
'204':
description: Ok
headers: {}
'403':
description: Error
'404':
description: Error
summary: Revoke token
tags:
- auth
get:
description: |-
Validates and shows information for a token, including its expiration date and authorization scope.
Pass your own token in the `X-Auth-Token` request header.
Pass the token that you want to validate in the `X-Subject-Token`
request header.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens`
operationId: auth/tokens:get
parameters:
- $ref: '#/components/parameters/X-Subject-Token'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthTokensGetResponse'
description: Ok
headers:
X-Subject-Token:
$ref: '#/components/headers/X-Subject-Token'
'403':
description: Error
'404':
description: Error
summary: Validate and show information for token
tags:
- auth
head:
description: |-
Validates a token.
This call is similar to `GET /auth/tokens` but no response body
is provided even in the `X-Subject-Token` header.
The Identity API returns the same response as when the subject
token was issued by `POST /auth/tokens` even if an error occurs
because the token is not valid. An HTTP `204` response code
indicates that the `X-Subject-Token` is valid.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens`
operationId: auth/tokens:head
responses:
'200':
description: Ok
headers: {}
'403':
description: Error
'404':
description: Error
summary: Check token
tags:
- auth
post:
description: |-
Authenticates an identity and generates a token. Uses the password authentication method. Authorization is unscoped.
The request body must include a payload that specifies the
authentication method, which is `password`, and the user, by ID
or name, and password credentials.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens`
operationId: auth/tokens:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/AuthTokensPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthTokensPostResponse'
description: Ok
headers:
X-Subject-Token:
$ref: '#/components/headers/X-Subject-Token'
'401':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthReceiptSchema'
description: Unauthorized
headers:
Openstack-Auth-Receipt:
$ref: '#/components/headers/Openstack-Auth-Receipt'
'403':
description: Error
'404':
description: Error
security: []
summary: Password authentication with unscoped authorization
tags:
- auth
/v3/auth/tokens/OS-PKI/revoked:
get:
description: |-
Lists revoked PKI tokens.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/rel/tokens/OS-PKI/revoked`
operationId: auth/tokens/OS-PKI/revoked:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/AuthTokensOs_PkiRevokedGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List revoked tokens
tags:
- auth
head:
description: |-
Deprecated; get revoked token list.
GET/HEAD /v3/auth/tokens/OS-PKI/revoked
operationId: auth/tokens/OS-PKI/revoked:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- auth
/v3/credentials:
get:
description: |-
Lists all credentials.
Optionally, you can include the `user_id` or `type` query parameter in the
URI to filter the response by a user or credential type.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/credentials`
operationId: credentials:get
parameters:
- $ref: '#/components/parameters/credentials_type'
- $ref: '#/components/parameters/credentials_user_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List credentials
tags:
- credentials
head:
description: |-
List credentials.
GET /v3/credentials
operationId: credentials:head
parameters:
- $ref: '#/components/parameters/credentials_type'
- $ref: '#/components/parameters/credentials_user_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- credentials
post:
description: |-
Creates a credential.
The following example shows how to create an EC2-style credential.
The credential blob is a string that contains a JSON-serialized
dictionary with the `access` and `secret` keys. This format is
required when you specify the `ec2` type. To specify other
credentials, such as `access_key`, change the type and contents
of the data blob.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/credentials`
operationId: credentials:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create credential
tags:
- credentials
/v3/credentials/{credential_id}:
delete:
description: |-
Deletes a credential.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/credential`
operationId: credentials/credential_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete credential
tags:
- credentials
get:
description: |-
Shows details for a credential.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/credential`
operationId: credentials/credential_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show credential details
tags:
- credentials
head:
description: |-
Retrieve existing credentials.
GET /v3/credentials/{credential_id}
operationId: credentials/credential_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- credentials
parameters:
- $ref: '#/components/parameters/credentials_credential_id'
patch:
description: |-
Updates a credential.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/credential`
operationId: credentials/credential_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/CredentialPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update credential
tags:
- credentials
/v3/domains:
get:
description: |-
Lists all domains.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domains`
operationId: domains:get
parameters:
- $ref: '#/components/parameters/domains_enabled'
- $ref: '#/components/parameters/domains_limit'
- $ref: '#/components/parameters/domains_marker'
- $ref: '#/components/parameters/domains_name'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List domains
tags:
- domains
head:
description: |-
List domains.
GET/HEAD /v3/domains
operationId: domains:head
parameters:
- $ref: '#/components/parameters/domains_enabled'
- $ref: '#/components/parameters/domains_limit'
- $ref: '#/components/parameters/domains_marker'
- $ref: '#/components/parameters/domains_name'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domains
post:
description: |-
Creates a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domains`
operationId: domains:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create domain
tags:
- domains
/v3/domains/config/default:
get:
description: |-
The default configuration settings for the options that can be overridden
can be retrieved.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/config/default:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show default configuration settings
tags:
- domain-configuration
head:
description: |-
Get default domain config.
GET/HEAD /v3/domains/config/default
operationId: domains/config/default:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
/v3/domains/config/{group}/default:
get:
description: |-
Reads the default configuration settings for a specific group.
The API supports only the `identity` and `ldap` groups.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/config/group/default:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroup'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show default configuration for a group
tags:
- domain-configuration
head:
description: |-
Get default domain group config.
GET/HEAD /v3/domains/config/{group}/default
operationId: domains/config/group/default:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
parameters:
- $ref: '#/components/parameters/domains_config_default_group'
/v3/domains/config/{group}/{option}/default:
get:
description: |-
Reads the default configuration setting for an option within a group.
The API supports only the `identity` and `ldap` groups. For the
`ldap` group, a valid value is `url` or `user_tree_dn`. For
the `identity` group, a valid value is `driver`.
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/config/group/option/default:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroupOption'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show default option for a group
tags:
- domain-configuration
head:
description: |-
Get default domain group option config.
GET/HEAD /v3/domains/config/{group}/{option}/default
operationId: domains/config/group/option/default:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
parameters:
- $ref: '#/components/parameters/domains_config_default_group'
- $ref: '#/components/parameters/domains_config_default_option'
/v3/domains/{domain_id}:
delete:
description: |-
Deletes a domain.
To minimize the risk of accidentally deleting a domain, you must
first disable the domain by using the update domain method.
When you delete a domain, this call also deletes all entities owned
by it, such as users, groups, and projects, and any credentials and
granted roles that relate to those entities.
If you try to delete an enabled domain, this call returns the
`Forbidden (403)` response code.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain`
operationId: domains/domain_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete domain
tags:
- domains
get:
description: |-
Shows details for a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domains`
operationId: domains/domain_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show domain details
tags:
- domains
head:
description: |-
Get domain
GET/HEAD /v3/domains/{domain_id}
operationId: domains/domain_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domains
parameters:
- $ref: '#/components/parameters/domains_domain_id'
patch:
description: |-
Updates a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain`
operationId: domains/domain_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update domain
tags:
- domains
/v3/domains/{domain_id}/config:
delete:
description: |-
Deletes a domain configuration.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config`
operationId: domains/domain_id/config:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete domain configuration
tags:
- domain-configuration
get:
description: |-
Shows details for a domain configuration.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config`
operationId: domains/domain_id/config:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show domain configuration
tags:
- domain-configuration
head:
description: |-
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config
GET/HEAD /v3/domains/{domain_id}/config/{group}
GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
operationId: domains/domain_id/config:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
parameters:
- $ref: '#/components/parameters/domains_config_domain_id'
patch:
description: |-
Updates a domain configuration.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config`
operationId: domains/domain_id/config:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update domain configuration
tags:
- domain-configuration
put:
description: |-
Creates a domain configuration.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config`
operationId: domains/domain_id/config:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfig'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create domain configuration
tags:
- domain-configuration
/v3/domains/{domain_id}/config/{group}:
delete:
description: |-
Deletes a domain group configuration.
The API supports only the `identity` and `ldap` groups.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete domain group configuration
tags:
- domain-configuration
get:
description: |-
Shows details for a domain group configuration.
The API supports only the `identity` and `ldap` groups.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroup'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show domain group configuration
tags:
- domain-configuration
head:
description: |-
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config
GET/HEAD /v3/domains/{domain_id}/config/{group}
GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
operationId: domains/domain_id/config/group:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
parameters:
- $ref: '#/components/parameters/domains_config_domain_id'
- $ref: '#/components/parameters/domains_config_group'
patch:
description: |-
Updates a domain group configuration.
The API supports only the `identity` and `ldap` groups. If you
try to set configuration options for other groups, this call fails
with the `Forbidden (403)` response code.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroup'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroup'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update domain group configuration
tags:
- domain-configuration
/v3/domains/{domain_id}/config/{group}/{option}:
delete:
description: |-
Deletes a domain group option configuration.
The API supports only the `identity` and `ldap` groups. For the
`ldap` group, a valid value is `url` or `user_tree_dn`. For
the `identity` group, a valid value is `driver`.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group/option:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete domain group option configuration
tags:
- domain-configuration
get:
description: |-
Shows details for a domain group option configuration.
The API supports only the `identity` and `ldap` groups. For the
`ldap` group, a valid value is `url` or `user_tree_dn`. For
the `identity` group, a valid value is `driver`.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group/option:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroupOption'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show domain group option configuration
tags:
- domain-configuration
head:
description: |-
Check if config option exists.
GET/HEAD /v3/domains/{domain_id}/config
GET/HEAD /v3/domains/{domain_id}/config/{group}
GET/HEAD /v3/domains/{domain_id}/config/{group}/{option}
operationId: domains/domain_id/config/group/option:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- domain-configuration
parameters:
- $ref: '#/components/parameters/domains_config_domain_id'
- $ref: '#/components/parameters/domains_config_group'
- $ref: '#/components/parameters/domains_config_option'
patch:
description: |-
Updates a domain group option configuration.
The API supports only the `identity` and `ldap` groups. For the
`ldap` group, a valid value is `url` or `user_tree_dn`. For
the `identity` group, a valid value is `driver`.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_config_default`
operationId: domains/domain_id/config/group/option:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroupOption'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/DomainConfigGroupOption'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update domain group option configuration
tags:
- domain-configuration
/v3/domains/{domain_id}/groups/{group_id}/roles:
get:
description: |-
Lists role assignments for a group on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_group_roles`
operationId: domains/domain_id/groups/group_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesInfos'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List role assignments for group on domain
tags:
- roles
head:
description: |-
List all domain grants for a specific group.
GET/HEAD /v3/domains/{domain_id}/groups/{group_id}/roles
operationId: domains/domain_id/groups/group_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
parameters:
- $ref: '#/components/parameters/domains_groups_roles_domain_id'
- $ref: '#/components/parameters/domains_groups_roles_group_id'
/v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}:
delete:
description: |-
Unassigns a role from a group on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_group_role`
operationId: domains/domain_id/groups/group_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Unassign role from group on domain
tags:
- roles
get:
description: |-
Check if a group has a specific role on a domain.
GET/HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}
operationId: domains/domain_id/groups/group_id/roles/role_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
head:
description: |-
Validates that a group has a role assignment on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_group_role`
operationId: domains/domain_id/groups/group_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check whether group has role assignment on domain
tags:
- roles
parameters:
- $ref: '#/components/parameters/domains_groups_roles_domain_id'
- $ref: '#/components/parameters/domains_groups_roles_group_id'
- $ref: '#/components/parameters/domains_groups_roles_role_id'
put:
description: |-
Assigns a role to a group on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_group_role`
operationId: domains/domain_id/groups/group_id/roles/role_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to group on domain
tags:
- roles
/v3/domains/{domain_id}/users/{user_id}/roles:
get:
description: |-
Lists role assignments for a user on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_user_roles`
operationId: domains/domain_id/users/user_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesInfos'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List role assignments for user on domain
tags:
- roles
head:
description: |-
Get user grant.
GET/HEAD /v3/domains/{domain_id}/users/{user_id}/roles
operationId: domains/domain_id/users/user_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
parameters:
- $ref: '#/components/parameters/domains_users_roles_domain_id'
- $ref: '#/components/parameters/domains_users_roles_user_id'
/v3/domains/{domain_id}/users/{user_id}/roles/{role_id}:
delete:
description: |-
Unassigns a role from a user on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_user_role`
operationId: domains/domain_id/users/user_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Unassigns role from user on domain
tags:
- roles
get:
description: |-
Check if a user has a specific role on the domain.
GET/HEAD /v3/domains/{domain_id}/users/{user_id}/roles/{role_id}
operationId: domains/domain_id/users/user_id/roles/role_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
head:
description: |-
Validates that a user has a role assignment on a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/domain_user_role`
operationId: domains/domain_id/users/user_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check whether user has role assignment on domain
tags:
- roles
parameters:
- $ref: '#/components/parameters/domains_users_roles_domain_id'
- $ref: '#/components/parameters/domains_users_roles_role_id'
- $ref: '#/components/parameters/domains_users_roles_user_id'
put:
description: |-
Assigns a role to a user on a domain.
Relationship: `https://developer.openstack.org/api-ref/identity/v3/index.html#assign-role-to-user-on-domain`
operationId: domains/domain_id/users/user_id/roles/role_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to user on domain
tags:
- roles
/v3/ec2tokens:
get:
description: |-
GET operation on /v3/ec2tokens
operationId: ec2tokens:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Ec2TokensGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- ec2tokens
head:
description: |-
HEAD operation on /v3/ec2tokens
operationId: ec2tokens:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- ec2tokens
post:
description: |-
Authenticate ec2 token.
POST /v3/ec2tokens
operationId: ec2tokens:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Ec2TokensPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Ec2TokensPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- ec2tokens
/v3/endpoints:
get:
description: |-
Lists all available endpoints.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/endpoints`
operationId: endpoints:get
parameters:
- $ref: '#/components/parameters/endpoints_interface'
- $ref: '#/components/parameters/endpoints_region_id'
- $ref: '#/components/parameters/endpoints_service_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List endpoints
tags:
- endpoints
head:
description: |-
List all endpoints.
GET /v3/endpoints
operationId: endpoints:head
parameters:
- $ref: '#/components/parameters/endpoints_interface'
- $ref: '#/components/parameters/endpoints_region_id'
- $ref: '#/components/parameters/endpoints_service_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- endpoints
post:
description: |-
Creates an endpoint.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/endpoints`
operationId: endpoints:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create endpoint
tags:
- endpoints
/v3/endpoints/{endpoint_id}:
delete:
description: |-
Deletes an endpoint.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/endpoint`
operationId: endpoints/endpoint_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete endpoint
tags:
- endpoints
get:
description: |-
Shows details for an endpoint.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/endpoints`
operationId: endpoints/endpoint_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show endpoint details
tags:
- endpoints
head:
description: |-
Show endpoint details
GET /v3/endpoints/{endpoint_id}
operationId: endpoints/endpoint_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- endpoints
parameters:
- $ref: '#/components/parameters/endpoints_endpoint_id'
patch:
description: |-
Updates an endpoint.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/endpoint`
operationId: endpoints/endpoint_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Endpoint'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update endpoint
tags:
- endpoints
/v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy:
get:
deprecated: true
description: |-
GET operation on /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy
operationId: endpoints/endpoint_id/OS-ENDPOINT-POLICY/policy:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/EndpointsOs_Endpoint_PolicyPolicyGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- endpoints
head:
description: |-
HEAD operation on /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy
operationId: endpoints/endpoint_id/OS-ENDPOINT-POLICY/policy:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- endpoints
parameters:
- $ref: '#/components/parameters/endpoints_OS_ENDPOINT_POLICY_policy_endpoint_id'
/v3/groups:
get:
description: |-
Lists groups.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/groups`
operationId: groups:get
parameters:
- $ref: '#/components/parameters/groups_domain_id'
- $ref: '#/components/parameters/groups_limit'
- $ref: '#/components/parameters/groups_marker'
- $ref: '#/components/parameters/groups_name'
- $ref: '#/components/parameters/groups_sort_dir'
- $ref: '#/components/parameters/groups_sort_key'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/GroupsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List groups
tags:
- groups
head:
description: |-
List groups.
GET/HEAD /groups
operationId: groups:head
parameters:
- $ref: '#/components/parameters/groups_domain_id'
- $ref: '#/components/parameters/groups_limit'
- $ref: '#/components/parameters/groups_marker'
- $ref: '#/components/parameters/groups_name'
- $ref: '#/components/parameters/groups_sort_dir'
- $ref: '#/components/parameters/groups_sort_key'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- groups
post:
description: |-
Creates a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/groups`
operationId: groups:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/GroupsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create group
tags:
- groups
/v3/groups/{group_id}:
delete:
description: |-
Deletes a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group`
operationId: groups/group_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete group
tags:
- groups
get:
description: |-
Shows details for a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group`
operationId: groups/group_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/GroupGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show group details
tags:
- groups
head:
description: |-
Get a group reference.
GET/HEAD /groups/{group_id}
operationId: groups/group_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- groups
parameters:
- $ref: '#/components/parameters/groups_group_id'
patch:
description: |-
Updates a group.
If the back-end driver does not support this functionality, the
call returns the `Not Implemented (501)` response code.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group`
operationId: groups/group_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/GroupPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/GroupPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update group
tags:
- groups
/v3/groups/{group_id}/users:
get:
description: |-
Lists the users that belong to a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group_users`
operationId: groups/group_id/users:get
parameters:
- $ref: '#/components/parameters/group_users_password_expires_at'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/GroupsUsersGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List users in group
tags:
- groups
head:
description: |-
Get list of users in group.
GET/HEAD /groups/{group_id}/users
operationId: groups/group_id/users:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- groups
parameters:
- $ref: '#/components/parameters/groups_users_group_id'
/v3/groups/{group_id}/users/{user_id}:
delete:
description: |-
Removes a user from a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group_user`
operationId: groups/group_id/users/user_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Remove user from group
tags:
- groups
get:
description: |-
Check if a user is in a group.
GET/HEAD /groups/{group_id}/users/{user_id}
operationId: groups/group_id/users/user_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- groups
head:
description: |-
Validates that a user belongs to a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group_user`
operationId: groups/group_id/users/user_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check whether user belongs to group
tags:
- groups
parameters:
- $ref: '#/components/parameters/groups_users_group_id'
- $ref: '#/components/parameters/groups_users_user_id'
put:
description: |-
Adds a user to a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/group_user`
operationId: groups/group_id/users/user_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Add user to group
tags:
- groups
/v3/limits:
get:
description: |-
Lists Limits.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limits`
operationId: limits:get
parameters:
- $ref: '#/components/parameters/limits_domain_id'
- $ref: '#/components/parameters/limits_project_id'
- $ref: '#/components/parameters/limits_region_id'
- $ref: '#/components/parameters/limits_resource_name'
- $ref: '#/components/parameters/limits_service_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LimitsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List Limits
tags:
- limits
head:
description: |-
List limits.
GET /v3/limits
operationId: limits:head
parameters:
- $ref: '#/components/parameters/limits_domain_id'
- $ref: '#/components/parameters/limits_project_id'
- $ref: '#/components/parameters/limits_region_id'
- $ref: '#/components/parameters/limits_resource_name'
- $ref: '#/components/parameters/limits_service_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- limits
post:
description: |-
Creates limits. It supports to create more than one limit in one request.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limits`
operationId: limits:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LimitsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LimitsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create Limits
tags:
- limits
/v3/limits/model:
get:
description: |-
Return the configured limit enforcement model.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limit_model`
operationId: limits/model:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LimitsModelGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get Enforcement Model
tags:
- limits
head:
description: |-
Retrieve enforcement model.
GET /v3/limits/model
operationId: limits/model:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- limits
/v3/limits/{limit_id}:
delete:
description: |-
Deletes a limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limit`
operationId: limits/limit_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete Limit
tags:
- limits
get:
description: |-
Shows details for a limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limit`
operationId: limits/limit_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LimitGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show Limit Details
tags:
- limits
head:
description: |-
Retrieve an existing limit.
GET /v3/limits/{limit_id}
operationId: limits/limit_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- limits
parameters:
- $ref: '#/components/parameters/limits_limit_id'
patch:
description: |-
Updates the specified limit. It only supports to update `resource_limit` or
`description` for the limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/limit`
operationId: limits/limit_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/LimitPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/LimitPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update Limit
tags:
- limits
/v3/policies:
get:
description: |-
Lists policies.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/policies`
operationId: policies:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List policies
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies
operationId: policies:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
post:
description: |-
Creates a policy.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/policies`
operationId: policies:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create policy
tags:
- policies
/v3/policies/{policy_id}:
delete:
description: |-
Deletes a policy.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/policy`
operationId: policies/policy_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete policy
tags:
- policies
get:
description: |-
Shows details for a policy.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/policy`
operationId: policies/policy_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show policy details
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies/{policy_id}
operationId: policies/policy_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
parameters:
- $ref: '#/components/parameters/policies_policy_id'
patch:
description: |-
Updates a policy.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/policy`
operationId: policies/policy_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyPatchRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update policy
tags:
- policies
/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints:
get:
description: |-
GET operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints
operationId: policies/policy_id/OS-ENDPOINT-POLICY/endpoints:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyEndpointsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints
operationId: policies/policy_id/OS-ENDPOINT-POLICY/endpoints:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
parameters:
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_endpoints_policy_id'
/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}:
delete:
description: |-
DELETE operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
get:
description: |-
GET operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyEndpointGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
parameters:
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_endpoints_endpoint_id'
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_endpoints_policy_id'
put:
description: |-
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyEndpointPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyEndpointPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}:
delete:
description: |-
DELETE operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
get:
description: |-
GET operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
operationId: policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServiceGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
parameters:
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_services_policy_id'
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_services_service_id'
put:
description: |-
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}
operationId: policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServicePutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServicePutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
/v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}:
delete:
description: |-
DELETE operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
get:
description: |-
GET operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServicesRegionGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
head:
description: |-
HEAD operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
parameters:
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_services_regions_policy_id'
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_services_regions_region_id'
- $ref: '#/components/parameters/policies_OS_ENDPOINT_POLICY_services_regions_service_id'
put:
description: |-
PUT operation on /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id}
operationId:
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServicesRegionPutRequest'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/PoliciesOs_Endpoint_PolicyServicesRegionPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- policies
/v3/projects:
get:
description: |-
Lists projects.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects:get
parameters:
- $ref: '#/components/parameters/projects_domain_id'
- $ref: '#/components/parameters/projects_enabled'
- $ref: '#/components/parameters/projects_is_domain'
- $ref: '#/components/parameters/projects_limit'
- $ref: '#/components/parameters/projects_marker'
- $ref: '#/components/parameters/projects_name'
- $ref: '#/components/parameters/projects_not-tags'
- $ref: '#/components/parameters/projects_not-tags-any'
- $ref: '#/components/parameters/projects_parent_id'
- $ref: '#/components/parameters/projects_tags'
- $ref: '#/components/parameters/projects_tags-any'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List projects
tags:
- projects
head:
description: |-
List projects.
