"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/api-ref/source/v3/parameters.yaml" (14 Oct 2020, 60666 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "parameters.yaml": 17.0.0_vs_18.0.0.

    1 # variables in header
    2 Openstack-Auth-Receipt:
    3   description: |
    4     The auth receipt.  A partially successful authentication
    5     response returns the auth receipt ID in this header rather than in the
    6     response body.
    7   in: header
    8   required: true
    9   type: string
   10 X-Auth-Token:
   11   description: |
   12     A valid authentication token for an
   13     administrative user.
   14   in: header
   15   required: true
   16   type: string
   17 X-Subject-Token:
   18   description: |
   19     The authentication token.  An authentication
   20     response returns the token ID in this header rather than in the
   21     response body.
   22   in: header
   23   required: true
   24   type: string
   25 
   26 # variables in path
   27 credential_id_path:
   28   description: |
   29     The UUID for the credential.
   30   in: path
   31   required: true
   32   type: string
   33 domain_id_path:
   34   description: |
   35     The domain ID.
   36   in: path
   37   required: true
   38   type: string
   39 endpoint_id_path:
   40   description: |
   41     The endpoint ID.
   42   in: path
   43   required: true
   44   type: string
   45 group_id:
   46   description: |
   47     The group ID.
   48   in: path
   49   required: true
   50   type: string
   51 group_id_path:
   52   description: |
   53     The group ID.
   54   in: path
   55   required: true
   56   type: string
   57 implies_role_id:
   58   description: |
   59     Role ID for an implied role.
   60   in: path
   61   required: true
   62   type: string
   63 limit_id_path:
   64   description: |
   65     The limit ID.
   66   in: path
   67   required: true
   68   type: string
   69 option:
   70   description: |
   71     The option name. For the ``ldap`` group, a valid
   72     value is ``url`` or ``user_tree_dn``. For the ``identity`` group,
   73     a valid value is ``driver``.
   74   in: path
   75   required: true
   76   type: string
   77 policy_id_path:
   78   description: |
   79     The policy ID.
   80   in: path
   81   required: true
   82   type: string
   83 prior_role_id:
   84   description: |
   85     Role ID for a prior role.
   86   in: path
   87   required: true
   88   type: string
   89 project_id_path:
   90   description: |
   91     The project ID.
   92   in: path
   93   required: true
   94   type: string
   95 project_tag_path:
   96   description: |
   97     A simple string associated with a project. Can be used for assigning
   98     values to projects and filtering based on those values.
   99   in: path
  100   required: true
  101   type: string
  102 region_id_path:
  103   description: |
  104     The region ID.
  105   in: path
  106   required: true
  107   type: string
  108 registered_limit_id_path:
  109   description: |
  110     The registered limit ID.
  111   in: path
  112   required: true
  113   type: string
  114 request_access_rule_id_path_required:
  115   description: |
  116     The ID of the access rule.
  117   in: path
  118   required: true
  119   type: string
  120 request_access_rule_user_id_path_required:
  121   description: |
  122     The ID of the user who owns the access rule.
  123   in: path
  124   required: true
  125   type: string
  126 request_application_credential_id_path_required:
  127   description: |
  128     The ID of the application credential.
  129   in: path
  130   required: true
  131   type: string
  132 request_application_credential_user_id_path_required:
  133   description: |
  134     The ID of the user who owns the application credential.
  135   in: path
  136   required: true
  137   type: string
  138 role_id:
  139   description: |
  140     The role ID.
  141   in: path
  142   required: true
  143   type: string
  144 role_id_path:
  145   description: |
  146     The role ID.
  147   in: path
  148   required: true
  149   type: string
  150 service_id_path:
  151   description: |
  152     The service ID.
  153   in: path
  154   required: true
  155   type: string
  156 user_id_path:
  157   description: |
  158     The user ID.
  159   in: path
  160   required: true
  161   type: string
  162 
  163 # variables in query
  164 allow_expired:
  165   description: |
  166     (Since v3.8) Allow fetching a token that has expired. By default expired
  167     tokens return a 404 exception.
  168   in: query
  169   required: false
  170   type: bool
  171 domain_enabled_query:
  172   description: |
  173     If set to true, then only domains that are enabled will be returned, if set
  174     to false only that are disabled will be returned. Any value other than
  175     ``0``, including no value, will be interpreted as true.
  176   in: query
  177   required: false
  178   type: string
  179 domain_id_query:
  180   description: |
  181     Filters the response by a domain ID.
  182   in: query
  183   required: false
  184   type: string
  185 domain_name_query:
  186   description: |
  187     Filters the response by a domain name.
  188   in: query
  189   required: false
  190   type: string
  191 effective_query:
  192   description: |
  193     Returns the effective assignments, including any assignments gained by
  194     virtue of group membership.
