keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

system-roles.inc
Go to the documentation of this file.
1 .. -*- rst -*-
2 
3 =======================
4 System Role Assignments
5 =======================
6 
7 A system role assignment ultimately controls access to system-level API calls.
8 System role assignments are similar to project or domain role assignments, but
9 are meant for a different target. Instead of giving a user or group a role on a
10 project, they can be given a system role.
11 
12 Good examples of system-level APIs include management of the service catalog
13 and compute hypervisors.
14 
15 List system role assignments for a user
16 =======================================
17 
18 .. rest_method:: GET /v3/system/users/{user_id}/roles
19 
20 Lists all system role assignment a user has.
21 
22 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_user_roles``
23 
24 Request
25 -------
26 
27 Parameters
28 ~~~~~~~~~~
29 
30 .. rest_parameters:: parameters.yaml
31 
32  - user_id: user_id_path
33 
34 Response
35 --------
36 
37 Parameters
38 ~~~~~~~~~~
39 
40 .. rest_parameters:: parameters.yaml
41 
42  - links: link_response_body
43  - roles: system_roles_response_body
44 
45 Status Codes
46 ~~~~~~~~~~~~
47 
48 .. rest_status_code:: success status.yaml
49 
50  - 200
51 
52 .. rest_status_code:: error status.yaml
53 
54  - 400
55  - 401
56  - 403
57 
58 Example
59 ~~~~~~~
60 
61 .. literalinclude:: ./samples/admin/list-system-roles-for-user-response.json
62  :language: javascript
63 
64 The functionality of this request can also be achieved using the generalized
65 list assignments API::
66 
67  GET /role_assignments?user.id={user_id}&scope.system
68 
69 Assign a system role to a user
70 ==============================
71 
72 .. rest_method:: PUT /v3/system/users/{user_id}/roles/{role_id}
73 
74 Grant a user a role on the system.
75 
76 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role``
77 
78 Request
79 -------
80 
81 Parameters
82 ~~~~~~~~~~
83 
84 .. rest_parameters:: parameters.yaml
85 
86  - user_id: user_id_path
87  - role_id: role_id_path
88 
89 Response
90 --------
91 
92 Status Codes
93 ~~~~~~~~~~~~
94 
95 .. rest_status_code:: success status.yaml
96 
97  - 204
98 
99 .. rest_status_code:: error status.yaml
100 
101  - 401
102  - 403
103  - 404
104 
105 Check user for a system role assignment
106 =======================================
107 
108 .. rest_method:: HEAD /v3/system/users/{user_id}/roles/{role_id}
109 
110 Check if a specific user has a role assignment on the system.
111 
112 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role``
113 
114 Request
115 -------
116 
117 Parameters
118 ~~~~~~~~~~
119 
120 .. rest_parameters:: parameters.yaml
121 
122  - user_id: user_id_path
123  - role_id: role_id_path
124 
125 Response
126 --------
127 
128 Status Codes
129 ~~~~~~~~~~~~
130 
131 .. rest_status_code:: success status.yaml
132 
133  - 204
134 
135 .. rest_status_code:: error status.yaml
136 
137  - 401
138  - 403
139  - 404
140 
141 Get system role assignment for a user
142 =====================================
143 
144 .. rest_method:: GET /v3/system/users/{user_id}/roles/{role_id}
145 
146 Get a specific system role assignment for a user. This is the same API as
147 ``HEAD /v3/system/users/{user_id}/roles/{role_id}``.