GET/HEAD /v3/projects
operationId: projects:head
parameters:
- $ref: '#/components/parameters/projects_domain_id'
- $ref: '#/components/parameters/projects_enabled'
- $ref: '#/components/parameters/projects_is_domain'
- $ref: '#/components/parameters/projects_limit'
- $ref: '#/components/parameters/projects_marker'
- $ref: '#/components/parameters/projects_name'
- $ref: '#/components/parameters/projects_not-tags'
- $ref: '#/components/parameters/projects_not-tags-any'
- $ref: '#/components/parameters/projects_parent_id'
- $ref: '#/components/parameters/projects_tags'
- $ref: '#/components/parameters/projects_tags-any'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
post:
description: |-
Creates a project, where the project may act as a domain.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create project
tags:
- projects
/v3/projects/{project_id}:
delete:
description: |-
Deletes a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project`
operationId: projects/project_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete project
tags:
- projects
get:
description: |-
Shows details for a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project`
operationId: projects/project_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show project details
tags:
- projects
head:
description: |-
Get project.
GET/HEAD /v3/projects/{project_id}
operationId: projects/project_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_project_id'
patch:
description: |-
Updates a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project`
operationId: projects/project_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update project
tags:
- projects
/v3/projects/{project_id}/groups/{group_id}/roles:
get:
description: |-
Lists role assignments for a group on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_user_role`
operationId: projects/project_id/groups/group_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesInfos'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List role assignments for group on project
tags:
- projects
head:
description: |-
List grants for group on project.
GET/HEAD /v3/projects/{project_id}/groups/{group_id}
operationId: projects/project_id/groups/group_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_groups_roles_group_id'
- $ref: '#/components/parameters/projects_groups_roles_project_id'
/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}:
delete:
description: |-
Unassigns a role from a group on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_group_role`
operationId: projects/project_id/groups/group_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Unassign role from group on project
tags:
- projects
get:
description: |-
Check grant for project, group, role.
GET/HEAD /v3/projects/{project_id/groups/{group_id}/roles/{role_id}
operationId: projects/project_id/groups/group_id/roles/role_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
head:
description: |-
Validates that a group has a role assignment on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_group_role`
operationId: projects/project_id/groups/group_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check whether group has role assignment on project
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_groups_roles_group_id'
- $ref: '#/components/parameters/projects_groups_roles_project_id'
- $ref: '#/components/parameters/projects_groups_roles_role_id'
put:
description: |-
Assigns a role to a group on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_group_role`
operationId: projects/project_id/groups/group_id/roles/role_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to group on project
tags:
- projects
/v3/projects/{project_id}/tags:
delete:
description: |-
Remove all tags from a given project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Remove all tags from a project
tags:
- projects
get:
description: |-
Lists all tags within a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsTagsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List tags for a project
tags:
- projects
head:
description: |-
List tags associated with a given project.
GET /v3/projects/{project_id}/tags
operationId: projects/project_id/tags:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_tags_project_id'
put:
description: |-
Modifies the tags for a project. Any existing tags not specified will
be deleted.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsTagsPut'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/ProjectsTagsPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Modify tag list for a project
tags:
- projects
/v3/projects/{project_id}/tags/{value}:
delete:
description: |-
Remove a single tag from a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags/value:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete single tag from project
tags:
- projects
get:
description: |-
Checks if a project contains the specified tag.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags/value:get
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check if project contains tag
tags:
- projects
head:
description: |-
Get information for a single tag associated with a given project.
GET /v3/projects/{project_id}/tags/{value}
operationId: projects/project_id/tags/value:head
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_tags_project_id'
- $ref: '#/components/parameters/projects_tags_value'
put:
description: |-
Creates the specified tag and adds it to the list of tags in the project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/projects`
operationId: projects/project_id/tags/value:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Add single tag to a project
tags:
- projects
/v3/projects/{project_id}/users/{user_id}/roles:
get:
description: |-
Lists role assignments for a user on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_user_role`
operationId: projects/project_id/users/user_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesInfos'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List role assignments for user on project
tags:
- projects
head:
description: |-
List grants for user on project.
GET/HEAD /v3/projects/{project_id}/users/{user_id}
operationId: projects/project_id/users/user_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_users_roles_project_id'
- $ref: '#/components/parameters/projects_users_roles_user_id'
/v3/projects/{project_id}/users/{user_id}/roles/{role_id}:
delete:
description: |-
Unassigns a role from a user on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_user_role`
operationId: projects/project_id/users/user_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Unassign role from user on project
tags:
- projects
get:
description: |-
Check grant for project, user, role.
GET/HEAD /v3/projects/{project_id/users/{user_id}/roles/{role_id}
operationId: projects/project_id/users/user_id/roles/role_id:get
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- projects
head:
description: |-
Validates that a user has a role on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_user_role`
operationId: projects/project_id/users/user_id/roles/role_id:head
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check whether user has role assignment on project
tags:
- projects
parameters:
- $ref: '#/components/parameters/projects_users_roles_project_id'
- $ref: '#/components/parameters/projects_users_roles_role_id'
- $ref: '#/components/parameters/projects_users_roles_user_id'
put:
description: |-
Assigns a role to a user on a project.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/project_user_role`
operationId: projects/project_id/users/user_id/roles/role_id:put
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign role to user on project
tags:
- projects
/v3/regions:
get:
description: |-
Lists regions.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/regions`
operationId: regions:get
parameters:
- $ref: '#/components/parameters/regions_parent_region_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RegionsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List regions
tags:
- regions
head:
description: |-
HEAD operation on /v3/regions
operationId: regions:head
parameters:
- $ref: '#/components/parameters/regions_parent_region_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- regions
post:
description: |-
Creates a region.
When you create the region, you can optionally specify a region ID.
If you include characters in the region ID that are not allowed in
a URI, you must URL-encode the ID. If you omit an ID, the API
assigns an ID to the region.
The following errors might occur:
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/regions`
operationId: regions:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegionsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Region'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create region
tags:
- regions
/v3/regions/{region_id}:
delete:
description: |-
Deletes a region.
The following error might occur:
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/region`
operationId: regions/region_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete region
tags:
- regions
get:
description: |-
Shows details for a region, by ID.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/regions`
operationId: regions/region_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Region'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show region details
tags:
- regions
head:
description: |-
HEAD operation on /v3/regions/{region_id}
operationId: regions/region_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- regions
parameters:
- $ref: '#/components/parameters/regions_region_id'
patch:
description: |-
Updates a region.
You can update the description or parent region ID for a region.
You cannot update the region ID.
The following error might occur:
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/region`
operationId: regions/region_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegionPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Region'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update region
tags:
- regions
put:
description: |-
PUT operation on /v3/regions/{region_id}
operationId: regions/region_id:put
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RegionPut'
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/RegionPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- regions
/v3/registered_limits:
get:
description: |-
Lists Registered Limits.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/registered_limits`
operationId: registered_limits:get
parameters:
- $ref: '#/components/parameters/registered_limits_region_id'
- $ref: '#/components/parameters/registered_limits_resource_name'
- $ref: '#/components/parameters/registered_limits_service_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List Registered Limits
tags:
- registered_limits
head:
description: |-
List registered limits.
GET /v3/registered_limits
operationId: registered_limits:head
parameters:
- $ref: '#/components/parameters/registered_limits_region_id'
- $ref: '#/components/parameters/registered_limits_resource_name'
- $ref: '#/components/parameters/registered_limits_service_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- registered_limits
post:
description: |-
Creates registered limits. It supports to create more than one registered limit
in one request.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/registered_limits`
operationId: registered_limits:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create Registered Limits
tags:
- registered_limits
/v3/registered_limits/{registered_limit_id}:
delete:
description: |-
Deletes a registered limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/registered_limit`
operationId: registered_limits/registered_limit_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete Registered Limit
tags:
- registered_limits
get:
description: |-
Shows details for a registered limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/registered_limit`
operationId: registered_limits/registered_limit_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show Registered Limit Details
tags:
- registered_limits
head:
description: |-
Retrieve an existing registered limit.
GET /v3/registered_limits/{registered_limit_id}
operationId: registered_limits/registered_limit_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- registered_limits
parameters:
- $ref: '#/components/parameters/registered_limits_registered_limit_id'
patch:
description: |-
Updates the specified registered limit.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/registered_limit`
operationId: registered_limits/registered_limit_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Registered_LimitPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update Registered Limit
tags:
- registered_limits
/v3/role_assignments:
get:
description: |-
Get a list of role assignments.
If no query parameters are specified, then this API will return a list of all
role assignments.
Since this list is likely to be very long, this API would typically always be
used with one of more of the filter queries. Some typical examples are:
`GET /v3/role_assignments?user.id={user_id}` would list all role assignments
involving the specified user.
`GET /v3/role_assignments?scope.project.id={project_id}` would list all role
assignments involving the specified project.
It is also possible to list all role assignments within
a tree of projects:
`GET /v3/role_assignments?scope.project.id={project_id}&include_subtree=true`
would list all role assignments involving the specified project and all
sub-projects. `include_subtree=true` can only be specified in conjunction
with `scope.project.id`, specifying it without this will result in an
HTTP 400 Bad Request being returned.
Each role assignment entity in the collection contains a link to the assignment
that gave rise to this entity.
The scope section in the list response is extended to allow the representation
of role assignments that are inherited to projects.
The query filter `scope.OS-INHERIT:inherited_to` can be used to filter based
on role assignments that are inherited. The only value of
`scope.OS-INHERIT:inherited_to` that is currently supported is `projects`,
indicating that this role is inherited to all projects of the owning domain or
parent project.
If the query parameter `effective` is specified, rather than simply returning
a list of role assignments that have been made, the API returns a list of
effective assignments at the user, project and domain level, having allowed for
the effects of group membership, role inference rules as well as inheritance
from the parent domain or project. Since the effects of group membership have
already been allowed for, the group role assignment entities themselves will
not be returned in the collection. Likewise, since the effects of inheritance
have already been allowed for, the role assignment entities themselves that
specify the inheritance will also not be returned in the collection. This
represents the effective role assignments that would be included in a scoped
token. The same set of query parameters can also be used in combination with
the `effective` parameter.
For example:
`GET /v3/role_assignments?user.id={user_id}&effective` would, in other words,
answer the question “what can this user actually do?”.
`GET
/v3/role_assignments?user.id={user_id}&scope.project.id={project_id}&effective`
would return the equivalent set of role assignments that would be included in
the token response of a project scoped token.
An example response for an API call with the query parameter `effective`
specified is given below:
The entity `links` section of a response using the `effective` query
parameter also contains, for entities that are included by virtue of group
membership, a url that can be used to access the membership of the group.
If the query parameter `include_names` is specified, rather than simply
returning the entity IDs in the role assignments, the collection will
additionally include the names of the entities. For example:
`GET /v3/role_assignments?user.id={user_id}&effective&include_names=true`
would return:
Relationship:
`https://docs.openstack.org/api/openstack-identity/3/rel/role_assignments`
operationId: role_assignments:get
parameters:
- $ref: '#/components/parameters/role_assignments_effective'
- $ref: '#/components/parameters/role_assignments_group.id'
- $ref: '#/components/parameters/role_assignments_include_names'
- $ref: '#/components/parameters/role_assignments_include_subtree'
- $ref: '#/components/parameters/role_assignments_role.id'
- $ref: '#/components/parameters/role_assignments_scope.OS-INHERIT_inherited_to'
- $ref: '#/components/parameters/role_assignments_scope.domain.id'
- $ref: '#/components/parameters/role_assignments_scope.project.id'
- $ref: '#/components/parameters/role_assignments_scope.system'
- $ref: '#/components/parameters/role_assignments_user.id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role_AssignmentsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List role assignments
tags:
- role_assignments
head:
description: |-
List all role assignments.
GET/HEAD /v3/role_assignments
operationId: role_assignments:head
parameters:
- $ref: '#/components/parameters/role_assignments_effective'
- $ref: '#/components/parameters/role_assignments_group.id'
- $ref: '#/components/parameters/role_assignments_include_names'
- $ref: '#/components/parameters/role_assignments_include_subtree'
- $ref: '#/components/parameters/role_assignments_role.id'
- $ref: '#/components/parameters/role_assignments_scope.OS-INHERIT_inherited_to'
- $ref: '#/components/parameters/role_assignments_scope.domain.id'
- $ref: '#/components/parameters/role_assignments_scope.project.id'
- $ref: '#/components/parameters/role_assignments_scope.system'
- $ref: '#/components/parameters/role_assignments_user.id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- role_assignments
/v3/role_inferences:
get:
description: |-
Lists all role inference rules.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#list-all-role-inference-rules`
operationId: role_inferences:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role_InferencesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List all role inference rules
tags:
- role_inferences
head:
description: |-
List role inference rules.
GET/HEAD /v3/role_inferences
operationId: role_inferences:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- role_inferences
/v3/roles:
get:
description: |-
Lists roles.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/roles`
operationId: roles:get
parameters:
- $ref: '#/components/parameters/roles_domain_id'
- $ref: '#/components/parameters/roles_name'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List roles
tags:
- roles
head:
description: |-
List roles.
GET/HEAD /v3/roles
operationId: roles:head
parameters:
- $ref: '#/components/parameters/roles_domain_id'
- $ref: '#/components/parameters/roles_name'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
post:
description: |-
Creates a role.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/roles`
operationId: roles:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RolesPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create role
tags:
- roles
/v3/roles/{prior_role_id}/implies:
get:
description: |-
Lists implied (inference) roles for a role.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#list-implied-roles-for-role`
operationId: roles/prior_role_id/implies:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesImpliesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List implied (inference) roles for role
tags:
- roles
head:
description: |-
List Implied Roles.
GET/HEAD /v3/roles/{prior_role_id}/implies
operationId: roles/prior_role_id/implies:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
parameters:
- $ref: '#/components/parameters/roles_implies_prior_role_id'
/v3/roles/{prior_role_id}/implies/{implied_role_id}:
delete:
description: |-
Deletes a role inference rule.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#delete-role-inference-rule`
operationId: roles/prior_role_id/implies/implied_role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete role inference rule
tags:
- roles
get:
description: |-
Gets a role inference rule.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#get-role-inference-rule`
operationId: roles/prior_role_id/implies/implied_role_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesImplyGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get role inference rule
tags:
- roles
head:
description: |-
Checks a role role inference rule.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#confirm-role-inference-rule`
operationId: roles/prior_role_id/implies/implied_role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Confirm role inference rule
tags:
- roles
parameters:
- $ref: '#/components/parameters/roles_implies_implied_role_id'
- $ref: '#/components/parameters/roles_implies_prior_role_id'
put:
description: |-
Creates a role inference rule.
Relationship:
`https://developer.openstack.org/api-ref/identity/v3/#create-role-inference-rule`
operationId: roles/prior_role_id/implies/implied_role_id:put
responses:
'201':
content:
application/json:
schema:
$ref: '#/components/schemas/RolesImplyPutResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create role inference rule
tags:
- roles
/v3/roles/{role_id}:
delete:
description: |-
Deletes a role.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/role`
operationId: roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete role
tags:
- roles
get:
description: |-
Shows details for a role.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/role`
operationId: roles/role_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show role details
tags:
- roles
head:
description: |-
Get role.
GET/HEAD /v3/roles/{role_id}
operationId: roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- roles
parameters:
- $ref: '#/components/parameters/roles_role_id'
patch:
description: |-
Updates a role.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/role`
operationId: roles/role_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RolePatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update role
tags:
- roles
/v3/s3tokens:
get:
description: |-
GET operation on /v3/s3tokens
operationId: s3tokens:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/S3TokensGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- s3tokens
head:
description: |-
HEAD operation on /v3/s3tokens
operationId: s3tokens:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- s3tokens
post:
description: |-
Authenticate s3token.
POST /v3/s3tokens
operationId: s3tokens:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/S3TokensPostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/S3TokensPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- s3tokens
/v3/services:
get:
description: |-
Lists all services.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/services`
operationId: services:get
parameters:
- $ref: '#/components/parameters/services_type'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/ServicesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List services
tags:
- services
head:
description: |-
List all services.
GET /v3/services
operationId: services:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- services
post:
description: |-
Creates a service.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/services`
operationId: services:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ServicesPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Service'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create service
tags:
- services
/v3/services/{service_id}:
delete:
description: |-
Deletes a service.
If you try to delete a service that still has associated endpoints,
this call either deletes all associated endpoints or fails until
all endpoints are deleted.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/service`
operationId: services/service_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete service
tags:
- services
get:
description: |-
Shows details for a service.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/service`
operationId: services/service_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Service'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show service details
tags:
- services
head:
description: |-
Show details for a service.
GET /v3/services/{service_id}
operationId: services/service_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- services
parameters:
- $ref: '#/components/parameters/services_service_id'
patch:
description: |-
Updates a service.
The request body is the same as the create service request body,
except that you include only those attributes that you want to
update.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/services`
operationId: services/service_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/ServicePatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/Service'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update service
tags:
- services
/v3/system/groups/{group_id}/roles:
get:
description: |-
Lists all system role assignment a group has.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_group_roles`
operationId: system/groups/group_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SystemGroupsRolesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List system role assignments for a group
tags:
- system
head:
description: |-
List all system grants for a specific group.
GET/HEAD /system/groups/{group_id}/roles
operationId: system/groups/group_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- system
parameters:
- $ref: '#/components/parameters/system_groups_roles_group_id'
/v3/system/groups/{group_id}/roles/{role_id}:
delete:
description: |-
Remove a system role assignment from a group.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role`
operationId: system/groups/group_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete a system role assignment from a group
tags:
- system
get:
description: |-
Get a specific system role assignment for a group. This is the same API as
`HEAD /v3/system/groups/{group_id}/roles/{role_id}`.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role`
operationId: system/groups/group_id/roles/role_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get system role assignment for a group
tags:
- system
head:
description: |-
Check if a specific group has a role assignment on the system.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role`
operationId: system/groups/group_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check group for a system role assignment
tags:
- system
parameters:
- $ref: '#/components/parameters/system_groups_roles_group_id'
- $ref: '#/components/parameters/system_groups_roles_role_id'
put:
description: |-
Grant a group a role on the system.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role`
operationId: system/groups/group_id/roles/role_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign a system role to a group
tags:
- system
/v3/system/users/{user_id}/roles:
get:
description: |-
Lists all system role assignment a user has.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_user_roles`
operationId: system/users/user_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/SystemUsersRolesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List system role assignments for a user
tags:
- system
head:
description: |-
List all system grants for a specific user.
GET/HEAD /system/users/{user_id}/roles
operationId: system/users/user_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- system
parameters:
- $ref: '#/components/parameters/system_users_roles_user_id'
/v3/system/users/{user_id}/roles/{role_id}:
delete:
description: |-
Remove a system role assignment from a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role`
operationId: system/users/user_id/roles/role_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete a system role assignment from a user
tags:
- system
get:
description: |-
Get a specific system role assignment for a user. This is the same API as
`HEAD /v3/system/users/{user_id}/roles/{role_id}`.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role`
operationId: system/users/user_id/roles/role_id:get
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Get system role assignment for a user
tags:
- system
head:
description: |-
Check if a specific user has a role assignment on the system.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role`
operationId: system/users/user_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Check user for a system role assignment
tags:
- system
parameters:
- $ref: '#/components/parameters/system_users_roles_role_id'
- $ref: '#/components/parameters/system_users_roles_user_id'
put:
description: |-
Grant a user a role on the system.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role`
operationId: system/users/user_id/roles/role_id:put
responses:
'201':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Assign a system role to a user
tags:
- system
/v3/users:
get:
description: |-
Lists users.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/users`
operationId: users:get
parameters:
- $ref: '#/components/parameters/users_domain_id'
- $ref: '#/components/parameters/users_enabled'
- $ref: '#/components/parameters/users_idp_id'
- $ref: '#/components/parameters/users_limit'
- $ref: '#/components/parameters/users_marker'
- $ref: '#/components/parameters/users_name'
- $ref: '#/components/parameters/users_password_expires_at'
- $ref: '#/components/parameters/users_protocol_id'
- $ref: '#/components/parameters/users_sort_dir'
- $ref: '#/components/parameters/users_sort_key'
- $ref: '#/components/parameters/users_unique_id'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List users
tags:
- users
head:
description: |-
List users.
GET/HEAD /v3/users
operationId: users:head
parameters:
- $ref: '#/components/parameters/users_domain_id'
- $ref: '#/components/parameters/users_enabled'
- $ref: '#/components/parameters/users_idp_id'
- $ref: '#/components/parameters/users_limit'
- $ref: '#/components/parameters/users_marker'
- $ref: '#/components/parameters/users_name'
- $ref: '#/components/parameters/users_password_expires_at'
- $ref: '#/components/parameters/users_protocol_id'
- $ref: '#/components/parameters/users_sort_dir'
- $ref: '#/components/parameters/users_sort_key'
- $ref: '#/components/parameters/users_unique_id'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
post:
description: |-
Creates a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/users`
operationId: users:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UsersPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create user
tags:
- users
/v3/users/{user_id}:
delete:
description: |-
Deletes a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user`
operationId: users/user_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete user
tags:
- users
get:
description: |-
Shows details for a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user`
operationId: users/user_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show user details
tags:
- users
head:
description: |-
Get a user resource.
GET/HEAD /v3/users/{user_id}
operationId: users/user_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_user_id'
patch:
description: |-
Updates a user.