  195   in: query
  196   required: false
  197   type: key-only (no value required)
  198 enabled_user_query:
  199   description: |
  200     Filters the response by either enabled (``true``)
  201     or disabled (``false``) users.
  202   in: query
  203   required: false
  204   type: string
  205 group_id_query:
  206   description: |
  207     Filters the response by a group ID.
  208   in: query
  209   required: false
  210   type: string
  211 group_name_query:
  212   description: |
  213     Filters the response by a group name.
  214   in: query
  215   required: false
  216   type: string
  217 idp_id_query:
  218   description: |
  219     Filters the response by an identity provider ID.
  220   in: query
  221   required: false
  222   type: string
  223 include_limits:
  224   description: |
  225     It should be used together with `parents_as_list` or `subtree_as_list`
  226     filter to add the related project's limits into the response body.
  227   in: query
  228   required: false
  229   type: key-only, no value expected
  230 include_names_query:
  231   description: |
  232     If set to true, then the names of any entities returned will be include as
  233     well as their IDs. Any value other than ``0`` (including no value) will be
  234     interpreted as true.
  235   in: query
  236   required: false
  237   type: boolean
  238   min_version: 3.6
  239 include_subtree_query:
  240   description: |
  241     If set to true, then relevant assignments in the project hierarchy below
  242     the project specified in the ``scope.project_id`` query parameter are also
  243     included in the response. Any value other than ``0`` (including no value)
  244     for ``include_subtree`` will be interpreted as true.
  245   in: query
  246   required: false
  247   type: boolean
  248   min_version: 3.6
  249 interface_query:
  250   description: |
  251     Filters the response by an interface.
  252   in: query
  253   required: false
  254   type: string
  255 is_domain_query:
  256   description: |
  257     If this is specified as true, then only projects acting as a domain are
  258     included. Otherwise, only projects that are not acting as a domain are
  259     included.
  260   in: query
  261   required: false
  262   type: boolean
  263   min_version: 3.6
  264 name_user_query:
  265   description: |
  266     Filters the response by a user name.
  267   in: query
  268   required: false
  269   type: string
  270 nocatalog:
  271   description: |
  272     (Since v3.1) The authentication response excludes
  273     the service catalog. By default, the response includes the service
  274     catalog.
  275   in: query
  276   required: false
  277   type: string
  278 parent_id_query:
  279   description: |
  280     Filters the response by a parent ID.
  281   in: query
  282   required: false
  283   type: string
  284   min_version: 3.4
  285 parent_region_id_query_not_required:
  286   description: |
  287     Filters the response by a parent region, by ID.
  288   in: query
  289   required: false
  290   type: string
  291 parents_as_ids:
  292   description: |
  293     The entire parent hierarchy will be included as
  294     nested dictionaries in the response. It will contain
  295     all projects ids found by traversing up the hierarchy
  296     to the top-level project.
  297   in: query
  298   required: false
  299   type: key-only, no value expected
  300   min_version: 3.4
  301 parents_as_list:
  302   description: |
  303     The parent hierarchy will be included as a list in the response.
  304     This list will contain the projects found by traversing up the
  305     hierarchy to the top-level project. The returned list will be
  306     filtered against the projects the user has an effective role
  307     assignment on.
  308   in: query
  309   required: false
  310   type: key-only, no value expected
  311   min_version: 3.4
  312 password_expires_at_query:
  313   description: |
  314     Filter results based on which user passwords have expired. The query should
  315     include an ``operator`` and a ``timestamp`` with a colon (``:``) separating
  316     the two, for example::
  317 
  318       password_expires_at={operator}:{timestamp}
  319 
  320     - Valid operators are: ``lt``, ``lte``, ``gt``, ``gte``, ``eq``, and ``neq``
  321 
  322       - lt: expiration time lower than the timestamp
  323       - lte: expiration time lower than or equal to the timestamp
  324       - gt: expiration time higher than the timestamp
  325       - gte: expiration time higher than or equal to the timestamp
  326       - eq: expiration time equal to the timestamp
  327       - neq: expiration time not equal to the timestamp
  328 
  329     - Valid timestamps are of the form: ``YYYY-MM-DDTHH:mm:ssZ``.
  330 
  331     For example::
  332 
  333       /v3/users?password_expires_at=lt:2016-12-08T22:02:00Z
  334 
  335     The example would return a list of users whose password expired before the
  336     timestamp (``2016-12-08T22:02:00Z``).