148 
149 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role``
150 
151 Request
152 -------
153 
154 Parameters
155 ~~~~~~~~~~
156 
157 .. rest_parameters:: parameters.yaml
158 
159  - user_id: user_id_path
160  - role_id: role_id_path
161 
162 Response
163 --------
164 
165 Status Codes
166 ~~~~~~~~~~~~
167 
168 .. rest_status_code:: success status.yaml
169 
170  - 204
171 
172 .. rest_status_code:: error status.yaml
173 
174  - 400
175  - 401
176  - 403
177  - 404
178 
179 Delete a system role assignment from a user
180 ===========================================
181 
182 .. rest_method:: DELETE /v3/system/users/{user_id}/roles/{role_id}
183 
184 Remove a system role assignment from a user.
185 
186 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_user_role``
187 
188 Request
189 -------
190 
191 Parameters
192 ~~~~~~~~~~
193 
194 .. rest_parameters:: parameters.yaml
195 
196  - user_id: user_id_path
197  - role_id: role_id_path
198 
199 Response
200 --------
201 
202 Status Codes
203 ~~~~~~~~~~~~
204 
205 .. rest_status_code:: success status.yaml
206 
207  - 204
208 
209 .. rest_status_code:: error status.yaml
210 
211  - 400
212  - 401
213  - 403
214  - 404
215 
216 List system role assignments for a group
217 ========================================
218 
219 .. rest_method:: GET /v3/system/groups/{group_id}/roles
220 
221 Lists all system role assignment a group has.
222 
223 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_group_roles``
224 
225 Request
226 -------
227 
228 Parameters
229 ~~~~~~~~~~
230 
231 .. rest_parameters:: parameters.yaml
232 
233  - group_id: group_id_path
234 
235 Response
236 --------
237 
238 Parameters
239 ~~~~~~~~~~
240 
241 .. rest_parameters:: parameters.yaml
242 
243  - links: link_response_body
244  - roles: system_roles_response_body
245 
246 Status Codes
247 ~~~~~~~~~~~~
248 
249 .. rest_status_code:: success status.yaml
250 
251  - 200
252 
253 .. rest_status_code:: error status.yaml
254 
255  - 400
256  - 401
257  - 403
258 
259 Example
260 ~~~~~~~
261 
262 .. literalinclude:: ./samples/admin/list-system-roles-for-group-response.json
263  :language: javascript
264 
265 The functionality of this request can also be achieved using the generalized
266 list assignments API::
267 
268  GET /role_assignments?group.id={group_id}&scope.system
269 
270 Assign a system role to a group
271 ===============================
272 
273 .. rest_method:: PUT /v3/system/groups/{group_id}/roles/{role_id}
274 
275 Grant a group a role on the system.
276 
277 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role``
278 
279 Request
280 -------
281 
282 Parameters
283 ~~~~~~~~~~
284 
285 .. rest_parameters:: parameters.yaml
286 
287  - group_id: group_id_path
288  - role_id: role_id_path
289 
290 Response
291 --------
292 
293 Status Codes
294 ~~~~~~~~~~~~
295 
296 .. rest_status_code:: success status.yaml
297 
298  - 204
299 
300 .. rest_status_code:: error status.yaml
301 
302  - 400
303  - 401
304  - 403
305  - 404
306 
307 Check group for a system role assignment
308 ========================================
309 
310 .. rest_method:: HEAD /v3/system/groups/{group_id}/roles/{role_id}
311 
312 Check if a specific group has a role assignment on the system.
313 
314 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role``
315 
316 Request
317 -------
318 
319 Parameters
320 ~~~~~~~~~~
321 
322 .. rest_parameters:: parameters.yaml
323 
324  - group_id: group_id_path
325  - role_id: role_id_path
326 
327 Response
328 --------
329 
330 Status Codes
331 ~~~~~~~~~~~~
332 
333 .. rest_status_code:: success status.yaml
334 
335  - 204
336 
337 .. rest_status_code:: error status.yaml
338 
339  - 400
340  - 401
341  - 403
342  - 404
343 
344 Get system role assignment for a group
345 ======================================
346 
347 .. rest_method:: GET /v3/system/groups/{group_id}/roles/{role_id}
348 
349 Get a specific system role assignment for a group. This is the same API as
350 ``HEAD /v3/system/groups/{group_id}/roles/{role_id}``.
351 
352 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role``
353 
354 Request
355 -------
356 
357 Parameters
358 ~~~~~~~~~~
359 
360 .. rest_parameters:: parameters.yaml
361 
362  - group_id: group_id_path
363  - role_id: role_id_path
364 
365 Response
366 --------
367 
368 Status Codes
369 ~~~~~~~~~~~~
370 
371 .. rest_status_code:: success status.yaml
372 
373  - 204
374 
375 .. rest_status_code:: error status.yaml
376 
377  - 400
378  - 401
379  - 403
380  - 404
381 
382 Delete a system role assignment from a group
383 ============================================
384 
385 .. rest_method:: DELETE /v3/system/groups/{group_id}/roles/{role_id}
386 
387 Remove a system role assignment from a group.
388 
389 Relationship: ``https://docs.openstack.org/api/openstack-identity/3/rel/system_group_role``
390 
391 Request
392 -------
393 
394 Parameters
395 ~~~~~~~~~~
396 
397 .. rest_parameters:: parameters.yaml
398 
399  - group_id: group_id_path
400  - role_id: role_id_path
401 
402 Response
403 --------
404 
405 Status Codes
406 ~~~~~~~~~~~~
407 
408 .. rest_status_code:: success status.yaml
409 
410  - 204
411 
412 .. rest_status_code:: error status.yaml
413 
414  - 400
415  - 401
416  - 403
417  - 404
conf.project
string project
Definition: conf.py:57
keystone.api.auth.APIs
tuple APIs
Definition: auth.py:554
keystone.conf.ldap.user
user
Definition: ldap.py:27