If the back-end driver does not support this functionality, this
call might return the HTTP `Not Implemented (501)` response code.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user`
operationId: users/user_id:patch
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UserPatch'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UserPatchResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Update user
tags:
- users
/v3/users/{user_id}/OS-OAUTH1/access_tokens:
get:
description: |-
List OAuth1 Access Tokens for user.
GET /v3/users/{user_id}/OS-OAUTH1/access_tokens
operationId: users/user_id/OS-OAUTH1/access_tokens:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersOs_Oauth1Access_TokensGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
List OAuth1 Access Tokens for user.
GET /v3/users/{user_id}/OS-OAUTH1/access_tokens
operationId: users/user_id/OS-OAUTH1/access_tokens:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_user_id'
/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}:
delete:
description: |-
Delete specific access token.
DELETE /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
operationId: users/user_id/OS-OAUTH1/access_tokens/access_token_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
get:
description: |-
Get specific access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
operationId: users/user_id/OS-OAUTH1/access_tokens/access_token_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersOs_Oauth1Access_TokenGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
Get specific access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}
operationId: users/user_id/OS-OAUTH1/access_tokens/access_token_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_access_token_id'
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_user_id'
/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles:
get:
description: |-
List roles for a user access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/
{access_token_id}/roles
operationId:
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersOs_Oauth1Access_TokensRolesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
List roles for a user access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/
{access_token_id}/roles
operationId:
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_roles_access_token_id'
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_roles_user_id'
/v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id}:
get:
description: |-
Get role for access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/
{access_token_id}/roles/{role_id}
operationId:
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles/role_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersOs_Oauth1Access_TokensRoleGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
Get role for access token.
GET/HEAD /v3/users/{user_id}/OS-OAUTH1/access_tokens/
{access_token_id}/roles/{role_id}
operationId:
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles/role_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_roles_access_token_id'
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_roles_role_id'
- $ref: '#/components/parameters/users_OS_OAUTH1_access_tokens_roles_user_id'
/v3/users/{user_id}/access_rules:
get:
description: |-
List all access rules for a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/access_rules`
operationId: users/user_id/access_rules:get
parameters:
- $ref: '#/components/parameters/users_access_rules_method'
- $ref: '#/components/parameters/users_access_rules_path'
- $ref: '#/components/parameters/users_access_rules_service'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersAccess_RulesGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List access rules
tags:
- users
head:
description: |-
List access rules for user.
GET/HEAD /v3/users/{user_id}/access_rules
operationId: users/user_id/access_rules:head
parameters:
- $ref: '#/components/parameters/users_access_rules_method'
- $ref: '#/components/parameters/users_access_rules_path'
- $ref: '#/components/parameters/users_access_rules_service'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_access_rules_user_id'
/v3/users/{user_id}/access_rules/{access_rule_id}:
delete:
description: |-
Delete an access rule. An access rule that is still in use by an application
credential cannot be deleted.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/access_rules`
operationId: users/user_id/access_rules/access_rule_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete access rule
tags:
- users
get:
description: |-
Show details of an access rule.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/access_rules`
operationId: users/user_id/access_rules/access_rule_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersAccess_RuleGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show access rule details
tags:
- users
head:
description: |-
Get access rule resource.
GET/HEAD /v3/users/{user_id}/access_rules/{access_rule_id}
operationId: users/user_id/access_rules/access_rule_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_access_rules_access_rule_id'
- $ref: '#/components/parameters/users_access_rules_user_id'
/v3/users/{user_id}/application_credentials:
get:
description: |-
List all application credentials for a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/application_credentials`
operationId: users/user_id/application_credentials:get
parameters:
- $ref: '#/components/parameters/users_application_credentials_name'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersApplication_CredentialsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List application credentials
tags:
- users
head:
description: |-
List application credentials for user.
GET/HEAD /v3/users/{user_id}/application_credentials
operationId: users/user_id/application_credentials:head
parameters:
- $ref: '#/components/parameters/users_application_credentials_name'
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_application_credentials_user_id'
post:
description: |-
Creates an application credential for a user on the project to which the
current token is scoped.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/application_credentials`
operationId: users/user_id/application_credentials:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UsersApplication_CredentialsPost'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersApplication_CredentialsPostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Create application credential
tags:
- users
/v3/users/{user_id}/application_credentials/{application_credential_id}:
delete:
description: |-
Delete an application credential.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/application_credentials`
operationId:
users/user_id/application_credentials/application_credential_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Delete application credential
tags:
- users
get:
description: |-
Show details of an application credential.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/application_credentials`
operationId:
users/user_id/application_credentials/application_credential_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersApplication_CredentialGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: Show application credential details
tags:
- users
head:
description: |-
Get application credential resource.
GET/HEAD /v3/users/{user_id}/application_credentials/
{application_credential_id}
operationId:
users/user_id/application_credentials/application_credential_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_application_credentials_application_credential_id'
- $ref: '#/components/parameters/users_application_credentials_user_id'
/v3/users/{user_id}/credentials/OS-EC2:
get:
description: |-
List EC2 Credentials for user.
GET/HEAD /v3/users/{user_id}/credentials/OS-EC2
operationId: users/user_id/credentials/OS-EC2:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersCredentialsOs_Ec2GetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
List EC2 Credentials for user.
GET/HEAD /v3/users/{user_id}/credentials/OS-EC2
operationId: users/user_id/credentials/OS-EC2:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_credentials_OS_EC2_user_id'
post:
description: |-
Create EC2 Credential for user.
POST /v3/users/{user_id}/credentials/OS-EC2
operationId: users/user_id/credentials/OS-EC2:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UsersCredentialsOs_Ec2PostRequest'
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersCredentialsOs_Ec2PostResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
/v3/users/{user_id}/credentials/OS-EC2/{credential_id}:
delete:
description: |-
Delete a specific EC2 credential.
DELETE /users/{user_id}/credentials/OS-EC2/{credential_id}
operationId: users/user_id/credentials/OS-EC2/credential_id:delete
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
get:
description: |-
Get a specific EC2 credential.
GET/HEAD /users/{user_id}/credentials/OS-EC2/{credential_id}
operationId: users/user_id/credentials/OS-EC2/credential_id:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersCredentialsOs_Ec2GetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
head:
description: |-
Get a specific EC2 credential.
GET/HEAD /users/{user_id}/credentials/OS-EC2/{credential_id}
operationId: users/user_id/credentials/OS-EC2/credential_id:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_credentials_OS_EC2_credential_id'
- $ref: '#/components/parameters/users_credentials_OS_EC2_user_id'
/v3/users/{user_id}/groups:
get:
description: |-
Lists groups to which a user belongs.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user_groups`
operationId: users/user_id/groups:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersGroupsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List groups to which a user belongs
tags:
- users
head:
description: |-
Get groups for a user.
GET/HEAD /v3/users/{user_id}/groups
operationId: users/user_id/groups:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_groups_user_id'
/v3/users/{user_id}/password:
parameters:
- $ref: '#/components/parameters/users_password_user_id'
post:
description: |-
Changes the password for a user.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user_change_password`
operationId: users/user_id/password:post
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UsersPasswordPostRequest'
responses:
'204':
description: Ok
'403':
description: Error
'404':
description: Error
summary: Change password for user
tags:
- users
/v3/users/{user_id}/projects:
get:
description: |-
List projects to which the user has authorization to access.
Relationship: `https://docs.openstack.org/api/openstack-identity/3/rel/user_projects`
operationId: users/user_id/projects:get
responses:
'200':
content:
application/json:
schema:
$ref: '#/components/schemas/UsersProjectsGetResponse'
description: Ok
'403':
description: Error
'404':
description: Error
summary: List projects for user
tags:
- users
head:
description: |-
HEAD operation on /v3/users/{user_id}/projects
operationId: users/user_id/projects:head
responses:
'200':
description: Ok
'403':
description: Error
'404':
description: Error
tags:
- users
parameters:
- $ref: '#/components/parameters/users_projects_user_id'
components:
headers:
Openstack-Auth-Receipt:
description: The auth receipt. A partially successful authentication
response returns the auth receipt ID in this header rather than in the
response body.
schema:
type: string
X-Auth-Token:
description: A valid authentication token
schema:
format: secret
type: string
X-Subject-Token:
description: API Authorization token
schema:
type: string
parameters:
OS_EP_FILTER_endpoint_groups_endpoint_group_id:
description: |-
endpoint_group_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id} API
in: path
name: endpoint_group_id
required: true
schema:
type: string
OS_EP_FILTER_endpoint_groups_endpoints_endpoint_group_id:
description: |-
endpoint_group_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/endpoints API
in: path
name: endpoint_group_id
required: true
schema:
type: string
OS_EP_FILTER_endpoint_groups_name:
description: The name of the endpoint group.
in: query
name: name
schema:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
OS_EP_FILTER_endpoint_groups_projects_endpoint_group_id:
description: |-
endpoint_group_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id} API
in: path
name: endpoint_group_id
required: true
schema:
type: string
OS_EP_FILTER_endpoint_groups_projects_project_id:
description: |-
project_id parameter for /v3/OS-EP-FILTER/endpoint_groups/{endpoint_group_id}/projects/{project_id} API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
OS_EP_FILTER_endpoints_projects_endpoint_id:
description: |-
endpoint_id parameter for /v3/OS-EP-FILTER/endpoints/{endpoint_id}/projects API
in: path
name: endpoint_id
required: true
schema:
type: string
OS_EP_FILTER_projects_endpoint_groups_project_id:
description: |-
project_id parameter for /v3/OS-EP-FILTER/projects/{project_id}/endpoint_groups API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
OS_EP_FILTER_projects_endpoints_endpoint_id:
description: |-
endpoint_id parameter for /v3/OS-EP-FILTER/projects/{project_id}/endpoints/{endpoint_id} API
in: path
name: endpoint_id
required: true
schema:
type: string
OS_EP_FILTER_projects_endpoints_project_id:
description: |-
project_id parameter for /v3/OS-EP-FILTER/projects/{project_id}/endpoints API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
OS_FEDERATION_identity_providers_enabled:
description: Whether the identity provider is enabled or not
in: query
name: enabled
schema:
description: Whether the identity provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
OS_FEDERATION_identity_providers_id:
description: The identity provider ID
in: query
name: id
schema:
description: The identity provider ID
type: string
OS_FEDERATION_identity_providers_idp_id:
description: |-
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id} API
in: path
name: idp_id
required: true
schema:
type: string
OS_FEDERATION_identity_providers_protocols_auth_idp_id:
description: |-
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth API
in: path
name: idp_id
required: true
schema:
type: string
OS_FEDERATION_identity_providers_protocols_auth_protocol_id:
description: |-
protocol_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/auth API
in: path
name: protocol_id
required: true
schema:
type: string
OS_FEDERATION_identity_providers_protocols_idp_id:
description: |-
idp_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols API
in: path
name: idp_id
required: true
schema:
type: string
OS_FEDERATION_identity_providers_protocols_protocol_id:
description: |-
protocol_id parameter for /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id} API
in: path
name: protocol_id
required: true
schema:
type: string
OS_FEDERATION_mappings_mapping_id:
description: |-
mapping_id parameter for /v3/OS-FEDERATION/mappings/{mapping_id} API
in: path
name: mapping_id
required: true
schema:
type: string
OS_FEDERATION_service_providers_enabled:
description: Whether the service provider is enabled or not
in: query
name: enabled
schema:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
OS_FEDERATION_service_providers_id:
description: The service provider ID
in: query
name: id
schema:
description: The service provider ID
type: string
OS_FEDERATION_service_providers_service_provider_id:
description: |-
service_provider_id parameter for /v3/OS-FEDERATION/service_providers/{service_provider_id} API
in: path
name: service_provider_id
required: true
schema:
type: string
OS_INHERIT_domains_groups_roles_inherited_to_projects_domain_id:
description: |-
domain_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects API
in: path
name: domain_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/domain.id
OS_INHERIT_domains_groups_roles_inherited_to_projects_group_id:
description: |-
group_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects API
in: path
name: group_id
required: true
schema:
type: string
OS_INHERIT_domains_groups_roles_inherited_to_projects_role_id:
description: |-
role_id parameter for /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API
in: path
name: role_id
required: true
schema:
type: string
OS_INHERIT_domains_users_roles_inherited_to_projects_domain_id:
description: |-
domain_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects API
in: path
name: domain_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/domain.id
OS_INHERIT_domains_users_roles_inherited_to_projects_role_id:
description: |-
role_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API
in: path
name: role_id
required: true
schema:
type: string
OS_INHERIT_domains_users_roles_inherited_to_projects_user_id:
description: |-
user_id parameter for /v3/OS-INHERIT/domains/{domain_id}/users/{user_id}/roles/inherited_to_projects API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
OS_INHERIT_projects_groups_roles_inherited_to_projects_group_id:
description: |-
group_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API
in: path
name: group_id
required: true
schema:
type: string
OS_INHERIT_projects_groups_roles_inherited_to_projects_project_id:
description: |-
project_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
OS_INHERIT_projects_groups_roles_inherited_to_projects_role_id:
description: |-
role_id parameter for /v3/OS-INHERIT/projects/{project_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects API
in: path
name: role_id
required: true
schema:
type: string
OS_INHERIT_projects_users_roles_inherited_to_projects_project_id:
description: |-
project_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
OS_INHERIT_projects_users_roles_inherited_to_projects_role_id:
description: |-
role_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API
in: path
name: role_id
required: true
schema:
type: string
OS_INHERIT_projects_users_roles_inherited_to_projects_user_id:
description: |-
user_id parameter for /v3/OS-INHERIT/projects/{project_id}/users/{user_id}/roles/{role_id}/inherited_to_projects API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
OS_OAUTH1_authorize_request_token_id:
description: |-
request_token_id parameter for /v3/OS-OAUTH1/authorize/{request_token_id} API
in: path
name: request_token_id
required: true
schema:
type: string
OS_OAUTH1_consumers_consumer_id:
description: |-
consumer_id parameter for /v3/OS-OAUTH1/consumers/{consumer_id} API
in: path
name: consumer_id
required: true
schema:
type: string
OS_TRUST_trusts_roles_role_id:
description: |-
role_id parameter for /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
OS_TRUST_trusts_roles_trust_id:
description: |-
trust_id parameter for /v3/OS-TRUST/trusts/{trust_id}/roles/{role_id} API
in: path
name: trust_id
required: true
schema:
type: string
OS_TRUST_trusts_trust_id:
description: |-
trust_id parameter for /v3/OS-TRUST/trusts/{trust_id} API
in: path
name: trust_id
required: true
schema:
type: string
OS_TRUST_trusts_trustee_user_id:
description: Represents the user who is capable of consuming the trust.
in: query
name: trustee_user_id
schema:
description: Represents the user who is capable of consuming the trust.
type: string
OS_TRUST_trusts_trustor_user_id:
description: Represents the user who created the trust, and who's
authorization is being delegated.
in: query
name: trustor_user_id
schema:
description: Represents the user who created the trust, and who's
authorization is being delegated.
type: string
X-Auth-Token:
description: A valid authentication token
in: header
name: X-Auth-Token
schema:
format: secret
type: string
X-Subject-Token:
description: |-
The authentication token. An authentication
response returns the token ID in this header rather than in the
response body.
in: header
name: X-Subject-Token
required: true
schema:
format: secret
type: string
auth_OS_FEDERATION_identity_providers_protocols_websso_idp_id:
description: |-
idp_id parameter for /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso API
in: path
name: idp_id
required: true
schema:
type: string
auth_OS_FEDERATION_identity_providers_protocols_websso_protocol_id:
description: |-
protocol_id parameter for /v3/auth/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/websso API
in: path
name: protocol_id
required: true
schema:
type: string
auth_OS_FEDERATION_websso_protocol_id:
description: |-
protocol_id parameter for /v3/auth/OS-FEDERATION/websso/{protocol_id} API
in: path
name: protocol_id
required: true
schema:
type: string
credentials_credential_id:
description: |-
credential_id parameter for /v3/credentials/{credential_id} API
in: path
name: credential_id
required: true
schema:
type: string
credentials_type:
description: The credential type, such as ec2 or cert. The implementation
determines the list of supported types.
in: query
name: type
schema:
description: The credential type, such as ec2 or cert. The
implementation determines the list of supported types.
type: string
credentials_user_id:
description: Filters the response by a user ID.
in: query
name: user_id
schema:
description: Filters the response by a user ID.
type: string
x-openstack:
resource_link: identity/v3/user.id
domains_config_default_group:
description: |-
group parameter for /v3/domains/config/{group}/{option}/default API
in: path
name: group
required: true
schema:
type: string
domains_config_default_option:
description: |-
option parameter for /v3/domains/config/{group}/{option}/default API
in: path
name: option
required: true
schema:
type: string
domains_config_domain_id:
description: |-
domain_id parameter for /v3/domains/{domain_id}/config/{group}/{option} API
in: path
name: domain_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/domain.id
domains_config_group:
description: |-
group parameter for /v3/domains/{domain_id}/config/{group}/{option} API
in: path
name: group
required: true
schema:
type: string
domains_config_option:
description: |-
option parameter for /v3/domains/{domain_id}/config/{group}/{option} API
in: path
name: option
required: true
schema:
type: string
domains_domain_id:
description: |-
domain_id parameter for /v3/domains/{domain_id} API
in: path
name: domain_id
required: true
schema:
type: string
domains_enabled:
description: If set to true, then only domains that are enabled will be
returned, if set to false only that are disabled will be returned. Any
value other than 0, including no value, will be interpreted as true.
in: query
name: enabled
schema:
description: If set to true, then only domains that are enabled will be
returned, if set to false only that are disabled will be returned. Any
value other than 0, including no value, will be interpreted as true.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
domains_groups_roles_domain_id:
description: |-
domain_id parameter for /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} API
in: path
name: domain_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/domain.id
domains_groups_roles_group_id:
description: |-
group_id parameter for /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} API
in: path
name: group_id
required: true
schema:
type: string
domains_groups_roles_role_id:
description: |-
role_id parameter for /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
domains_limit:
in: query
name: limit
schema:
type:
- integer
- string
domains_marker:
description: ID of the last fetched entry
in: query
name: marker
schema:
description: ID of the last fetched entry
type: string
domains_name:
description: The resource name.
in: query
name: name
schema:
description: The resource name.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
domains_users_roles_domain_id:
description: |-
domain_id parameter for /v3/domains/{domain_id}/users/{user_id}/roles/{role_id} API
in: path
name: domain_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/domain.id
domains_users_roles_role_id:
description: |-
role_id parameter for /v3/domains/{domain_id}/users/{user_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
domains_users_roles_user_id:
description: |-
user_id parameter for /v3/domains/{domain_id}/users/{user_id}/roles/{role_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
endpoints_OS_ENDPOINT_POLICY_policy_endpoint_id:
description: |-
endpoint_id parameter for /v3/endpoints/{endpoint_id}/OS-ENDPOINT-POLICY/policy API
in: path
name: endpoint_id
required: true
schema:
type: string
endpoints_endpoint_id:
description: |-
endpoint_id parameter for /v3/endpoints/{endpoint_id} API
in: path
name: endpoint_id
required: true
schema:
type: string
endpoints_interface:
description: 'The interface type, which describes the visibility of the endpoint.
Value is: -public. Visible by end users on a publicly available network interface.
-internal. Visible by end users on an unmetered internal network interface.-admin.
Visible by administrative users on a secure network interface.'
in: query
name: interface
schema:
description: 'The interface type, which describes the visibility of the endpoint.
Value is: -public. Visible by end users on a publicly available network
interface. -internal. Visible by end users on an unmetered internal network
interface.-admin. Visible by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
endpoints_region_id:
description: (Since v3.2) The ID of the region that contains the service
endpoint.
in: query
name: region_id
schema:
description: (Since v3.2) The ID of the region that contains the service
endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
endpoints_service_id:
description: The UUID of the service to which the endpoint belongs
in: query
name: service_id
schema:
description: The UUID of the service to which the endpoint belongs
type: string
group_users_password_expires_at:
description: "Filter results based on which user passwords have expired. The
query should include an operator and a timestamp with a colon (:) separating
the two, for example: `password_expires_at={operator}:{timestamp}`.\nValid
operators are: `lt`, `lte`, `gt`, `gte`, `eq`, and `neq`.\nValid timestamps
are of the form: YYYY-MM-DDTHH:mm:ssZ."
in: query
name: password_expires_at
schema:
format: date-time
type: string
groups_domain_id:
description: The ID of the domain.
in: query
name: domain_id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/domain.id
groups_group_id:
description: |-
group_id parameter for /v3/groups/{group_id} API
in: path
name: group_id
required: true
schema:
type: string
groups_limit:
in: query
name: limit
schema:
type:
- integer
- string
groups_marker:
description: ID of the last fetched entry
in: query
name: marker
schema:
description: ID of the last fetched entry
type: string
groups_name:
description: The resource name.
in: query
name: name
schema:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
groups_sort_dir:
description: Sort direction. A valid value is asc (ascending) or desc
(descending).
in: query
name: sort_dir
schema:
description: Sort direction. A valid value is asc (ascending) or desc
(descending).
enum:
- asc
- desc
type: string
groups_sort_key:
description: Sorts resources by attribute.
in: query
name: sort_key
schema:
description: Sorts resources by attribute.
type: string
groups_users_group_id:
description: |-
group_id parameter for /v3/groups/{group_id}/users/{user_id} API
in: path
name: group_id
required: true
schema:
type: string
groups_users_user_id:
description: |-
user_id parameter for /v3/groups/{group_id}/users/{user_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
limits_domain_id:
description: The ID of the domain.
in: query
name: domain_id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/domain.id
limits_limit_id:
description: |-
limit_id parameter for /v3/limits/{limit_id} API
in: path
name: limit_id
required: true
schema:
type: string
limits_project_id:
description: The ID of the project.
in: query
name: project_id
schema:
description: The ID of the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/project.id
limits_region_id:
description: The ID of the region.
in: query
name: region_id
schema:
description: The ID of the region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
limits_resource_name:
description: The resource name.
in: query
name: resource_name
schema:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
limits_service_id:
description: Filters the response by a service ID.
in: query
name: service_id
schema:
description: Filters the response by a service ID.
format: uuid
type: string
policies_OS_ENDPOINT_POLICY_endpoints_endpoint_id:
description: |-
endpoint_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} API
in: path
name: endpoint_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_endpoints_policy_id:
description: |-
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/endpoints/{endpoint_id} API
in: path
name: policy_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_services_policy_id:
description: |-
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} API
in: path
name: policy_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_services_regions_policy_id:
description: |-
policy_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API
in: path
name: policy_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_services_regions_region_id:
description: |-
region_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API
in: path
name: region_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_services_regions_service_id:
description: |-
service_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id}/regions/{region_id} API
in: path
name: service_id
required: true
schema:
type: string
policies_OS_ENDPOINT_POLICY_services_service_id:
description: |-
service_id parameter for /v3/policies/{policy_id}/OS-ENDPOINT-POLICY/services/{service_id} API
in: path
name: service_id
required: true
schema:
type: string
policies_policy_id:
description: |-
policy_id parameter for /v3/policies/{policy_id} API
in: path
name: policy_id
required: true
schema:
type: string
projects_domain_id:
description: The ID of the domain.
in: query
name: domain_id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/domain.id
projects_enabled:
in: query
name: enabled
schema:
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
projects_groups_roles_group_id:
description: |-
group_id parameter for /v3/projects/{project_id}/groups/{group_id}/roles API
in: path
name: group_id
required: true
schema:
type: string
projects_groups_roles_project_id:
description: |-
project_id parameter for /v3/projects/{project_id}/groups/{group_id}/roles API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
projects_groups_roles_role_id:
description: |-
role_id parameter for /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
projects_is_domain:
in: query
name: is_domain
schema:
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
projects_limit:
in: query
name: limit
schema:
type:
- integer
- string
projects_marker:
description: ID of the last fetched entry
in: query
name: marker
schema:
description: ID of the last fetched entry
type: string
projects_name:
description: The resource name.
in: query
name: name
schema:
description: The resource name.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
projects_not-tags:
in: query
name: not-tags
schema:
type: string
x-openstack:
openapi:
explode: false
schema:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
type: array
style: form
projects_not-tags-any:
in: query
name: not-tags-any
schema:
type: string
x-openstack:
openapi:
explode: false
schema:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
type: array
style: form
projects_parent_id:
in: query
name: parent_id
schema:
format: uuid
type: string
projects_project_id:
description: |-
project_id parameter for /v3/projects/{project_id} API
in: path
name: project_id
required: true
schema:
type: string
projects_tags:
in: query
name: tags
schema:
type: string
x-openstack:
openapi:
explode: false
schema:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
type: array
style: form
projects_tags-any:
in: query
name: tags-any
schema:
type: string
x-openstack:
openapi:
explode: false
schema:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
type: array
style: form
projects_tags_project_id:
description: |-
project_id parameter for /v3/projects/{project_id}/tags/{value} API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
projects_tags_value:
description: |-
value parameter for /v3/projects/{project_id}/tags/{value} API
in: path
name: value
required: true
schema:
type: string
projects_users_roles_project_id:
description: |-
project_id parameter for /v3/projects/{project_id}/users/{user_id}/roles API
in: path
name: project_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/project.id
projects_users_roles_role_id:
description: |-
role_id parameter for /v3/projects/{project_id}/users/{user_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
projects_users_roles_user_id:
description: |-
user_id parameter for /v3/projects/{project_id}/users/{user_id}/roles API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
regions_parent_region_id:
description: The ID of the region.
in: query
name: parent_region_id
schema:
description: The ID of the region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
regions_region_id:
description: |-
region_id parameter for /v3/regions/{region_id} API
in: path
name: region_id
required: true
schema:
type: string
registered_limits_region_id:
description: The ID of the region.
in: query
name: region_id
schema:
description: The ID of the region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
registered_limits_registered_limit_id:
description: |-
registered_limit_id parameter for /v3/registered_limits/{registered_limit_id} API
in: path
name: registered_limit_id
required: true
schema:
type: string
registered_limits_resource_name:
description: The resource name.
in: query
name: resource_name
schema:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
registered_limits_service_id:
description: Filters the response by a service ID.
in: query
name: service_id
schema:
description: Filters the response by a service ID.
format: uuid
type: string
role_assignments_effective:
in: query
name: effective
schema:
type: string
role_assignments_group.id:
in: query
name: group.id
schema:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
role_assignments_include_names:
in: query
name: include_names
schema:
type: string
role_assignments_include_subtree:
in: query
name: include_subtree
schema:
type: string
role_assignments_role.id:
in: query
name: role.id
schema:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
role_assignments_scope.OS-INHERIT_inherited_to:
in: query
name: scope.OS-INHERIT:inherited_to
schema:
type: string
role_assignments_scope.domain.id:
description: The ID of the domain.
in: query
name: scope.domain.id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
role_assignments_scope.project.id:
description: The ID of the project.
in: query
name: scope.project.id
schema:
description: The ID of the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
role_assignments_scope.system:
in: query
name: scope.system
schema:
type: string
role_assignments_user.id:
description: The ID of the user.
in: query
name: user.id
schema:
description: The ID of the user.
type: string
roles_domain_id:
description: The ID of the domain.
in: query
name: domain_id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/domain.id
roles_implies_implied_role_id:
description: |-
implied_role_id parameter for /v3/roles/{prior_role_id}/implies/{implied_role_id} API
in: path
name: implied_role_id
required: true
schema:
type: string
roles_implies_prior_role_id:
description: |-
prior_role_id parameter for /v3/roles/{prior_role_id}/implies/{implied_role_id} API
in: path
name: prior_role_id
required: true
schema:
type: string
roles_name:
description: The resource name.
in: query
name: name
schema:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
roles_role_id:
description: |-
role_id parameter for /v3/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
services_service_id:
description: |-
service_id parameter for /v3/services/{service_id} API
in: path
name: service_id
required: true
schema:
type: string
services_type:
description: Filters the response by a domain ID.
in: query
name: service
schema:
type: string
system_groups_roles_group_id:
description: |-
group_id parameter for /v3/system/groups/{group_id}/roles/{role_id} API
in: path
name: group_id
required: true
schema:
type: string
system_groups_roles_role_id:
description: |-
role_id parameter for /v3/system/groups/{group_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
system_users_roles_role_id:
description: |-
role_id parameter for /v3/system/users/{user_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
system_users_roles_user_id:
description: |-
user_id parameter for /v3/system/users/{user_id}/roles/{role_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_OS_OAUTH1_access_tokens_access_token_id:
description: |-
access_token_id parameter for /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id} API
in: path
name: access_token_id
required: true
schema:
type: string
users_OS_OAUTH1_access_tokens_roles_access_token_id:
description: |-
access_token_id parameter for /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id} API
in: path
name: access_token_id
required: true
schema:
type: string
users_OS_OAUTH1_access_tokens_roles_role_id:
description: |-
role_id parameter for /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id} API
in: path
name: role_id
required: true
schema:
type: string
users_OS_OAUTH1_access_tokens_roles_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id}/roles/{role_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_OS_OAUTH1_access_tokens_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/OS-OAUTH1/access_tokens/{access_token_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_access_rules_access_rule_id:
description: |-
access_rule_id parameter for /v3/users/{user_id}/access_rules/{access_rule_id} API
in: path
name: access_rule_id
required: true
schema:
type: string
users_access_rules_method:
description: The request method that the application credential is
permitted to use for a given API endpoint.
in: query
name: method
schema:
description: The request method that the application credential is
permitted to use for a given API endpoint.
type: string
users_access_rules_path:
description: The API path that the application credential is permitted to
access.
in: query
name: path
schema:
description: The API path that the application credential is permitted
to access.
type: string
users_access_rules_service:
description: The service type identifier for the service that the
application is permitted to access.
in: query
name: service
schema:
description: The service type identifier for the service that the
application is permitted to access.
type: string
users_access_rules_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/access_rules/{access_rule_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_application_credentials_application_credential_id:
description: |-
application_credential_id parameter for /v3/users/{user_id}/application_credentials/{application_credential_id} API
in: path
name: application_credential_id
required: true
schema:
type: string
users_application_credentials_name:
description: The name of the application credential. Must be unique to a
user.
in: query
name: name
schema:
description: The name of the application credential. Must be unique to a
user.
type: string
users_application_credentials_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/application_credentials/{application_credential_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_credentials_OS_EC2_credential_id:
description: |-
credential_id parameter for /v3/users/{user_id}/credentials/OS-EC2/{credential_id} API
in: path
name: credential_id
required: true
schema:
type: string
users_credentials_OS_EC2_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/credentials/OS-EC2/{credential_id} API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_domain_id:
description: The ID of the domain.
in: query
name: domain_id
schema:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
x-openstack:
resource_link: identity/v3/domain.id
users_enabled:
description: Whether the identity provider is enabled or not
in: query
name: enabled
schema:
description: Whether the identity provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
users_groups_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/groups API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_idp_id:
description: Filters the response by an identity provider ID.
in: query
name: idp_id
schema:
description: Filters the response by an identity provider ID.
type: string
users_limit:
in: query
name: limit
schema:
type:
- integer
- string
users_marker:
description: ID of the last fetched entry
in: query
name: marker
schema:
description: ID of the last fetched entry
type: string
users_name:
description: The resource name.
in: query
name: name
schema:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
users_password_expires_at:
description: "Filter results based on which user passwords have expired. The
query should include an operator and a timestamp with a colon (:) separating
the two, for example: `password_expires_at={operator}:{timestamp}`\nValid
operators are: lt, lte, gt, gte, eq, and neq\n - lt: expiration time lower
than the timestamp\n - lte: expiration time lower than or equal to the timestamp\n\
\ - gt: expiration time higher than the timestamp\n - gte: expiration time
higher than or equal to the timestamp\n - eq: expiration time equal to the
timestamp\n - neq: expiration time not equal to the timestamp\n\nValid timestamps
are of the form: `YYYY-MM-DDTHH:mm:ssZ`.For example:`/v3/users?password_expires_at=lt:2016-12-08T22:02:00Z`\n\
The example would return a list of users whose password expired before the
timestamp `(2016-12-08T22:02:00Z).`"
in: query
name: password_expires_at
schema:
description: "Filter results based on which user passwords have expired. The
query should include an operator and a timestamp with a colon (:) separating
the two, for example: `password_expires_at={operator}:{timestamp}`\nValid
operators are: lt, lte, gt, gte, eq, and neq\n - lt: expiration time lower
than the timestamp\n - lte: expiration time lower than or equal to the
timestamp\n - gt: expiration time higher than the timestamp\n - gte: expiration
time higher than or equal to the timestamp\n - eq: expiration time equal
to the timestamp\n - neq: expiration time not equal to the timestamp\n\n\
Valid timestamps are of the form: `YYYY-MM-DDTHH:mm:ssZ`.For example:`/v3/users?password_expires_at=lt:2016-12-08T22:02:00Z`\n\
The example would return a list of users whose password expired before the
timestamp `(2016-12-08T22:02:00Z).`"
type: string
users_password_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/password API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_projects_user_id:
description: |-
user_id parameter for /v3/users/{user_id}/projects API
in: path
name: user_id
required: true
schema:
type: string
x-openstack:
resource_link: identity/v3/user.id
users_protocol_id:
description: Filters the response by a protocol ID.
in: query
name: protocol_id
schema:
description: Filters the response by a protocol ID.
type: string
users_sort_dir:
description: Sort direction. A valid value is asc (ascending) or desc
(descending).
in: query
name: sort_dir
schema:
description: Sort direction. A valid value is asc (ascending) or desc
(descending).
enum:
- asc
- desc
type: string
users_sort_key:
description: Sorts resources by attribute.
in: query
name: sort_key
schema:
description: Sorts resources by attribute.
type: string
users_unique_id:
description: Filters the response by a unique ID.
in: query
name: unique_id
schema:
description: Filters the response by a unique ID.
type: string
users_user_id:
description: |-
user_id parameter for /v3/users/{user_id} API
in: path
name: user_id
required: true
schema:
type: string
schemas:
AuthCatalogGetResponse:
properties:
catalog:
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
type: object
AuthDomainsGetResponse:
properties:
domains:
items:
properties:
description:
description: |-
The description of the domain.
type: string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
type: boolean
id:
description: |-
The ID of the domain.
format: uuid
type: string
links:
description: |-
The links to the `domain` resource.
items:
description: Links to the resources in question. See [API
Guide / Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
name:
description: |-
The name of the domain.
type: string
type: object
type: array
links:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
items:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
type: object
AuthOs_FederationIdentity_ProvidersProtocolsWebssoGetResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
AuthOs_FederationIdentity_ProvidersProtocolsWebssoPostResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
AuthOs_FederationSaml2EcpGetResponse:
description: Response of the auth/OS-FEDERATION/saml2/ecp:get operation
type: object
AuthOs_FederationSaml2EcpPostRequest:
definitions:
user_domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
properties:
auth:
description: |-
An `auth` object.
properties:
identity:
description: |-
An `identity` object.
properties:
application_credential:
description: An application credential object.
properties:
id:
description: The ID of the application credential used for
authentication. If not provided, the application
credential must be identified by its name and its owning
user.
type: string
name:
description: The name of the application credential used
for authentication. If provided, must be accompanied by
a user object.
type: string
secret:
description: The secret for authenticating the application
credential.
format: password
type: string
user:
description: A user object, required if an application
credential is identified by name and not ID.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
type: object
required:
- secret
type: object
methods:
description: |-
The authentication method. For password
authentication, specify `password`.
items:
enum:
- application_credential
- password
- token
- totp
type: string
type: array
password:
description: |-
The `password` object, contains the authentication information.
properties:
user:
description: |-
A `user` object.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: |-
The ID of the user. Required if you do not
specify the user name.
type: string
name:
description: |-
The user name. Required if you do not specify
the ID of the user. If you specify the user name, you must also
specify the domain, by ID or name.
type: string
password:
description: User Password
format: password
type: string
type: object
type: object
token:
description: A `token` object
properties:
id:
description: Authorization Token value
format: password
type: string
required:
- id
type: object
totp:
description: Multi Factor Authentication information
properties:
user:
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
passcode:
description: MFA passcode
format: password
type: string
required:
- passcode
type: object
required:
- user
type: object
required:
- methods
type: object
scope:
description: The authorization scope, including the system (Since
v3.10), a project, or a domain (Since v3.4). If multiple scopes
are specified in the same request (e.g. project and domain or
domain and system) an HTTP 400 Bad Request will be returned, as
a token cannot be simultaneously scoped to multiple
authorization targets. An ID is sufficient to uniquely identify
a project but if a project is specified by name, then the domain
of the project must also be specified in order to uniquely
identify the project by name. A domain scope may be specified by
either the domain’s ID or name with equivalent results.
properties:
OS-TRUST:trust:
properties:
id:
type: string
type: object
domain:
properties:
id:
description: Domain id
type: string
name:
description: Domain name
type: string
type: object
project:
properties:
domain:
properties:
id:
description: Project domain Id
type: string
name:
description: Project domain Name
type: string
type: object
id:
description: Project Id
type: string
name:
description: Project Name
type: string
type: object
system:
properties:
all:
type: boolean
type: object
type: object
required:
- identity
type: object
type: object
AuthOs_FederationSaml2EcpPostResponse:
description: SAML assertion in XML format
format: xml
type: string
AuthOs_FederationSaml2GetResponse:
description: Response of the auth/OS-FEDERATION/saml2:get operation
type: object
AuthOs_FederationSaml2PostRequest:
definitions:
user_domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
properties:
auth:
description: |-
An `auth` object.
properties:
identity:
description: |-
An `identity` object.
properties:
application_credential:
description: An application credential object.
properties:
id:
description: The ID of the application credential used for
authentication. If not provided, the application
credential must be identified by its name and its owning
user.
type: string
name:
description: The name of the application credential used
for authentication. If provided, must be accompanied by
a user object.
type: string
secret:
description: The secret for authenticating the application
credential.
format: password
type: string
user:
description: A user object, required if an application
credential is identified by name and not ID.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
type: object
required:
- secret
type: object
methods:
description: |-
The authentication method. For password
authentication, specify `password`.
items:
enum:
- application_credential
- password
- token
- totp
type: string
type: array
password:
description: |-
The `password` object, contains the authentication information.
properties:
user:
description: |-
A `user` object.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: |-
The ID of the user. Required if you do not
specify the user name.
type: string
name:
description: |-
The user name. Required if you do not specify
the ID of the user. If you specify the user name, you must also
specify the domain, by ID or name.
type: string
password:
description: User Password
format: password
type: string
type: object
type: object
token:
description: A `token` object
properties:
id:
description: Authorization Token value
format: password
type: string
required:
- id
type: object
totp:
description: Multi Factor Authentication information
properties:
user:
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
passcode:
description: MFA passcode
format: password
type: string
required:
- passcode
type: object
required:
- user
type: object
required:
- methods
type: object
scope:
description: The authorization scope, including the system (Since
v3.10), a project, or a domain (Since v3.4). If multiple scopes
are specified in the same request (e.g. project and domain or
domain and system) an HTTP 400 Bad Request will be returned, as
a token cannot be simultaneously scoped to multiple
authorization targets. An ID is sufficient to uniquely identify
a project but if a project is specified by name, then the domain
of the project must also be specified in order to uniquely
identify the project by name. A domain scope may be specified by
either the domain’s ID or name with equivalent results.
properties:
OS-TRUST:trust:
properties:
id:
type: string
type: object
domain:
properties:
id:
description: Domain id
type: string
name:
description: Domain name
type: string
type: object
project:
properties:
domain:
properties:
id:
description: Project domain Id
type: string
name:
description: Project domain Name
type: string
type: object
id:
description: Project Id
type: string
name:
description: Project Name
type: string
type: object
system:
properties:
all:
type: boolean
type: object
type: object
required:
- identity
type: object
type: object
AuthOs_FederationSaml2PostResponse:
description: SAML assertion in XML format
format: xml
type: string
AuthOs_FederationWebssoGetResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
AuthOs_FederationWebssoPostResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
AuthProjectsGetResponse:
properties:
links:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
items:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
projects:
items:
properties:
domain_id:
description: |-
The ID of the domain for the project.
format: uuid
type: string
enabled:
description: |-
If set to `true`, project is enabled. If set to
`false`, project is disabled.
type: boolean
id:
description: |-
The ID for the project.
format: uuid
type: string
links:
description: |-
The links for the `project` resource.
items:
description: Links to the resources in question. See [API
Guide / Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
name:
description: |-
The name of the project.
type: string
type: object
type: array
type: object
AuthReceiptSchema:
properties:
receipt:
properties:
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
required_auth_methods:
description: A list of authentication rules that may be used with the
auth receipt to complete the authentication process.
items:
type: string
type: array
type: object
AuthSystemGetResponse:
properties:
system:
description: |-
A list of systems to access based on role assignments.
items:
additionalProperties:
type: boolean
type: object
type: array
type: object
AuthTokensGetResponse:
properties:
token:
description: |-
A `token` object.
properties:
audit_ids:
description: |-
A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for the
token. The second audit ID is present for only re-scoped tokens
and is the audit ID from the token before it was re-scoped. A re-
scoped token is one that was exchanged for another token of the
same or different scope. You can use these audit IDs to track the
use of a token or chain of tokens across multiple requests and
endpoints without exposing the token ID to non-privileged users.
items:
type: string
type: array
catalog:
description: |-
A `catalog` object.
items:
properties:
endpoints:
items:
properties:
id:
description: |-
The ID of the user. Required if you do not
specify the user name.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The user name. Required if you do not specify
the ID of the user. If you specify the user name, you must also
specify the domain, by ID or name.
type: string
type:
description: The service type, which describes the API
implemented by the service
type: string
type: object
type: array
domain:
description: A domain object including the id and name
representing the domain the token is scoped to. This is only
included in tokens that are scoped to a domain.
properties:
id:
description: A domain UUID
format: uuid
type: string
name:
description: A domain name
type: string
type: object
expires_at:
description: |-
The date and time when the token expires.
The date and time stamp format is [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601):
```
CCYY-MM-DDThh:mm:ss.sssZ
```
For example, `2015-08-27T09:49:58.000000Z`.
A `null` value indicates that the token never expires.
format: date-time
type: string
is_domain:
type: boolean
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: |-
The authentication methods, which are commonly `password`,
`token`, or other methods. Indicates the accumulated set of
authentication methods that were used to obtain the token. For
example, if the token was obtained by password authentication, it
contains `password`. Later, if the token is exchanged by using
the token authentication method one or more times, the
subsequently created tokens contain both `password` and
`token` in their `methods` attribute. Unlike multi-factor
authentication, the `methods` attribute merely indicates the
methods that were used to authenticate the user in exchange for a
token. The client is responsible for determining the total number
of authentication factors.
items:
type: string
type: array
project:
description: |-
A `project` object including the `id`, `name` and `domain` object
representing the project the token is scoped to. This is only included in
tokens that are scoped to a project.
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
roles:
description: |-
A list of `role` objects
items:
properties:
id:
description: A role UUID
format: uuid
type: string
name:
description: A role name
type: string
type: object
type: array
system:
additionalProperties:
type: boolean
description: |-
A `system` object containing information about which parts of the system
the token is scoped to. If the token is scoped to the entire deployment
system, the `system` object will consist of `{"all": true}`. This is
only included in tokens that are scoped to the system.
type: object
user:
description: |-
A `user` object.
properties:
OS-FEDERATION:
type: object
domain:
description: |-
A `domain` object including the `id` and `name` representing the
domain the token is scoped to. This is only included in tokens that are
scoped to a domain.
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
AuthTokensOs_PkiRevokedGetResponse:
description: Response of the auth/tokens/OS-PKI/revoked:get operation
type: object
AuthTokensPostRequest:
definitions:
user_domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
properties:
auth:
description: |-
An `auth` object.
properties:
identity:
description: |-
An `identity` object.
properties:
application_credential:
description: An application credential object.
properties:
id:
description: The ID of the application credential used for
authentication. If not provided, the application
credential must be identified by its name and its owning
user.
type: string
name:
description: The name of the application credential used
for authentication. If provided, must be accompanied by
a user object.
type: string
secret:
description: The secret for authenticating the application
credential.
format: password
type: string
user:
description: A user object, required if an application
credential is identified by name and not ID.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
type: object
required:
- secret
type: object
methods:
description: |-
The authentication method. For password
authentication, specify `password`.
items:
enum:
- application_credential
- password
- token
- totp
type: string
type: array
password:
description: |-
The `password` object, contains the authentication information.
properties:
user:
description: |-
A `user` object.
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: |-
The ID of the user. Required if you do not
specify the user name.
type: string
name:
description: |-
The user name. Required if you do not specify
the ID of the user. If you specify the user name, you must also
specify the domain, by ID or name.
type: string
password:
description: User Password
format: password
type: string
type: object
type: object
token:
description: A `token` object
properties:
id:
description: Authorization Token value
format: password
type: string
required:
- id
type: object
totp:
description: Multi Factor Authentication information
properties:
user:
properties:
domain:
description: |-
A `domain` object
properties:
id:
description: User Domain ID
type: string
name:
description: User Domain Name
type: string
type: object
id:
description: The user ID
type: string
name:
description: The user name
type: string
passcode:
description: MFA passcode
format: password
type: string
required:
- passcode
type: object
required:
- user
type: object
required:
- methods
type: object
scope:
description: The authorization scope, including the system (Since
v3.10), a project, or a domain (Since v3.4). If multiple scopes
are specified in the same request (e.g. project and domain or
domain and system) an HTTP 400 Bad Request will be returned, as
a token cannot be simultaneously scoped to multiple
authorization targets. An ID is sufficient to uniquely identify
a project but if a project is specified by name, then the domain
of the project must also be specified in order to uniquely
identify the project by name. A domain scope may be specified by
either the domain’s ID or name with equivalent results.
properties:
OS-TRUST:trust:
properties:
id:
type: string
type: object
domain:
properties:
id:
description: Domain id
type: string
name:
description: Domain name
type: string
type: object
project:
properties:
domain:
properties:
id:
description: Project domain Id
type: string
name:
description: Project domain Name
type: string
type: object
id:
description: Project Id
type: string
name:
description: Project Name
type: string
type: object
system:
properties:
all:
type: boolean
type: object
type: object
required:
- identity
type: object
type: object
AuthTokensPostResponse:
properties:
token:
description: |-
A `token` object.
properties:
audit_ids:
description: |-
A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for the
token. The second audit ID is present for only re-scoped tokens
and is the audit ID from the token before it was re-scoped. A re-
scoped token is one that was exchanged for another token of the
same or different scope. You can use these audit IDs to track the
use of a token or chain of tokens across multiple requests and
endpoints without exposing the token ID to non-privileged users.
items:
type: string
type: array
catalog:
description: |-
A `catalog` object.
items:
properties:
endpoints:
items:
properties:
id:
description: |-
The ID of the user. Required if you do not
specify the user name.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The user name. Required if you do not specify
the ID of the user. If you specify the user name, you must also
specify the domain, by ID or name.
type: string
type:
description: The service type, which describes the API
implemented by the service
type: string
type: object
type: array
domain:
description: A domain object including the id and name
representing the domain the token is scoped to. This is only
included in tokens that are scoped to a domain.
properties:
id:
description: A domain UUID
format: uuid
type: string
name:
description: A domain name
type: string
type: object
expires_at:
description: |-
The date and time when the token expires.
The date and time stamp format is [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601):
```
CCYY-MM-DDThh:mm:ss.sssZ
```
For example, `2015-08-27T09:49:58.000000Z`.
A `null` value indicates that the token never expires.
format: date-time
type: string
is_domain:
type: boolean
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: |-
The authentication methods, which are commonly `password`,
`token`, or other methods. Indicates the accumulated set of
authentication methods that were used to obtain the token. For
example, if the token was obtained by password authentication, it
contains `password`. Later, if the token is exchanged by using
the token authentication method one or more times, the
subsequently created tokens contain both `password` and
`token` in their `methods` attribute. Unlike multi-factor
authentication, the `methods` attribute merely indicates the
methods that were used to authenticate the user in exchange for a
token. The client is responsible for determining the total number
of authentication factors.
items:
type: string
type: array
project:
description: |-
A `project` object including the `id`, `name` and `domain` object
representing the project the token is scoped to. This is only included in
tokens that are scoped to a project.
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
roles:
description: |-
A list of `role` objects
items:
properties:
id:
description: A role UUID
format: uuid
type: string
name:
description: A role name
type: string
type: object
type: array
system:
additionalProperties:
type: boolean
description: |-
A `system` object containing information about which parts of the system
the token is scoped to. If the token is scoped to the entire deployment
system, the `system` object will consist of `{"all": true}`. This is
only included in tokens that are scoped to the system.
type: object
user:
description: |-
A `user` object.
properties:
OS-FEDERATION:
type: object
domain:
description: |-
A `domain` object including the `id` and `name` representing the
domain the token is scoped to. This is only included in tokens that are
scoped to a domain.
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
CredentialGetResponse:
additionalProperties: false
description: A credential object.
properties:
credential:
additionalProperties: true
description: |-
A `credential` object.
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
id:
description: |-
The UUID for the credential.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
type: object
type: object
CredentialPatch:
description: A credential object.
properties:
credential:
additionalProperties: true
description: |-
A `credential` object.
minProperties: 1
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
type: object
required:
- credential
type: object
CredentialPatchResponse:
additionalProperties: false
description: A credential object.
properties:
credential:
additionalProperties: true
description: |-
A `credential` object.
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
id:
description: |-
The UUID for the credential.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
type: object
type: object
CredentialsGetResponse:
additionalProperties: false
properties:
credentials:
description: |-
A list of `credential` objects.
items:
additionalProperties: true
description: |-
A `credential` object.
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
id:
description: |-
The UUID for the credential.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
CredentialsPost:
description: A credential object.
properties:
credential:
additionalProperties: true
description: |-
A `credential` object.
if:
properties:
type:
const: ec2
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
id:
description: The UUID for the credential.
type: string
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
required:
- blob
- type
- user_id
then:
required:
- blob
- project_id
- type
- user_id
title: ec2 credential requires project_id
type: object
required:
- credential
type: object
CredentialsPostResponse:
additionalProperties: false
description: A credential object.
properties:
credential:
additionalProperties: true
description: |-
A `credential` object.
properties:
blob:
description: |-
The credential itself, as a serialized blob.
type: string
id:
description: |-
The UUID for the credential.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
type:
- 'null'
- string
type:
description: |-
The credential type, such as `ec2` or `cert`.
The implementation determines the list of supported types.
type: string
user_id:
description: |-
The ID of the user who owns the credential.
type: string
type: object
type: object
DomainConfig:
properties:
config:
additionalProperties:
additionalProperties: true
type: object
description: |-
A `config` object.
type: object
type: object
DomainConfigGroup:
properties:
config:
additionalProperties:
additionalProperties: true
type: object
description: |-
A `config` object.
maxProperties: 1
type: object
type: object
DomainConfigGroupOption:
properties:
config:
additionalProperties: true
description: |-
A `config` object.
maxProperties: 1
type: object
type: object
DomainGetResponse:
additionalProperties: false
properties:
domain:
additionalProperties: false
description: |-
A `domain` object
properties:
description:
description: |-
The description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID of the domain.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
required:
- domain
type: object
DomainPatch:
additionalProperties: false
properties:
domain:
description: |-
A `domain` object
minProperties: 1
properties:
description:
description: |-
The new description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled. The default is `true`.
Users can only authorize against an enabled domain (and any of its
projects). In addition, users can only authenticate if the domain that owns
them is also enabled. Disabling a domain prevents both of these things.
When you disable a domain, all tokens that are authorized for that domain
become invalid. However, if you reenable the domain, these tokens become
valid again, providing that they haven’t expired.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
name:
description: |-
The new name of the domain.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the domain. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
required:
- domain
type: object
DomainPatchResponse:
additionalProperties: false
properties:
domain:
additionalProperties: false
description: |-
A `domain` object
properties:
description:
description: |-
The description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID of the domain.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
required:
- domain
type: object
DomainsGetResponse:
additionalProperties: false
properties:
domains:
description: |-
A list of `domain` objects
items:
additionalProperties: false
description: |-
A `domain` object
properties:
description:
description: |-
The description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID of the domain.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
DomainsPost:
additionalProperties: false
properties:
domain:
description: |-
A `domain` object
properties:
description:
description: |-
The description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is created enabled. If set to
`false`, domain is created disabled. The default is `true`.
Users can only authorize against an enabled domain (and any of its
projects). In addition, users can only authenticate if the domain that owns
them is also enabled. Disabling a domain prevents both of these things.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
explicit_domain_id:
description: |-
The ID of the domain. A domain created this way will not use an
auto-generated ID, but will use the ID passed in instead. Identifiers passed
in this way must conform to the existing ID generation scheme: UUID4 without
dashes.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
name:
description: |-
The name of the domain.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the domain. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
required:
- name
type: object
required:
- domain
type: object
DomainsPostResponse:
additionalProperties: false
properties:
domain:
additionalProperties: false
description: |-
A `domain` object
properties:
description:
description: |-
The description of the domain.
maxLength: 255
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID of the domain.
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
required:
- domain
type: object
Ec2TokensGetResponse:
description: Response of the ec2tokens:get operation
type: object
Ec2TokensPostRequest:
description: Request of the ec2tokens:post operation
type: object
x-openstack:
action-name: POST
Ec2TokensPostResponse:
description: Response of the ec2tokens:post operation
type: object
Endpoint:
properties:
endpoint:
description: |-
An `endpoint` object.
properties:
enabled:
description: |-
Indicates whether the endpoint appears in the
service catalog: - `false`. The endpoint does not appear in the
service catalog. - `true`. The endpoint appears in the service
catalog.
type: boolean
id:
description: |-
The endpoint ID.
format: uuid
readOnly: true
type: string
interface:
description: |-
The interface type, which describes the
visibility of the endpoint. Value is: - `public`. Visible by
end users on a publicly available network interface. -
`internal`. Visible by end users on an unmetered internal
network interface. - `admin`. Visible by administrative users
on a secure network interface.
enum:
- admin
- internal
- public
type: string
region:
description: |-
(Deprecated in v3.2) The geographic location of
the service endpoint.
type: string
x-openstack:
max-ver: '3.2'
region_id:
description: |-
(Since v3.2) The ID of the region that contains
the service endpoint.
format: uuid
type: string
x-openstack:
min-ver: '3.2'
service_id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
url:
description: |-
The endpoint URL.
format: uri
type: string
type: object
type: object
EndpointPatch:
additionalProperties: false
description: An endpoint object
properties:
endpoint:
additionalProperties: true
description: |-
An `endpoint` object.
minProperties: 1
properties:
description:
description: |-
The endpoint description. It is returned only when set on the
resource.
type:
- 'null'
- string
enabled:
description: Indicates whether the endpoint appears in the service
catalog -false. The endpoint does not appear in the service
catalog. -true. The endpoint appears in the service catalog.
type: boolean
interface:
description: |-
The interface type, which describes the
visibility of the endpoint. Value is: - `public`. Visible by
end users on a publicly available network interface. -
`internal`. Visible by end users on an unmetered internal
network interface. - `admin`. Visible by administrative users
on a secure network interface.
enum:
- admin
- internal
- public
type: string
name:
description: |-
(Deprecated) The endpoint name. The field will only be returned in responses
when set on the resource.
This field is deprecated as it provides no value. Endpoints are better
described by the combination of service, region and interface they describe
or by their ID.
type: string
region:
description: |-
(Deprecated in v3.2) The geographic location of
the service endpoint.
type:
- 'null'
- string
x-openstack:
max-ver: 3.2
region_id:
description: (Since v3.2) The ID of the region that contains the
service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: |-
The UUID of the service to which the endpoint
belongs.
type: string
url:
description: |-
The endpoint URL.
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
required:
- endpoint
type: object
EndpointsGetResponse:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
description: |-
An `endpoint` object.
properties:
enabled:
description: |-
Indicates whether the endpoint appears in the
service catalog: - `false`. The endpoint does not appear in the
service catalog. - `true`. The endpoint appears in the service
catalog.
type: boolean
id:
description: |-
The endpoint ID.
format: uuid
readOnly: true
type: string
interface:
description: |-
The interface type, which describes the
visibility of the endpoint. Value is: - `public`. Visible by
end users on a publicly available network interface. -
`internal`. Visible by end users on an unmetered internal
network interface. - `admin`. Visible by administrative users
on a secure network interface.
enum:
- admin
- internal
- public
type: string
region:
description: |-
(Deprecated in v3.2) The geographic location of
the service endpoint.
type: string
x-openstack:
max-ver: '3.2'
region_id:
description: |-
(Since v3.2) The ID of the region that contains
the service endpoint.
format: uuid
type: string
x-openstack:
min-ver: '3.2'
service_id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
url:
description: |-
The endpoint URL.
format: uri
type: string
type: object
type: array
type: object
EndpointsOs_Endpoint_PolicyPolicyGetResponse:
description: Response of the
endpoints/endpoint_id/OS-ENDPOINT-POLICY/policy:get operation
type: object
EndpointsPost:
additionalProperties: false
description: An endpoint object
properties:
endpoint:
additionalProperties: true
description: |-
An `endpoint` object.
properties:
description:
description: |-
The endpoint description. It is returned only when set on the
resource.
type:
- 'null'
- string
enabled:
description: |-
Defines whether the endpoint appears in the
service catalog: - `false`. The endpoint does not appear in the
service catalog. - `true`. The endpoint appears in the service
catalog. Default is `true`.
type: boolean
id:
description: The endpoint ID.
type: string
interface:
description: |-
The interface type, which describes the
visibility of the endpoint. Value is: - `public`. Visible by
end users on a publicly available network interface. -
`internal`. Visible by end users on an unmetered internal
network interface. - `admin`. Visible by administrative users
on a secure network interface.
enum:
- admin
- internal
- public
type: string
name:
description: |-
(Deprecated) The endpoint name. The field will only be returned in responses
when set on the resource.
This field is deprecated as it provides no value. Endpoints are better
described by the combination of service, region and interface they describe
or by their ID.
type: string
region:
description: (Deprecated in v3.2) The geographic location of the
service endpoint.
type:
- 'null'
- string
x-openstack:
max-ver: 3.2
region_id:
description: |-
(Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: |-
The UUID of the service to which the endpoint
belongs.
type: string
url:
description: |-
The endpoint URL.
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
required:
- interface
- service_id
- url
type: object
type: object
GroupGetResponse:
additionalProperties: false
properties:
group:
additionalProperties: true
description: |-
A `group` object
properties:
description:
description: |-
The description of the group.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
id:
description: |-
The ID of the group.
type: string
name:
description: |-
The name of the group.
type: string
type: object
required:
- group
type: object
GroupPatch:
additionalProperties: false
properties:
group:
additionalProperties: true
description: |-
A `group` object
minProperties: 1
properties:
description:
description: |-
The new description of the group.
type:
- 'null'
- string
name:
description: |-
The new name of the group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
required:
- group
type: object
GroupPatchResponse:
additionalProperties: false
properties:
group:
additionalProperties: true
description: |-
A `group` object
properties:
description:
description: |-
The description of the group.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
id:
description: |-
The ID of the group.
type: string
name:
description: |-
The name of the group.
type: string
type: object
required:
- group
type: object
GroupsGetResponse:
additionalProperties: false
properties:
groups:
description: |-
A list of `group` objects
items:
additionalProperties: true
description: |-
A `group` object
properties:
description:
description: |-
The description of the group.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
id:
description: |-
The ID of the group.
type: string
name:
description: |-
The name of the group.
type: string
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
required:
- groups
type: object
GroupsPost:
additionalProperties: false
properties:
group:
additionalProperties: true
description: |-
A `group` object
properties:
description:
description: |-
The description of the group.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain of the group. If the domain ID is not
provided in the request, the Identity service will attempt to
pull the domain ID from the token used in the request. Note that
this requires the use of a domain-scoped token.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
name:
description: |-
The name of the group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
required:
- name
type: object
required:
- group
type: object
GroupsPostResponse:
additionalProperties: false
properties:
group:
additionalProperties: true
description: |-
A `group` object
properties:
description:
description: |-
The description of the group.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
id:
description: |-
The ID of the group.
type: string
name:
description: |-
The name of the group.
type: string
type: object
required:
- group
type: object
GroupsUsersGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
users:
description: |-
A list of `user` objects
items:
additionalProperties: true
description: |-
A `user` object
properties:
default_project_id:
description: |-
The ID of the default project for the user.
type:
- 'null'
- string
description:
description: The user description
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
type: boolean
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": "mapped", "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
description: The Identity Provider ID of the federated
user
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
id:
description: |-
The user ID.
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The user name. Must be unique within the owning domain.
type: string
options:
additionalProperties: false
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password_expires_at:
description: |-
The date and time when the password expires. The time zone
is UTC.
This is a response object attribute; not valid for requests.
A `null` value indicates that the password never expires.
**New in version 3.7**
format: date-time
type:
- 'null'
- string
required:
- domain_id
- enabled
- id
- name
type: object
type: array
type: object
LimitGetResponse:
additionalProperties: false
properties:
limit:
additionalProperties: false
description: |-
A `limit` object
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the limit belongs.
format: uuid
type: string
type: object
type: object
LimitPatch:
additionalProperties: false
properties:
limit:
additionalProperties: false
description: |-
A `limit` object
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
type: object
required:
- limit
type: object
LimitPatchResponse:
additionalProperties: false
properties:
limit:
additionalProperties: false
description: |-
A `limit` object
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the limit belongs.
format: uuid
type: string
type: object
type: object
LimitsGetResponse:
additionalProperties: false
properties:
limits:
description: |-
A list of `limits` objects
items:
additionalProperties: false
description: |-
A `limit` object
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the limit belongs.
format: uuid
type: string
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
LimitsModelGetResponse:
additionalProperties: false
properties:
model:
additionalProperties: false
description: |-
A model object describing the configured enforcement model used by the deployment.
properties:
description:
description: |-
A short description of the enforcement model used
type: string
name:
description: |-
The name of the enforcement model
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: object
LimitsPost:
additionalProperties: false
properties:
limits:
description: |-
A list of `limits` objects
items:
additionalProperties: false
oneOf:
- required:
- domain_id
- resource_limit
- resource_name
- service_id
- required:
- project_id
- resource_limit
- resource_name
- service_id
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: |-
The name of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
project_id:
description: |-
The ID for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the limit belongs.
format: uuid
type: string
required:
- resource_limit
- resource_name
- service_id
type: object
minItems: 1
type: array
required:
- limits
type: object
LimitsPostResponse:
additionalProperties: false
properties:
limits:
description: |-
A list of `limits` objects
items:
additionalProperties: false
description: |-
A `limit` object
properties:
description:
description: |-
The limit description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
project_id:
description: |-
The ID for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_limit:
description: |-
The override limit.
maximum: 2147483647
minimum: -1
type: integer
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the limit belongs.
format: uuid
type: string
type: object
type: array
type: object
Os_Ep_FilterEndpoint_GroupGetResponse:
additionalProperties: false
description: An endpoint group object
properties:
endpoint_group:
additionalProperties: false
description: An endpoint group object.
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in the
service catalog. -true. The endpoint appears in the service
catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on a
publicly available network interface. -internal. Visible by end
users on an unmetered internal network interface. -admin. Visible
by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
id:
description: The endpoint group ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: object
Os_Ep_FilterEndpoint_GroupPatch:
additionalProperties: false
description: An endpoint group object
properties:
endpoint_group:
additionalProperties: false
minProperties: 1
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in the
service catalog. -true. The endpoint appears in the service
catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on a
publicly available network interface. -internal. Visible by end
users on an unmetered internal network interface. -admin. Visible
by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
required:
- endpoint_group
type: object
Os_Ep_FilterEndpoint_GroupPatchResponse:
additionalProperties: false
description: An endpoint group object
properties:
endpoint_group:
additionalProperties: false
description: An endpoint group object.
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in the
service catalog. -true. The endpoint appears in the service
catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on a
publicly available network interface. -internal. Visible by end
users on an unmetered internal network interface. -admin. Visible
by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
id:
description: The endpoint group ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: object
Os_Ep_FilterEndpoint_GroupsEndpointsGetResponse:
description: Response of the
OS-EP-FILTER/endpoint_groups/endpoint_group_id/endpoints:get operation
type: object
Os_Ep_FilterEndpoint_GroupsGetResponse:
additionalProperties: false
properties:
endpoint_groups:
description: A list of endpoint group objects
items:
additionalProperties: false
description: An endpoint group object.
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in
the service catalog. -true. The endpoint appears in the
service catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on
a publicly available network interface. -internal. Visible by
end users on an unmetered internal network interface. -admin.
Visible by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
id:
description: The endpoint group ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
Os_Ep_FilterEndpoint_GroupsPost:
additionalProperties: false
description: An endpoint group object
properties:
endpoint_group:
additionalProperties: false
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in the
service catalog. -true. The endpoint appears in the service
catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on a
publicly available network interface. -internal. Visible by end
users on an unmetered internal network interface. -admin. Visible
by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
required:
- filters
- name
type: object
type: object
Os_Ep_FilterEndpoint_GroupsPostResponse:
additionalProperties: false
description: An endpoint group object
properties:
endpoint_group:
additionalProperties: false
description: An endpoint group object.
properties:
description:
description: The endpoint group description.
type:
- 'null'
- string
filters:
description: Describes the filtering performed by the endpoint
group. The filter used must be an endpoint property, such as
interface, service_id, region, and enabled. Note that if using
interface as a filter, the only available values are public,
internal, and admin.
properties:
enabled:
description: Indicates whether the endpoint appears in the
service catalog -false. The endpoint does not appear in the
service catalog. -true. The endpoint appears in the service
catalog.
type: boolean
interface:
description: 'The interface type, which describes the visibility
of the endpoint. Value is: -public. Visible by end users on a
publicly available network interface. -internal. Visible by end
users on an unmetered internal network interface. -admin. Visible
by administrative users on a secure network interface.'
enum:
- admin
- internal
- public
type: string
region_id:
description: (Since v3.2) The ID of the region that contains
the service endpoint.
type:
- 'null'
- string
x-openstack:
min-ver: 3.2
service_id:
description: The UUID of the service to which the endpoint
belongs
type: string
type: object
id:
description: The endpoint group ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the endpoint group.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: object
Os_Ep_FilterEndpoint_GroupsProjectGetResponse:
description: Response of the
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:get
operation
type: object
Os_Ep_FilterEndpoint_GroupsProjectPutRequest:
description: Request of the
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:put
operation
type: object
x-openstack:
action-name: PUT
Os_Ep_FilterEndpoint_GroupsProjectPutResponse:
description: Response of the
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects/project_id:put
operation
type: object
Os_Ep_FilterEndpoint_GroupsProjectsGetResponse:
description: Response of the
OS-EP-FILTER/endpoint_groups/endpoint_group_id/projects:get operation
type: object
Os_Ep_FilterEndpointsProjectsGetResponse:
description: Response of the
OS-EP-FILTER/endpoints/endpoint_id/projects:get operation
type: object
Os_Ep_FilterProjectsEndpointGetResponse:
description: Response of the
OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:get operation
type: object
Os_Ep_FilterProjectsEndpointPutRequest:
description: Request of the
OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:put operation
type: object
x-openstack:
action-name: PUT
Os_Ep_FilterProjectsEndpointPutResponse:
description: Response of the
OS-EP-FILTER/projects/project_id/endpoints/endpoint_id:put operation
type: object
Os_Ep_FilterProjectsEndpoint_GroupsGetResponse:
description: Response of the
OS-EP-FILTER/projects/project_id/endpoint_groups:get operation
type: object
Os_Ep_FilterProjectsEndpointsGetResponse:
description: Response of the
OS-EP-FILTER/projects/project_id/endpoints:get operation
type: object
Os_FederationDomainsGetResponse:
properties:
domains:
items:
properties:
description:
description: |-
The description of the domain.
type: string
enabled:
description: |-
If set to `true`, domain is enabled. If set to
`false`, domain is disabled.
type: boolean
id:
description: |-
The ID of the domain.
format: uuid
type: string
links:
description: |-
The links to the `domain` resource.
items:
description: Links to the resources in question. See [API
Guide / Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
name:
description: |-
The name of the domain.
type: string
type: object
type: array
links:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
items:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
type: object
Os_FederationIdentity_ProviderGetResponse:
properties:
identity_provider:
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database.
type: integer
description:
description: The Identity Provider description
type: string
domain_id:
description: The ID of a domain that is associated with the
Identity Provider.
format: uuid
type: string
enabled:
description: Whether the Identity Provider is enabled or not
type: boolean
id:
description: The Identity Provider unique ID
type: string
remote_ids:
description: List of the unique Identity Provider’s remote IDs
items:
type: string
type: array
type: object
type: object
Os_FederationIdentity_ProviderPatch:
description: An identity provider object
properties:
identity_provider:
additionalProperties: false
minProperties: 1
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database. If left unset, the default value configured in
keystone will be used, if enabled.
minimum: 0
type:
- integer
- 'null'
description:
description: The identity provider description
type:
- 'null'
- string
enabled:
description: Whether the identity provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
remote_ids:
description: List of the unique identity provider's remote IDs
items:
type: string
type:
- array
- 'null'
uniqueItems: true
type: object
required:
- identity_provider
type: object
Os_FederationIdentity_ProviderPatchResponse:
properties:
identity_provider:
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database.
type: integer
description:
description: The Identity Provider description
type: string
domain_id:
description: The ID of a domain that is associated with the
Identity Provider.
format: uuid
type: string
enabled:
description: Whether the Identity Provider is enabled or not
type: boolean
id:
description: The Identity Provider unique ID
type: string
remote_ids:
description: List of the unique Identity Provider’s remote IDs
items:
type: string
type: array
type: object
type: object
Os_FederationIdentity_ProviderPut:
additionalProperties: false
description: An identity provider object
properties:
identity_provider:
additionalProperties: false
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database. If left unset, the default value configured in
keystone will be used, if enabled.
minimum: 0
type:
- integer
- 'null'
description:
description: The identity provider description
type:
- 'null'
- string
domain_id:
description: The ID of a domain that is associated with the
identity provider. Federated users that authenticate with the
identity provider will be created under the domain specified.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: Whether the identity provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
remote_ids:
description: List of the unique identity provider's remote IDs
items:
type: string
type:
- array
- 'null'
uniqueItems: true
type: object
type: object
Os_FederationIdentity_ProviderPutResponse:
properties:
identity_provider:
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database.
type: integer
description:
description: The Identity Provider description
type: string
domain_id:
description: The ID of a domain that is associated with the
Identity Provider.
format: uuid
type: string
enabled:
description: Whether the Identity Provider is enabled or not
type: boolean
id:
description: The Identity Provider unique ID
type: string
remote_ids:
description: List of the unique Identity Provider’s remote IDs
items:
type: string
type: array
type: object
type: object
Os_FederationIdentity_ProvidersGetResponse:
properties:
identity_providers:
items:
properties:
authorization_ttl:
description: The length of validity in minutes for group
memberships carried over through mapping and persisted in the
database.
type: integer
description:
description: The Identity Provider description
type: string
domain_id:
description: The ID of a domain that is associated with the
Identity Provider.
format: uuid
type: string
enabled:
description: Whether the Identity Provider is enabled or not
type: boolean
id:
description: The Identity Provider unique ID
type: string
remote_ids:
description: List of the unique Identity Provider’s remote IDs
items:
type: string
type: array
type: object
type: array
type: object
Os_FederationIdentity_ProvidersProtocolGetResponse:
properties:
protocol:
properties:
id:
description: The federation protocol ID
format: uuid
type: string
mapping_id:
type: string
remote_id_attribute:
maxLength: 64
type: string
type: object
type: object
Os_FederationIdentity_ProvidersProtocolPatchRequest:
additionalProperties: false
properties:
protocol:
additionalProperties: false
properties:
mapping_id:
maxLength: 64
minLength: 1
type: string
remote_id_attribute:
maxLength: 64
type:
- 'null'
- string
required:
- mapping_id
type: object
required:
- protocol
type: object
Os_FederationIdentity_ProvidersProtocolPatchResponse:
properties:
protocol:
properties:
id:
description: The federation protocol ID
format: uuid
type: string
mapping_id:
type: string
remote_id_attribute:
maxLength: 64
type: string
type: object
type: object
Os_FederationIdentity_ProvidersProtocolPutRequest:
additionalProperties: false
properties:
protocol:
additionalProperties: false
properties:
mapping_id:
maxLength: 64
minLength: 1
type: string
remote_id_attribute:
maxLength: 64
type:
- 'null'
- string
required:
- mapping_id
type: object
required:
- protocol
type: object
Os_FederationIdentity_ProvidersProtocolPutResponse:
properties:
protocol:
properties:
id:
description: The federation protocol ID
format: uuid
type: string
mapping_id:
type: string
remote_id_attribute:
maxLength: 64
type: string
type: object
type: object
Os_FederationIdentity_ProvidersProtocolsAuthGetResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
Os_FederationIdentity_ProvidersProtocolsAuthPostRequest:
description: Request of the
OS-FEDERATION/identity_providers/idp_id/protocols/protocol_id/auth:post
operation
type: object
x-openstack:
action-name: POST
Os_FederationIdentity_ProvidersProtocolsAuthPostResponse:
properties:
token:
properties:
audit_ids:
description: A list of one or two audit IDs. An audit ID is a
unique, randomly generated, URL-safe string that you can use to
track a token. The first audit ID is the current audit ID for
the token. The second audit ID is present for only re-scoped
tokens and is the audit ID from the token before it was
re-scoped. A re- scoped token is one that was exchanged for
another token of the same or different scope. You can use these
audit IDs to track the use of a token or chain of tokens across
multiple requests and endpoints without exposing the token ID to
non-privileged users.
items:
type: string
type: array
catalog:
description: A catalog object.
items:
properties:
endpoints:
description: |-
A list of `endpoint` objects.
items:
properties:
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
interface:
enum:
- admin
- internal
- public
type: string
region:
description: Region name of the endpoint
type: string
url:
description: The endpoint url
format: uri
type: string
type: object
type: array
id:
description: The UUID of the service to which the endpoint
belongs.
format: uuid
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
expires_at:
description: The date and time when the token expires.
format: date-time
type: string
issues_at:
description: The date and time when the token was issued.
format: date-time
type: string
methods:
description: The authentication methods, which are commonly
password, token, or other methods. Indicates the accumulated set
of authentication methods that were used to obtain the token.
For example, if the token was obtained by password
authentication, it contains password. Later, if the token is
exchanged by using the token authentication method one or more
times, the subsequently created tokens contain both password and
token in their methods attribute. Unlike multi-factor
authentication, the methods attribute merely indicates the
methods that were used to authenticate the user in exchange for
a token. The client is responsible for determining the total
number of authentication factors.
items:
type: string
type: array
user:
description: A user object
properties:
OS-FEDERATION:
type: object
domain:
properties:
id:
description: A user domain UUID
format: uuid
type: string
name:
description: A user domain name
type: string
type: object
id:
description: A user UUID
format: uuid
type: string
name:
description: A user name
type: string
password_expires_at:
description: DateTime of the user password expiration
format: date-time
type: string
type: object
type: object
type: object
Os_FederationIdentity_ProvidersProtocolsGetResponse:
properties:
protocols:
items:
properties:
id:
description: The federation protocol ID
format: uuid
type: string
mapping_id:
type: string
remote_id_attribute:
maxLength: 64
type: string
type: object
type: array
type: object
Os_FederationMappingGetResponse:
properties:
mapping:
properties:
id:
description: The Federation Mapping unique ID
type: string
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
type: object
type: object
Os_FederationMappingPatchRequest:
properties:
mapping:
properties:
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
required:
- rules
type: object
type: object
Os_FederationMappingPatchResponse:
properties:
mapping:
properties:
id:
description: The Federation Mapping unique ID
type: string
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
type: object
type: object
Os_FederationMappingPutRequest:
properties:
mapping:
properties:
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
required:
- rules
type: object
type: object
Os_FederationMappingPutResponse:
properties:
mapping:
properties:
id:
description: The Federation Mapping unique ID
type: string
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
type: object
type: object
Os_FederationMappingsGetResponse:
properties:
mappings:
items:
properties:
id:
description: The Federation Mapping unique ID
type: string
rules:
items:
additionalProperties: false
properties:
local:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
group:
oneOf:
- additionalProperties: false
properties:
id:
type: string
required:
- id
type: object
- additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
required:
- domain
- name
type: object
type: object
group_ids:
type: string
groups:
type: string
projects:
items:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
name:
type: string
roles:
items:
additionalProperties: false
properties:
name:
type: string
required:
- name
type: object
type: array
required:
- name
- roles
type: object
type: array
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
type: string
name:
type: string
type: object
email:
type: string
id:
type: string
name:
type: string
type:
enum:
- ephemeral
- local
type: string
type: object
type: object
type: array
remote:
items:
oneOf:
- additionalProperties: false
properties:
any_one_of:
type: array
regex:
type: boolean
type:
type: string
required:
- any_one_of
- type
type: object
- additionalProperties: false
properties:
blacklist:
type: array
regex:
type: boolean
type:
type: string
required:
- blacklist
- type
type: object
- additionalProperties: false
properties:
not_any_of:
type: array
regex:
type: boolean
type:
type: string
required:
- not_any_of
- type
type: object
- additionalProperties: false
properties:
regex:
type: boolean
type:
type: string
whitelist:
type: array
required:
- type
- whitelist
type: object
- additionalProperties: false
properties:
type:
type: string
required:
- type
type: object
type: object
minItems: 1
type: array
required:
- local
- remote
type: object
minItems: 1
type: array
schema_version:
description: Mapping schema version
type: string
type: object
type: array
type: object
Os_FederationProjectsGetResponse:
properties:
links:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
items:
description: Links to the resources in question. See [API Guide /
Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
projects:
items:
properties:
domain_id:
description: |-
The ID of the domain for the project.
format: uuid
type: string
enabled:
description: |-
If set to `true`, project is enabled. If set to
`false`, project is disabled.
type: boolean
id:
description: |-
The ID for the project.
format: uuid
type: string
links:
description: |-
The links for the `project` resource.
items:
description: Links to the resources in question. See [API
Guide / Links and
References](https://docs.openstack.org/api-guide/compute/links_and_references.html)
for more info.
properties:
href:
format: uri
type: string
rel:
type: string
type: object
type: array
name:
description: |-
The name of the project.
type: string
type: object
type: array
type: object
Os_FederationSaml2MetadataGetResponse:
description: Identity Provider metadata information in XML format
format: xml
type: string
Os_FederationService_ProviderGetResponse:
additionalProperties: false
description: A service provider object
properties:
service_provider:
additionalProperties: true
description: A service provider object
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: The service provider ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
type: object
Os_FederationService_ProviderPatch:
additionalProperties: false
description: A service provider object
properties:
service_provider:
additionalProperties: false
minProperties: 1
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
required:
- service_provider
type: object
Os_FederationService_ProviderPatchResponse:
additionalProperties: false
description: A service provider object
properties:
service_provider:
additionalProperties: true
description: A service provider object
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: The service provider ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
type: object
Os_FederationService_ProviderPut:
additionalProperties: false
description: A service provider object
properties:
service_provider:
additionalProperties: false
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
required:
- auth_url
- sp_url
type: object
required:
- service_provider
type: object
Os_FederationService_ProviderPutResponse:
additionalProperties: false
description: A service provider object
properties:
service_provider:
additionalProperties: true
description: A service provider object
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: The service provider ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
type: object
Os_FederationService_ProvidersGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
service_providers:
description: A list of service provider objects
items:
additionalProperties: true
description: A service provider object
properties:
auth_url:
description: The URL to authenticate against
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
description:
description: The description of the service provider
type:
- 'null'
- string
enabled:
description: Whether the service provider is enabled or not
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: The service provider ID
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
relay_state_prefix:
description: The prefix of the RelayState SAML attribute
type:
- 'null'
- string
sp_url:
description: The service provider's URL
maxLength: 225
minLength: 0
pattern: ^[a-zA-Z0-9+.-]+:.+
type: string
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
Os_InheritDomainsGroupsRolesInherited_To_ProjectsGetResponse:
description: Response of the
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:get
operation
type: object
Os_InheritDomainsGroupsRolesInherited_To_ProjectsPutRequest:
description: Request of the
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:put
operation
type: object
x-openstack:
action-name: PUT
Os_InheritDomainsGroupsRolesInherited_To_ProjectsPutResponse:
description: Response of the
OS-INHERIT/domains/domain_id/groups/group_id/roles/role_id/inherited_to_projects:put
operation
type: object
Os_InheritDomainsUsersRolesInherited_To_ProjectsGetResponse:
description: Response of the
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:get
operation
type: object
Os_InheritDomainsUsersRolesInherited_To_ProjectsPutRequest:
description: Request of the
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:put
operation
type: object
x-openstack:
action-name: PUT
Os_InheritDomainsUsersRolesInherited_To_ProjectsPutResponse:
description: Response of the
OS-INHERIT/domains/domain_id/users/user_id/roles/role_id/inherited_to_projects:put
operation
type: object
Os_InheritProjectsGroupsRolesInherited_To_ProjectsGetResponse:
description: Response of the
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:get
operation
type: object
Os_InheritProjectsGroupsRolesInherited_To_ProjectsPutRequest:
description: Request of the
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:put
operation
type: object
x-openstack:
action-name: PUT
Os_InheritProjectsGroupsRolesInherited_To_ProjectsPutResponse:
description: Response of the
OS-INHERIT/projects/project_id/groups/group_id/roles/role_id/inherited_to_projects:put
operation
type: object
Os_InheritProjectsUsersRolesInherited_To_ProjectsGetResponse:
description: Response of the
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:get
operation
type: object
Os_InheritProjectsUsersRolesInherited_To_ProjectsPutRequest:
description: Request of the
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:put
operation
type: object
x-openstack:
action-name: PUT
Os_InheritProjectsUsersRolesInherited_To_ProjectsPutResponse:
description: Response of the
OS-INHERIT/projects/project_id/users/user_id/roles/role_id/inherited_to_projects:put
operation
type: object
Os_Oauth1Access_TokenGetResponse:
description: Response of the OS-OAUTH1/access_token:get operation
type: object
Os_Oauth1Access_TokenPostRequest:
description: Request of the OS-OAUTH1/access_token:post operation
type: object
x-openstack:
action-name: POST
Os_Oauth1Access_TokenPostResponse:
description: Response of the OS-OAUTH1/access_token:post operation
type: object
Os_Oauth1AuthorizePutRequest:
description: Request of the OS-OAUTH1/authorize/request_token_id:put
operation
type: object
x-openstack:
action-name: PUT
Os_Oauth1AuthorizePutResponse:
description: Response of the OS-OAUTH1/authorize/request_token_id:put
operation
type: object
Os_Oauth1ConsumerGetResponse:
description: Response of the OS-OAUTH1/consumers/consumer_id:get operation
type: object
Os_Oauth1ConsumerPatchRequest:
description: Request of the OS-OAUTH1/consumers/consumer_id:patch
operation
type: object
x-openstack:
action-name: PATCH
Os_Oauth1ConsumerPatchResponse:
description: Response of the OS-OAUTH1/consumers/consumer_id:patch
operation
type: object
Os_Oauth1ConsumersGetResponse:
description: Response of the OS-OAUTH1/consumers:get operation
type: object
Os_Oauth1ConsumersPostRequest:
description: Request of the OS-OAUTH1/consumers:post operation
type: object
x-openstack:
action-name: POST
Os_Oauth1ConsumersPostResponse:
description: Response of the OS-OAUTH1/consumers:post operation
type: object
Os_Oauth1Request_TokenGetResponse:
description: Response of the OS-OAUTH1/request_token:get operation
type: object
Os_Oauth1Request_TokenPostRequest:
description: Request of the OS-OAUTH1/request_token:post operation
type: object
x-openstack:
action-name: POST
Os_Oauth1Request_TokenPostResponse:
description: Response of the OS-OAUTH1/request_token:post operation
type: object
Os_Oauth2TokenGetResponse:
description: Response of the OS-OAUTH2/token:get operation
type: object
Os_Oauth2TokenPatchRequest:
description: Request of the OS-OAUTH2/token:patch operation
type: object
x-openstack:
action-name: PATCH
Os_Oauth2TokenPatchResponse:
description: Response of the OS-OAUTH2/token:patch operation
type: object
Os_Oauth2TokenPostRequest:
description: Request of the OS-OAUTH2/token:post operation
type: object
x-openstack:
action-name: POST
Os_Oauth2TokenPostResponse:
description: Response of the OS-OAUTH2/token:post operation
type: object
Os_Oauth2TokenPutRequest:
description: Request of the OS-OAUTH2/token:put operation
type: object
x-openstack:
action-name: PUT
Os_Oauth2TokenPutResponse:
description: Response of the OS-OAUTH2/token:put operation
type: object
Os_RevokeEventsGetResponse:
description: Response of the OS-REVOKE/events:get operation
type: object
Os_Simple_CertCaGetResponse:
description: Response of the OS-SIMPLE-CERT/ca:get operation
type: object
Os_Simple_CertCertificatesGetResponse:
description: Response of the OS-SIMPLE-CERT/certificates:get operation
type: object
Os_TrustTrustGetResponse:
additionalProperties: false
description: A trust object
properties:
trust:
additionalProperties: true
description: A trust object.
properties:
allow_redelegation:
description: If set to true then a trust between a trustor and any
third-party user may be issued by the trustee just like a
regular trust. If set to false, stops further redelegation.
False by default.
type:
- boolean
- 'null'
deleted_at:
type:
- 'null'
- string
expires_at:
description: Specifies the expiration time of the trust. A trust
may be revoked ahead of expiration. If the value represents a
time in the past, the trust is deactivated. In the redelegation
case it must not exceed the value of the corresponding
expires_at field of the redelegated trust or it may be omitted,
then the expires_at value is copied from the redelegated trust.
type:
- 'null'
- string
id:
description: The ID of the trust.
readOnly: true
type: string
impersonation:
description: If set to true, then the user attribute of tokens
generated based on the trust will represent that of the trustor
rather than the trustee, thus allowing the trustee to
impersonate the trustor. If impersonation if set to false, then
the token's user attribute will represent that of the trustee.
type: boolean
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
project_id:
description: Identifies the project upon which the trustor is
delegating authorization.
type:
- 'null'
- string
redelegated_trust_id:
description: Returned with redelegated trust provides information
about the predecessor in the trust chain.
type:
- 'null'
- string
redelegation_count:
description: Specifies the maximum remaining depth of the
redelegated trust chain. Each subsequent trust has this field
decremented by 1 automatically. The initial trustor issuing new
trust that can be redelegated, must set allow_redelegation to
true and may set redelegation_count to an integer value less
than or equal to max_redelegation_count configuration parameter
in order to limit the possible length of derived trust chains.
The trust issued by the trustor using a project-scoped token
(not redelegating), in which allow_redelegation is set to true
(the new trust is redelegatable), will be populated with the
value specified in the max_redelegation_count configuration
parameter if redelegation_count is not set or set to null. If
allow_redelegation is set to false then redelegation_count will
be set to 0 in the trust. If the trust is being issued by the
trustee of a redelegatable trust-scoped token (redelegation
case) then redelegation_count should not be set, as it will
automatically be set to the value in the redelegatable
trust-scoped token decremented by 1. Note, if the resulting
value is 0, this means that the new trust will not be
redelegatable, regardless of the value of allow_redelegation.
minimum: 0
type:
- integer
- 'null'
remaining_uses:
description: Specifies how many times the trust can be used to
obtain a token. This value is decreased each time a token is
issued through the trust. Once it reaches 0, no further tokens
will be issued through the trust. The default value is null,
meaning there is no limit on the number of tokens issued through
the trust. If redelegation is enabled it must not be set.
minimum: 1
type:
- integer
- 'null'
roles:
items:
additionalProperties: false
properties:
description:
description: The resource description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
roles_links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
trustee_user_id:
description: Represents the user who is capable of consuming the
trust.
type: string
trustor_user_id:
description: Represents the user who created the trust, and who's
authorization is being delegated.
type: string
type: object
type: object
Os_TrustTrustsGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
trusts:
description: A list of trust objects.
items:
additionalProperties: true
description: A trust object.
properties:
allow_redelegation:
description: If set to true then a trust between a trustor and
any third-party user may be issued by the trustee just like a
regular trust. If set to false, stops further redelegation.
False by default.
type:
- boolean
- 'null'
deleted_at:
type:
- 'null'
- string
expires_at:
description: Specifies the expiration time of the trust. A trust
may be revoked ahead of expiration. If the value represents a
time in the past, the trust is deactivated. In the
redelegation case it must not exceed the value of the
corresponding expires_at field of the redelegated trust or it
may be omitted, then the expires_at value is copied from the
redelegated trust.
type:
- 'null'
- string
id:
description: The ID of the trust.
readOnly: true
type: string
impersonation:
description: If set to true, then the user attribute of tokens
generated based on the trust will represent that of the
trustor rather than the trustee, thus allowing the trustee to
impersonate the trustor. If impersonation if set to false,
then the token's user attribute will represent that of the
trustee.
type: boolean
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
project_id:
description: Identifies the project upon which the trustor is
delegating authorization.
type:
- 'null'
- string
redelegated_trust_id:
description: Returned with redelegated trust provides
information about the predecessor in the trust chain.
type:
- 'null'
- string
redelegation_count:
description: Specifies the maximum remaining depth of the
redelegated trust chain. Each subsequent trust has this field
decremented by 1 automatically. The initial trustor issuing
new trust that can be redelegated, must set allow_redelegation
to true and may set redelegation_count to an integer value
less than or equal to max_redelegation_count configuration
parameter in order to limit the possible length of derived
trust chains. The trust issued by the trustor using a
project-scoped token (not redelegating), in which
allow_redelegation is set to true (the new trust is
redelegatable), will be populated with the value specified in
the max_redelegation_count configuration parameter if
redelegation_count is not set or set to null. If
allow_redelegation is set to false then redelegation_count
will be set to 0 in the trust. If the trust is being issued by
the trustee of a redelegatable trust-scoped token
(redelegation case) then redelegation_count should not be set,
as it will automatically be set to the value in the
redelegatable trust-scoped token decremented by 1. Note, if
the resulting value is 0, this means that the new trust will
not be redelegatable, regardless of the value of
allow_redelegation.
minimum: 0
type:
- integer
- 'null'
remaining_uses:
description: Specifies how many times the trust can be used to
obtain a token. This value is decreased each time a token is
issued through the trust. Once it reaches 0, no further tokens
will be issued through the trust. The default value is null,
meaning there is no limit on the number of tokens issued
through the trust. If redelegation is enabled it must not be
set.
minimum: 1
type:
- integer
- 'null'
roles:
items:
additionalProperties: false
properties:
description:
description: The resource description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
roles_links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
trustee_user_id:
description: Represents the user who is capable of consuming the
trust.
type: string
trustor_user_id:
description: Represents the user who created the trust, and
who's authorization is being delegated.
type: string
type: object
type: array
type: object
Os_TrustTrustsPost:
additionalProperties: false
description: A trust object
properties:
trust:
additionalProperties: true
properties:
allow_redelegation:
description: If set to true then a trust between a trustor and any
third-party user may be issued by the trustee just like a
regular trust. If set to false, stops further redelegation.
False by default.
type:
- boolean
- 'null'
expires_at:
description: Specifies the expiration time of the trust. A trust
may be revoked ahead of expiration. If the value represents a
time in the past, the trust is deactivated. In the redelegation
case it must not exceed the value of the corresponding
expires_at field of the redelegated trust or it may be omitted,
then the expires_at value is copied from the redelegated trust.
type:
- 'null'
- string
impersonation:
description: If set to true, then the user attribute of tokens
generated based on the trust will represent that of the trustor
rather than the trustee, thus allowing the trustee to
impersonate the trustor. If impersonation if set to false, then
the token's user attribute will represent that of the trustee.
type: boolean
project_id:
description: Identifies the project upon which the trustor is
delegating authorization.
type:
- 'null'
- string
redelegated_trust_id:
description: Returned with redelegated trust provides information
about the predecessor in the trust chain.
type:
- 'null'
- string
redelegation_count:
description: Specifies the maximum remaining depth of the
redelegated trust chain. Each subsequent trust has this field
decremented by 1 automatically. The initial trustor issuing new
trust that can be redelegated, must set allow_redelegation to
true and may set redelegation_count to an integer value less
than or equal to max_redelegation_count configuration parameter
in order to limit the possible length of derived trust chains.
The trust issued by the trustor using a project-scoped token
(not redelegating), in which allow_redelegation is set to true
(the new trust is redelegatable), will be populated with the
value specified in the max_redelegation_count configuration
parameter if redelegation_count is not set or set to null. If
allow_redelegation is set to false then redelegation_count will
be set to 0 in the trust. If the trust is being issued by the
trustee of a redelegatable trust-scoped token (redelegation
case) then redelegation_count should not be set, as it will
automatically be set to the value in the redelegatable
trust-scoped token decremented by 1. Note, if the resulting
value is 0, this means that the new trust will not be
redelegatable, regardless of the value of allow_redelegation.
minimum: 0
type:
- integer
- 'null'
remaining_uses:
description: Specifies how many times the trust can be used to
obtain a token. This value is decreased each time a token is
issued through the trust. Once it reaches 0, no further tokens
will be issued through the trust. The default value is null,
meaning there is no limit on the number of tokens issued through
the trust. If redelegation is enabled it must not be set.
minimum: 1
type:
- integer
- 'null'
roles:
items:
additionalProperties: false
maxProperties: 1
minProperties: 1
properties:
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
name:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: array
trustee_user_id:
description: Represents the user who is capable of consuming the
trust.
type: string
trustor_user_id:
description: Represents the user who created the trust, and who's
authorization is being delegated.
type: string
required:
- impersonation
- trustee_user_id
- trustor_user_id
type: object
required:
- trust
type: object
Os_TrustTrustsPostResponse:
additionalProperties: false
description: A trust object
properties:
trust:
additionalProperties: true
description: A trust object.
properties:
allow_redelegation:
description: If set to true then a trust between a trustor and any
third-party user may be issued by the trustee just like a
regular trust. If set to false, stops further redelegation.
False by default.
type:
- boolean
- 'null'
deleted_at:
type:
- 'null'
- string
expires_at:
description: Specifies the expiration time of the trust. A trust
may be revoked ahead of expiration. If the value represents a
time in the past, the trust is deactivated. In the redelegation
case it must not exceed the value of the corresponding
expires_at field of the redelegated trust or it may be omitted,
then the expires_at value is copied from the redelegated trust.
type:
- 'null'
- string
id:
description: The ID of the trust.
readOnly: true
type: string
impersonation:
description: If set to true, then the user attribute of tokens
generated based on the trust will represent that of the trustor
rather than the trustee, thus allowing the trustee to
impersonate the trustor. If impersonation if set to false, then
the token's user attribute will represent that of the trustee.
type: boolean
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
project_id:
description: Identifies the project upon which the trustor is
delegating authorization.
type:
- 'null'
- string
redelegated_trust_id:
description: Returned with redelegated trust provides information
about the predecessor in the trust chain.
type:
- 'null'
- string
redelegation_count:
description: Specifies the maximum remaining depth of the
redelegated trust chain. Each subsequent trust has this field
decremented by 1 automatically. The initial trustor issuing new
trust that can be redelegated, must set allow_redelegation to
true and may set redelegation_count to an integer value less
than or equal to max_redelegation_count configuration parameter
in order to limit the possible length of derived trust chains.
The trust issued by the trustor using a project-scoped token
(not redelegating), in which allow_redelegation is set to true
(the new trust is redelegatable), will be populated with the
value specified in the max_redelegation_count configuration
parameter if redelegation_count is not set or set to null. If
allow_redelegation is set to false then redelegation_count will
be set to 0 in the trust. If the trust is being issued by the
trustee of a redelegatable trust-scoped token (redelegation
case) then redelegation_count should not be set, as it will
automatically be set to the value in the redelegatable
trust-scoped token decremented by 1. Note, if the resulting
value is 0, this means that the new trust will not be
redelegatable, regardless of the value of allow_redelegation.
minimum: 0
type:
- integer
- 'null'
remaining_uses:
description: Specifies how many times the trust can be used to
obtain a token. This value is decreased each time a token is
issued through the trust. Once it reaches 0, no further tokens
will be issued through the trust. The default value is null,
meaning there is no limit on the number of tokens issued through
the trust. If redelegation is enabled it must not be set.
minimum: 1
type:
- integer
- 'null'
roles:
items:
additionalProperties: false
properties:
description:
description: The resource description.
maxLength: 255
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
roles_links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
trustee_user_id:
description: Represents the user who is capable of consuming the
trust.
type: string
trustor_user_id:
description: Represents the user who created the trust, and who's
authorization is being delegated.
type: string
type: object
type: object
Os_TrustTrustsRoleGetResponse:
description: Response of the OS-TRUST/trusts/trust_id/roles/role_id:get
operation
type: object
Os_TrustTrustsRolesGetResponse:
description: Response of the OS-TRUST/trusts/trust_id/roles:get operation
type: object
PoliciesGetResponse:
description: Response of the policies:get operation
type: object
PoliciesOs_Endpoint_PolicyEndpointGetResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:get
operation
type: object
PoliciesOs_Endpoint_PolicyEndpointPutRequest:
description: Request of the
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:put
operation
type: object
x-openstack:
action-name: PUT
PoliciesOs_Endpoint_PolicyEndpointPutResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/endpoints/endpoint_id:put
operation
type: object
PoliciesOs_Endpoint_PolicyEndpointsGetResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/endpoints:get operation
type: object
PoliciesOs_Endpoint_PolicyServiceGetResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:get operation
type: object
PoliciesOs_Endpoint_PolicyServicePutRequest:
description: Request of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:put operation
type: object
x-openstack:
action-name: PUT
PoliciesOs_Endpoint_PolicyServicePutResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id:put operation
type: object
PoliciesOs_Endpoint_PolicyServicesRegionGetResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:get
operation
type: object
PoliciesOs_Endpoint_PolicyServicesRegionPutRequest:
description: Request of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:put
operation
type: object
x-openstack:
action-name: PUT
PoliciesOs_Endpoint_PolicyServicesRegionPutResponse:
description: Response of the
policies/policy_id/OS-ENDPOINT-POLICY/services/service_id/regions/region_id:put
operation
type: object
PoliciesPostRequest:
description: Request of the policies:post operation
type: object
x-openstack:
action-name: POST
PoliciesPostResponse:
description: Response of the policies:post operation
type: object
PolicyGetResponse:
description: Response of the policies/policy_id:get operation
type: object
PolicyPatchRequest:
description: Request of the policies/policy_id:patch operation
type: object
x-openstack:
action-name: PATCH
PolicyPatchResponse:
description: Response of the policies/policy_id:patch operation
type: object
ProjectGetResponse:
additionalProperties: false
properties:
project:
additionalProperties: true
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID for the project.
readOnly: true
type: string
is_domain:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
parent_id:
description: |-
The ID of the parent for the project.
**New in version 3.4**
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: object
ProjectPatch:
additionalProperties: false
properties:
project:
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, project is enabled. If set to
`false`, project is disabled.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
name:
description: |-
The name of the project, which must be unique within the
owning domain. A project can have the same name as its domain.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
tags:
description: |-
A list of simple strings assigned to a project.
Tags can be used to classify projects into groups.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: object
ProjectPatchResponse:
additionalProperties: false
properties:
project:
additionalProperties: true
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID for the project.
readOnly: true
type: string
is_domain:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
parent_id:
description: |-
The ID of the parent for the project.
**New in version 3.4**
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: object
ProjectsGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
projects:
description: |-
A list of `project` objects
items:
additionalProperties: true
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID for the project.
readOnly: true
type: string
is_domain:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
parent_id:
description: |-
The ID of the parent for the project.
**New in version 3.4**
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
ProjectsPost:
additionalProperties: false
properties:
project:
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain for the project.
For projects acting as a domain, the `domain_id` must not be specified,
it will be generated by the Identity service implementation.
For regular projects (i.e. those not acing as a domain), if `domain_id`
is not specified, but `parent_id` is specified, then the domain ID of the
parent will be used. If neither `domain_id` or `parent_id` is
specified, the Identity service implementation will default to the domain
to which the client’s token is scoped. If both `domain_id` and
`parent_id` are specified, and they do not indicate the same domain, an
`Bad Request (400)` will be returned.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: |-
If set to `true`, project is enabled. If set to
`false`, project is disabled. The default is `true`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
is_domain:
description: |-
If set to `true`, project is enabled. If set to
`false`, project is disabled. The default is `true`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
name:
description: |-
The name of the project, which must be unique within the
owning domain. A project can have the same name as its domain.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
parent_id:
description: |-
The ID of the parent of the project.
If specified on project creation, this places the project within a
hierarchy and implicitly defines the owning domain, which will be the
same domain as the parent specified. If `parent_id` is
not specified and `is_domain` is `false`, then the project will use its
owning domain as its parent. If `is_domain` is `true` (i.e. the project
is acting as a domain), then `parent_id` must not specified (or if it is,
it must be `null`) since domains have no parents.
`parent_id` is immutable, and can’t be updated after the project is
created - hence a project cannot be moved within the hierarchy.
**New in version 3.4**
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
tags:
description: |-
A list of simple strings assigned to a project.
Tags can be used to classify projects into groups.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
required:
- name
type: object
type: object
ProjectsPostResponse:
additionalProperties: false
properties:
project:
additionalProperties: true
description: |-
A `project` object
properties:
description:
description: |-
The description of the project.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain for the project.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
id:
description: |-
The ID for the project.
readOnly: true
type: string
is_domain:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: |-
The name of the project.
maxLength: 64
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the project. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
parent_id:
description: |-
The ID of the parent for the project.
**New in version 3.4**
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
maxItems: 80
required: []
type: array
uniqueItems: true
type: object
type: object
ProjectsTagsGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
type: string
type: array
type: object
ProjectsTagsPut:
additionalProperties: false
properties:
tags:
description: |-
A list of simple strings assigned to a project.
items:
maxLength: 255
minLength: 1
pattern: ^[^,/]*$
type: string
type: array
type: object
ProjectsTagsPutResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
tags:
description: |-
A list of simple strings assigned to a project.
items:
type: string
type: array
type: object
Region:
properties:
region:
description: |-
A `region` object
properties:
description:
description: |-
The region description.
type: string
id:
description: |-
The ID for the region.
format: uuid
readOnly: true
type: string
parent_id:
description: To make this region a child of another region, set
this parameter to the ID of the parent region.
format: uuid
type: string
type: object
type: object
RegionPatch:
additionalProperties: false
properties:
region:
additionalProperties: true
description: |-
A `region` object
minProperties: 1
properties:
description:
description: |-
The region description.
maxLength: 255
type:
- 'null'
- string
id:
description: The region ID.
maxLength: 255
minLength: 1
type:
- 'null'
- string
parent_region_id:
description: |-
To make this region a child of another region,
set this parameter to the ID of the parent region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
type: object
required:
- region
type: object
RegionPut:
additionalProperties: false
properties:
region:
additionalProperties: true
properties:
description:
description: The resource description.
maxLength: 255
type:
- 'null'
- string
id:
description: The region ID.
maxLength: 255
minLength: 0
type:
- 'null'
- string
parent_region_id:
description: To make this region a child of another region, set
this parameter to the ID of the parent region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
type: object
required:
- region
type: object
RegionPutResponse:
additionalProperties: false
properties:
region:
additionalProperties: true
description: A region object.
properties:
description:
description: The resource description.
maxLength: 255
type:
- 'null'
- string
id:
description: The region ID.
maxLength: 255
minLength: 1
type:
- 'null'
- string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
parent_region_id:
description: To make this region a child of another region, set
this parameter to the ID of the parent region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
required:
- description
- id
- links
- parent_region_id
type: object
required:
- region
type: object
RegionsGetResponse:
properties:
regions:
description: |-
A list of `region` object
items:
description: |-
A `region` object
properties:
description:
description: |-
The region description.
type: string
id:
description: |-
The ID for the region.
format: uuid
readOnly: true
type: string
parent_id:
description: To make this region a child of another region, set
this parameter to the ID of the parent region.
format: uuid
type: string
type: object
type: array
type: object
RegionsPost:
additionalProperties: false
properties:
region:
additionalProperties: true
description: |-
A `region` object
properties:
description:
description: |-
The region description.
maxLength: 255
type:
- 'null'
- string
id:
description: |-
The ID for the region.
maxLength: 255
minLength: 0
type:
- 'null'
- string
parent_region_id:
description: |-
To make this region a child of another region,
set this parameter to the ID of the parent region.
maxLength: 255
minLength: 1
type:
- 'null'
- string
type: object
required:
- region
type: object
Registered_LimitGetResponse:
additionalProperties: false
properties:
registered_limit:
additionalProperties: false
description: |-
A `registered_limit` objects
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
id:
description: |-
The registered limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the registered limit
belongs.
format: uuid
type: string
type: object
type: object
Registered_LimitPatch:
additionalProperties: false
properties:
registered_limit:
additionalProperties: false
description: |-
A `registered_limit` objects
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
Either service_id, resource_name, or region_id must be
different than existing value otherwise it will raise 409.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name. Either service_id, resource_name or
region_id must be different than existing value otherwise
it will raise 409.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to update to which the registered
limit belongs. Either service_id, resource_name, or region_id
must be different than existing value otherwise it will
raise 409.
format: uuid
type: string
type: object
required:
- registered_limit
type: object
Registered_LimitPatchResponse:
additionalProperties: false
properties:
registered_limit:
additionalProperties: false
description: |-
A `registered_limit` objects
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
id:
description: |-
The registered limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the registered limit
belongs.
format: uuid
type: string
type: object
type: object
Registered_LimitsGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
registered_limits:
description: |-
A list of `registered_limits` objects
items:
additionalProperties: false
description: |-
A `registered_limit` objects
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
id:
description: |-
The registered limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the registered limit
belongs.
format: uuid
type: string
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
Registered_LimitsPost:
additionalProperties: false
properties:
registered_limits:
description: |-
A list of `registered_limits` objects
items:
additionalProperties: false
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
region_id:
description: |-
The ID of the region that contains the service endpoint.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the registered limit
belongs.
format: uuid
type: string
required:
- default_limit
- resource_name
- service_id
type: object
minItems: 1
type: array
required:
- registered_limits
type: object
Registered_LimitsPostResponse:
additionalProperties: false
properties:
registered_limits:
description: |-
A list of `registered_limits` objects
items:
additionalProperties: false
description: |-
A `registered_limit` objects
properties:
default_limit:
description: |-
The default limit for the registered limit.
maximum: 2147483647
minimum: -1
type: integer
description:
description: |-
The registered limit description.
maxLength: 255
type:
- 'null'
- string
id:
description: |-
The registered limit ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
region_id:
description: |-
The ID of the region that contains the service endpoint.
The value can be None.
maxLength: 255
minLength: 1
type:
- 'null'
- string
resource_name:
description: |-
The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
service_id:
description: |-
The UUID of the service to which the registered limit
belongs.
format: uuid
type: string
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
Role:
properties:
role:
description: |-
A `role` object
properties:
description:
description: |-
The role description.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The role ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties:
format: uri
type:
- 'null'
- string
description: |-
The link to the resources in question.
readOnly: true
type: object
name:
description: |-
The role name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: object
RolePatch:
additionalProperties: false
properties:
role:
additionalProperties: true
description: |-
A `role` object
minProperties: 1
properties:
description:
description: |-
The new role description.
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
name:
description: |-
The new role name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
required:
- role
type: object
Role_AssignmentsGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
role_assignments:
description: A list of role assignment objects.
items:
additionalProperties: false
description: A role assignment object.
oneOf:
- required:
- group
- required:
- user
properties:
group:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
description: The ID of the domain.
type: string
name:
description: The name of the domain.
type: string
required:
- id
type: object
id:
description: The ID of the group
type: string
name:
description: The name of the group
type: string
required:
- id
type: object
links:
additionalProperties: false
properties:
assignment:
format: uri
type: string
membership:
format: uri
type: string
prior_role:
format: uri
type: string
required:
- assignment
type: object
role:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
description: The ID of the domain.
type: string
name:
description: The name of the domain.
type: string
required:
- id
type: object
id:
description: The ID of the role.
type: string
name:
description: The name of the role.
maxLength: 255
minLength: 1
type: string
required:
- id
type: object
scope:
additionalProperties: false
oneOf:
- required:
- domain
- required:
- project
- required:
- system
properties:
OS-INHERIT:inherited_to:
const: projects
domain:
additionalProperties: false
properties:
id:
description: The ID of the domain.
type: string
name:
description: The name of the domain.
type: string
required:
- id
type: object
project:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
description: The ID of the domain.
type: string
name:
description: The name of the domain.
type: string
required:
- id
type: object
id:
description: The ID of the project.
type: string
name:
description: The name of the project.
type: string
required:
- id
type: object
system:
properties:
all:
const: true
required:
- all
type: object
user:
additionalProperties: false
properties:
domain:
additionalProperties: false
properties:
id:
description: The ID of the domain.
type: string
name:
description: The name of the domain.
type: string
required:
- id
type: object
id:
description: The ID of the user
type: string
name:
description: The name of the user
type: string
required:
- id
type: object
required:
- links
- role
- scope
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
Role_InferencesGetResponse:
properties:
role_inferences:
description: |-
An array of `role_inference` object.
items:
properties:
implies:
description: |-
An implied role object.
items:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: array
prior_role:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: object
type: array
type: object
RolesGetResponse:
properties:
links:
additionalProperties:
format: uri
type:
- 'null'
- string
type: object
roles:
description: |-
A list of `role` objects
items:
description: |-
A `role` object
properties:
description:
description: |-
The role description.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
id:
description: |-
The role ID.
format: uuid
readOnly: true
type: string
links:
additionalProperties:
format: uri
type:
- 'null'
- string
description: |-
The link to the resources in question.
readOnly: true
type: object
name:
description: |-
The role name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
type: object
RolesImpliesGetResponse:
properties:
role_inference:
description: |-
Role inference object that contains `prior_role` object
and `implies` object.
properties:
implies:
description: |-
An array of implied role objects.
items:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: array
prior_role:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: object
type: object
RolesImplyGetResponse:
properties:
role_inference:
description: |-
Role inference object that contains `prior_role` object
and `implies` object.
properties:
implies:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
prior_role:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: object
type: object
RolesImplyPutResponse:
properties:
role_inference:
description: |-
Role inference object that contains `prior_role` object
and `implies` object.
properties:
implies:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
prior_role:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: object
type: object
RolesInfos:
description: List of roles assigned to the resource
properties:
links:
additionalProperties:
format: uri
type:
- 'null'
- string
type: object
roles:
description: |-
A list of `role` objects
items:
description: |-
A prior role object.
properties:
description:
description: The role description.
type: string
id:
description: |-
The role ID.
format: uuid
type: string
links:
description: |-
The link to the resources in question.
properties:
self:
description: The link to the resource in question.
format: uri
type: string
type: object
name:
description: |-
The role name.
type: string
type: object
type: array
type: object
RolesPost:
additionalProperties: false
properties:
role:
additionalProperties: true
description: |-
A `role` object
properties:
description:
description: |-
Add description about the role.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain of the role.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type:
- 'null'
- string
name:
description: |-
The role name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the role. Available resource options are
`immutable`.
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
required:
- name
type: object
required:
- role
type: object
RootGetResponse:
description: Response of the versions:get operation
type: object
S3TokensGetResponse:
description: Response of the s3tokens:get operation
type: object
S3TokensPostRequest:
description: Request of the s3tokens:post operation
type: object
x-openstack:
action-name: POST
S3TokensPostResponse:
description: Response of the s3tokens:post operation
type: object
Service:
properties:
service:
description: |-
A `service` object.
properties:
description:
description: |-
The service description.
type: string
enabled:
description: |-
Defines whether the service and its endpoints
appear in the service catalog: - `false`. The service and its
endpoints do not appear in the service catalog. - `true`. The
service and its endpoints appear in the service catalog.
type: boolean
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
readOnly: true
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: object
ServicePatch:
description: A service object.
properties:
service:
additionalProperties: true
description: |-
A `service` object.
minProperties: 1
properties:
enabled:
description: |-
Defines whether the service and its endpoints
appear in the service catalog: - `false`. The service and its
endpoints do not appear in the service catalog. - `true`. The
service and its endpoints appear in the service catalog.
Default is `true`.
type: boolean
name:
description: |-
The service name.
maxLength: 255
minLength: 1
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
maxLength: 255
minLength: 1
type: string
type: object
required:
- service
type: object
ServicesGetResponse:
properties:
services:
description: |-
A list of `service` object.
items:
description: |-
A `service` object.
properties:
description:
description: |-
The service description.
type: string
enabled:
description: |-
Defines whether the service and its endpoints
appear in the service catalog: - `false`. The service and its
endpoints do not appear in the service catalog. - `true`. The
service and its endpoints appear in the service catalog.
type: boolean
id:
description: |-
The UUID of the service to which the endpoint
belongs.
format: uuid
readOnly: true
type: string
name:
description: |-
The service name.
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
type: string
type: object
type: array
type: object
ServicesPost:
description: A service object.
properties:
service:
additionalProperties: true
description: |-
A `service` object.
properties:
enabled:
description: |-
Defines whether the service and its endpoints
appear in the service catalog: - `false`. The service and its
endpoints do not appear in the service catalog. - `true`. The
service and its endpoints appear in the service catalog.
type: boolean
name:
description: |-
The service name.
maxLength: 255
minLength: 1
type: string
type:
description: |-
The service type, which describes the API
implemented by the service. Value is `compute`, `ec2`,
`identity`, `image`, `network`, or `volume`.
maxLength: 255
minLength: 1
type: string
required:
- type
type: object
type: object
SystemGroupsRolesGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
roles:
description: |-
A list of `role` objects containing `domain_id`, `id`, `links`,
and `name` attributes.
items:
additionalProperties: false
description: A role object.
properties:
description:
description: The role description.
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
type:
- 'null'
- string
id:
description: The ID of the role.
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the role.
maxLength: 255
minLength: 1
type: string
options:
additionalProperties: false
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
SystemUsersRolesGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
roles:
description: |-
A list of `role` objects containing `domain_id`, `id`, `links`,
and `name` attributes.
items:
additionalProperties: false
description: A role object.
properties:
description:
description: The role description.
type:
- 'null'
- string
domain_id:
description: The ID of the domain.
type:
- 'null'
- string
id:
description: The ID of the role.
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
name:
description: The name of the role.
maxLength: 255
minLength: 1
type: string
options:
additionalProperties: false
properties:
immutable:
enum:
-
- false
- true
type:
- boolean
- 'null'
type: object
type: object
type: array
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
type: object
UserGetResponse:
additionalProperties: false
properties:
user:
additionalProperties: true
description: |-
A `user` object
properties:
default_project_id:
description: |-
The ID of the default project for the user.
type:
- 'null'
- string
description:
description: The user description
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
type: boolean
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": "mapped", "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
description: The Identity Provider ID of the federated user
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
id:
description: |-
The user ID.
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The user name. Must be unique within the owning domain.
type: string
options:
additionalProperties: false
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password_expires_at:
description: |-
The date and time when the password expires. The time zone
is UTC.
This is a response object attribute; not valid for requests.
A `null` value indicates that the password never expires.
**New in version 3.7**
format: date-time
type:
- 'null'
- string
required:
- domain_id
- enabled
- id
- name
type: object
required:
- user
type: object
UserPatch:
additionalProperties: false
properties:
user:
additionalProperties: true
description: |-
A `user` object
minProperties: 1
properties:
default_project_id:
description: |-
The new ID of the default project for the user.
type:
- 'null'
- string
description:
description: The description of the user resource.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the new domain for the user. The ability to change the domain
of a user is now deprecated, and will be removed in subsequent release.
It is already disabled by default in most Identity service implementations.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
enabled:
description: |-
Enables or disables the user. An enabled user
can authenticate and receive authorization. A disabled user
cannot authenticate or receive authorization. Additionally, all
tokens that the user holds become no longer valid. If you reenable
this user, pre-existing tokens do not become valid. To enable the
user, set to `true`. To disable the user, set to `false`.
Default is `true`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": mapped, "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
name:
description: |-
The new name for the user. Must be unique within the owning domain.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the user. Available resource options are
`ignore_change_password_upon_first_use`, `ignore_password_expiry`,
`ignore_lockout_failure_attempts`, `lock_password`,
`multi_factor_auth_enabled`, and `multi_factor_auth_rules`
`ignore_user_inactivity`.
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password:
description: |-
The new password for the user.
type:
- 'null'
- string
type: object
required:
- user
type: object
UserPatchResponse:
additionalProperties: false
properties:
user:
additionalProperties: true
description: |-
A `user` object
minProperties: 1
properties:
default_project_id:
description: |-
The ID of the default project for the user.
type:
- 'null'
- string
description:
description: The description of the user resource.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": "mapped", "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
name:
description: |-
The user name. Must be unique within the owning domain.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the user. Available resource options are
`ignore_change_password_upon_first_use`, `ignore_password_expiry`,
`ignore_lockout_failure_attempts`, `lock_password`,
`multi_factor_auth_enabled`, and `multi_factor_auth_rules`
`ignore_user_inactivity`.
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password:
description: The password for the user.
type:
- 'null'
- string
type: object
required:
- user
type: object
UsersAccess_RuleGetResponse:
additionalProperties: false
description: An access rule object.
properties:
access_rule:
additionalProperties: false
description: An access rule object.
properties:
id:
description: The UUID of the access rule
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
method:
description: The request method that the application credential is
permitted to use for a given API endpoint.
enum:
- DELETE
- GET
- HEAD
- PATCH
- POST
- PUT
type: string
path:
description: The API path that the application credential is
permitted to access.
maxLength: 225
minLength: 0
pattern: ^/\.*
type: string
service:
description: The service type identifier for the service that the
application credential is permitted to access. Must be a service
type that is listed in the service catalog and not a code name
for a service.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
type: object
type: object
UsersAccess_RulesGetResponse:
additionalProperties: false
properties:
access_rules:
description: A list of access_rule objects.
items:
additionalProperties: false
description: An access rule object.
properties:
id:
description: The UUID of the access rule
readOnly: true
type: string
links:
additionalProperties: false
description: |-
The link to the resources in question.
properties:
self:
format: uri
type: string
readOnly: true
type: object
method:
description: The request method that the application credential
is permitted to use for a given API endpoint.
enum:
- DELETE
- GET
- HEAD
- PATCH
- POST
- PUT
type: string
path:
description: The API path that the application credential is
permitted to access.
maxLength: 225
minLength: 0
pattern: ^/\.*
type: string
service:
description: The service type identifier for the service that
the application credential is permitted to access. Must be a
service type that is listed in the service catalog and not a
code name for a service.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
type: object
type: array
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
type: object
UsersApplication_CredentialGet:
additionalProperties: false
properties:
id:
description: The UUID of the application credential
type: string
type: object
UsersApplication_CredentialGetResponse:
additionalProperties: false
properties:
application_credential:
properties:
access_rules:
description: A list of access_rules objects
items:
properties:
id:
type: string
method:
type: string
path:
type: string
service:
type: string
type: object
type: array
description:
description: A description of the application credential's
purpose.
type:
- 'null'
- string
expires_at:
type:
- 'null'
- string
id:
description: The ID of the application credential.
format: uuid
readOnly: true
type: string
name:
description: The name of the application credential. Must be
unique to a user.
type: string
project_id:
description: The ID of the project the application credential was
created for and that authentication requests using this
application credential will be scoped to.
format: uuid
type: string
roles:
description: An optional list of role objects, identified by ID or
name. The list may only contain roles that the user has assigned
on the project. If not provided, the roles assigned to the
application credential will be the same as the roles in the
current token.
items:
properties:
id:
type: string
name:
type: string
type: object
type: array
unrestricted:
description: An optional flag to restrict whether the application
credential may be used for the creation or destruction of other
application credentials or trusts. Defaults to false.
type: boolean
type: object
required:
- application_credential
type: object
UsersApplication_CredentialsGetResponse:
properties:
application_credentials:
items:
properties:
access_rules:
description: A list of access_rules objects
items:
properties:
id:
type: string
method:
type: string
path:
type: string
service:
type: string
type: object
type: array
description:
description: A description of the application credential's
purpose.
type:
- 'null'
- string
expires_at:
type:
- 'null'
- string
id:
description: The ID of the application credential.
format: uuid
readOnly: true
type: string
name:
description: The name of the application credential. Must be
unique to a user.
type: string
project_id:
description: The ID of the project the application credential
was created for and that authentication requests using this
application credential will be scoped to.
format: uuid
type: string
roles:
description: An optional list of role objects, identified by ID
or name. The list may only contain roles that the user has
assigned on the project. If not provided, the roles assigned
to the application credential will be the same as the roles in
the current token.
items:
properties:
id:
type: string
name:
type: string
type: object
type: array
unrestricted:
description: An optional flag to restrict whether the
application credential may be used for the creation or
destruction of other application credentials or trusts.
Defaults to false.
type: boolean
type: object
type: array
required:
- application_credentials
type: object
UsersApplication_CredentialsPost:
additionalProperties: false
description: An application credential object.
properties:
application_credential:
additionalProperties: false
description: |-
An application credential object.
properties:
access_rules:
description: |-
A list of `access_rules` objects
items:
properties:
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
method:
description: The request method that the application
credential is permitted to use for a given API endpoint.
enum:
- DELETE
- GET
- HEAD
- PATCH
- POST
- PUT
type: string
path:
description: The API path that the application credential is
permitted to access.
maxLength: 225
minLength: 0
pattern: ^/\.*
type: string
service:
description: The service type identifier for the service
that the application credential is permitted to access.
Must be a service type that is listed in the service
catalog and not a code name for a service.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
type: object
type: array
description:
description: |-
A description of the application credential’s purpose.
type:
- 'null'
- string
expires_at:
description: |-
An optional expiry time for the application credential. If unset, the
application credential does not expire.
type:
- 'null'
- string
id:
description: The UUID for the credential.
type: string
name:
description: |-
The name of the application credential. Must be unique to a user.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
project_id:
description: The ID of the project the application credential was
created for and that authentication requests using this
application credential will be scoped to.
type: string
roles:
description: |-
An optional list of role objects, identified by ID or name. The list
may only contain roles that the user has assigned on the project.
If not provided, the roles assigned to the application credential will
be the same as the roles in the current token.
items:
additionalProperties: false
maxProperties: 1
minProperties: 1
properties:
id:
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
name:
description: The resource name.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
type: object
type: array
secret:
description: |-
The secret that the application credential will be created with. If not
provided, one will be generated.
type:
- 'null'
- string
system:
type:
- 'null'
- string
unrestricted:
description: |-
An optional flag to restrict whether the application credential may be
used for the creation or destruction of other application credentials or
trusts. Defaults to false.
type:
- boolean
- 'null'
required:
- name
type: object
required:
- application_credential
type: object
UsersApplication_CredentialsPostResponse:
additionalProperties: false
properties:
application_credential:
properties:
access_rules:
description: A list of access_rules objects
items:
properties:
id:
type: string
method:
type: string
path:
type: string
service:
type: string
type: object
type: array
description:
description: A description of the application credential's
purpose.
type:
- 'null'
- string
expires_at:
type:
- 'null'
- string
id:
description: The ID of the application credential.
format: uuid
readOnly: true
type: string
name:
description: The name of the application credential. Must be
unique to a user.
type: string
project_id:
description: The ID of the project the application credential was
created for and that authentication requests using this
application credential will be scoped to.
format: uuid
type: string
roles:
description: An optional list of role objects, identified by ID or
name. The list may only contain roles that the user has assigned
on the project. If not provided, the roles assigned to the
application credential will be the same as the roles in the
current token.
items:
properties:
id:
type: string
name:
type: string
type: object
type: array
secret:
description: The secret for the application credential, either
generated by the server or provided by the user. This is only
ever shown once in the response to a create request. It is not
stored nor ever shown again. If the secret is lost, a new
application credential must be created.
type: string
unrestricted:
description: An optional flag to restrict whether the application
credential may be used for the creation or destruction of other
application credentials or trusts. Defaults to false.
type: boolean
type: object
required:
- application_credential
type: object
UsersCredentialsOs_Ec2GetResponse:
description: Response of the users/user_id/credentials/OS-EC2:get
operation
type: object
UsersCredentialsOs_Ec2PostRequest:
description: Request of the users/user_id/credentials/OS-EC2:post
operation
type: object
x-openstack:
action-name: POST
UsersCredentialsOs_Ec2PostResponse:
description: Response of the users/user_id/credentials/OS-EC2:post
operation
type: object
UsersGetResponse:
additionalProperties: false
properties:
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
truncated:
description: Flag indicating that the amount of entities exceeds
global response limit
type: boolean
users:
description: |-
A list of `user` objects
items:
additionalProperties: true
description: |-
A `user` object
properties:
default_project_id:
description: |-
The ID of the default project for the user.
type:
- 'null'
- string
description:
description: The user description
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
type: boolean
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": "mapped", "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
description: The Identity Provider ID of the federated
user
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
id:
description: |-
The user ID.
type: string
links:
additionalProperties: false
description: |-
The links for the `user` resource.
properties:
next:
format: uri
type:
- 'null'
- string
previous:
format: uri
type:
- 'null'
- string
self:
format: uri
type: string
readOnly: true
required:
- self
type: object
name:
description: |-
The user name. Must be unique within the owning domain.
type: string
options:
additionalProperties: false
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password_expires_at:
description: |-
The date and time when the password expires. The time zone
is UTC.
This is a response object attribute; not valid for requests.
A `null` value indicates that the password never expires.
**New in version 3.7**
format: date-time
type:
- 'null'
- string
required:
- domain_id
- enabled
- id
- name
type: object
type: array
type: object
UsersGroupsGetResponse:
properties:
groups:
description: |-
A list of `group` objects
items:
properties:
description:
description: |-
The description of the group.
type: string
domain_id:
description: |-
The ID of the domain of the group.
format: uuid
type: string
id:
description: |-
The ID of the group.
format: uuid
type: string
membership_expires_at:
description: |-
The date and time when the group membership expires.
A `null` value indicates that the membership never expires.
**New in version 3.14**
format: date-time
type: string
x-openstack:
min-ver: '3.14'
name:
description: |-
The name of the group.
type: string
type: object
type: array
type: object
UsersOs_Oauth1Access_TokenGetResponse:
description: Response of the
users/user_id/OS-OAUTH1/access_tokens/access_token_id:get operation
type: object
UsersOs_Oauth1Access_TokensGetResponse:
description: Response of the users/user_id/OS-OAUTH1/access_tokens:get
operation
type: object
UsersOs_Oauth1Access_TokensRoleGetResponse:
description: Response of the
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles/role_id:get
operation
type: object
UsersOs_Oauth1Access_TokensRolesGetResponse:
description: Response of the
users/user_id/OS-OAUTH1/access_tokens/access_token_id/roles:get
operation
type: object
UsersPasswordPostRequest:
properties:
user:
additionalProperties: false
description: |-
A `user` object
properties:
original_password:
description: |-
The original password for the user.
format: password
type: string
password:
description: |-
The new password for the user.
format: password
type: string
required:
- original_password
- password
type: object
type: object
UsersPost:
additionalProperties: false
properties:
user:
additionalProperties: true
description: |-
A `user` object
properties:
default_project_id:
description: |-
The ID of the default project for the user.
A user’s default project must not be a domain. Setting this
attribute does not grant any actual authorization on the project,
and is merely provided for convenience. Therefore, the referenced
project does not need to exist within the user domain. (Since v3.1)
If the user does not have authorization to their default project,
the default project is ignored at token creation. (Since v3.1)
Additionally, if your default project is not valid, a token is
issued without an explicit scope of authorization.
type:
- 'null'
- string
description:
description: The description of the user resource.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain of the user. If the domain ID is not
provided in the request, the Identity service will attempt to
pull the domain ID from the token used in the request. Note that
this requires the use of a domain-scoped token.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": mapped, "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
name:
description: |-
The user name. Must be unique within the owning domain.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the user. Available resource options are
`ignore_change_password_upon_first_use`, `ignore_password_expiry`,
`ignore_lockout_failure_attempts`, `lock_password`,
`multi_factor_auth_enabled`, and `multi_factor_auth_rules`
`ignore_user_inactivity`.
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password:
description: |-
The password for the user.
type:
- 'null'
- string
required:
- name
type: object
required:
- user
type: object
UsersPostResponse:
additionalProperties: false
properties:
user:
additionalProperties: true
description: |-
A `user` object
properties:
default_project_id:
description: |-
The ID of the default project for the user.
type:
- 'null'
- string
description:
description: The description of the user resource.
type:
- 'null'
- string
domain_id:
description: |-
The ID of the domain.
maxLength: 64
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
type: string
enabled:
description: |-
If the user is enabled, this value is `true`.
If the user is disabled, this value is `false`.
enum:
- ''
- '0'
- '1'
- 'FALSE'
- false
- 'False'
- N
- OFF
- ON
- 'TRUE'
- true
- 'True'
- Y
- 'false'
- n
- no
- off
- on
- 'true'
- y
- yes
type:
- boolean
- 'null'
- string
federated:
description: |-
List of federated objects associated with a user. Each object in the list
contains the `idp_id` and `protocols`. `protocols` is a list of
objects, each of which contains `protocol_id` and `unique_id` of
the protocol and user respectively. For example:
```
"federated": [
{
"idp_id": "efbab5a6acad4d108fec6c63d9609d83",
"protocols": [
{"protocol_id": "mapped", "unique_id": "test@example.com"}
]
}
]
```
items:
properties:
idp_id:
type: string
protocols:
items:
properties:
protocol_id:
type: string
unique_id:
type: string
required:
- protocol_id
- unique_id
type: object
minItems: 1
type: array
required:
- idp_id
- protocols
type: object
type: array
name:
description: |-
The user name. Must be unique within the owning domain.
maxLength: 255
minLength: 1
pattern: '[\S]+'
type: string
options:
additionalProperties: false
description: |-
The resource options for the user. Available resource options are
`ignore_change_password_upon_first_use`, `ignore_password_expiry`,
`ignore_lockout_failure_attempts`, `lock_password`,
`multi_factor_auth_enabled`, and `multi_factor_auth_rules`
`ignore_user_inactivity`.
properties:
ignore_change_password_upon_first_use:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_lockout_failure_attempts:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_password_expiry:
enum:
-
- false
- true
type:
- boolean
- 'null'
ignore_user_inactivity:
enum:
-
- false
- true
type:
- boolean
- 'null'
lock_password:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_enabled:
enum:
-
- false
- true
type:
- boolean
- 'null'
multi_factor_auth_rules:
items:
items:
type: string
minItems: 1
type: array
uniqueItems: true
type:
- array
- 'null'
uniqueItems: true
type: object
password:
description: The password for the user.
type:
- 'null'
- string
required:
- name
type: object
required:
- user
type: object
UsersProjectsGetResponse:
properties:
projects:
description: A list of project objects
items:
properties:
description:
description: The description of the project.
type: string
domain_id:
description: The ID of the domain of the project.
format: uuid
type: string
id:
description: The ID of the project.
format: uuid
type: string
name:
description: The name of the project.
type: string
parent_id:
description: The parent id of the project.
format: uuid
type: string
type: object
type: array
type: object
securitySchemes:
ApiKeyAuth:
in: header
name: X-Auth-Token
type: apiKey
security:
- ApiKeyAuth: []
tags:
- name: OS-EP-FILTER
- name: OS-FEDERATION
- name: OS-INHERIT
- name: OS-OAUTH1
- name: OS-OAUTH2
- name: OS-REVOKE
- name: OS-SIMPLE-CERT
- name: OS-TRUST
- name: auth
- name: credentials
- name: domain-configuration
- name: domains
- name: ec2tokens
- name: endpoints
- name: groups
- name: limits
- name: policies
- name: projects
- name: regions
- name: registered_limits
- name: role_assignments
- name: role_inferences
- name: roles
- name: s3tokens
- name: services
- name: system
- name: users
- name: v3
- name: version