  337 
  338   in: query
  339   required: false
  340   type: string
  341 policy_type_query:
  342   description: |
  343     Filters the response by a MIME media type for the
  344     serialized policy blob. For example, ``application/json``.
  345   in: query
  346   required: false
  347   type: string
  348 project_enabled_query:
  349   description: |
  350     If set to true, then only enabled projects will be returned. Any value
  351     other than ``0`` (including no value) will be interpreted as true.
  352   in: query
  353   required: false
  354   type: boolean
  355 project_name_query:
  356   description: |
  357     Filters the response by a project name.
  358   in: query
  359   required: false
  360   type: string
  361 protocol_id_query:
  362   description: |
  363     Filters the response by a protocol ID.
  364   in: query
  365   required: false
  366   type: string
  367 region_id_query:
  368   description: |
  369     Filters the response by a region ID.
  370   in: query
  371   required: false
  372   type: string
  373 request_application_credential_name_query_not_required:
  374   description: |
  375     The name of the application credential. Must be unique to a user.
  376   in: query
  377   required: false
  378   type: string
  379 request_nocatalog_unscoped_path_not_required:
  380   description: |
  381     (Since v3.1) nocatalog only works for scoped token. For unscoped token, the
  382     authentication response always excludes the service catalog.
  383   in: query
  384   required: false
  385   type: string
  386 request_service_name_query_not_required:
  387   description: |
  388     Filters the response by a service name.
  389   in: query
  390   required: false
  391   type: string
  392 resource_name_query:
  393   description: |
  394     Filters the response by a specified resource name.
  395   in: query
  396   required: false
  397   type: string
  398 role_id_query:
  399   description: |
  400     Filters the response by a role ID.
  401   in: query
  402   required: false
  403   type: string
  404 role_name_query:
  405   description: |
  406     Filters the response by a role name.
  407   in: query
  408   required: false
  409   type: string
  410 scope_domain_id_query:
  411   description: |
  412     Filters the response by a domain ID.
  413   in: query
  414   required: false
  415   type: string
  416 scope_os_inherit_inherited_to:
  417   description: |
  418     Filters based on role assignments that are inherited.
  419     The only value of ``inherited_to`` that is currently
  420     supported is ``projects``.
  421   in: query
  422   required: false
  423   type: string
  424 scope_project_id_query:
  425   description: |
  426     Filters the response by a project ID.
  427   in: query
  428   required: false
  429   type: string
  430 scope_system_query:
  431   description: |
  432     Filters the response by system assignments.
  433   in: query
  434   required: false
  435   type: string
  436 service_id_query:
  437   description: |
  438     Filters the response by a service ID.
  439   in: query
  440   required: false
  441   type: string
  442 service_type_query:
  443   description: |
  444     Filters the response by a service type. A valid
  445     value is ``compute``, ``ec2``, ``identity``, ``image``,
  446     ``network``, or ``volume``.
  447   in: query
  448   required: false
  449   type: string
  450 subtree_as_ids:
  451   description: |
  452     The entire child hierarchy will be included as nested dictionaries
  453     in the response. It will contain all the projects ids found by
  454     traversing down the hierarchy.
  455   in: query
  456   required: false
  457   type: key-only, no value expected
  458   min_version: 3.4
  459 subtree_as_list:
  460   description: |
  461     The child hierarchy will be included as a list in the response.
  462     This list will contain the projects found by traversing down
  463     the hierarchy. The returned list will be filtered against the
  464     projects the user has an effective role assignment on.
  465   in: query
  466   required: false
  467   type: key-only, no value expected
  468   min_version: 3.4
  469 unique_id_query:
  470   description: |
  471     Filters the response by a unique ID.
  472   in: query
  473   required: false
  474   type: string
  475 user_id_query:
  476   description: |
  477     Filters the response by a user ID.
  478   in: query
  479   required: false
  480   type: string
  481 
  482 # variables in body
  483 audit_ids:
  484   description: |
  485     A list of one or two audit IDs. An audit ID is a
  486     unique, randomly generated, URL-safe string that you can use to
  487     track a token.  The first audit ID is the current audit ID for the
  488     token.  The second audit ID is present for only re-scoped tokens
  489     and is the audit ID from the token before it was re-scoped. A re-
  490     scoped token is one that was exchanged for another token of the
  491     same or different scope.  You can use these audit IDs to track the
  492     use of a token or chain of tokens across multiple requests and
  493     endpoints without exposing the token ID to non-privileged users.
  494   in: body
  495   required: true
  496   type: array
  497 auth:
  498   description: |
  499     An ``auth`` object.
  500   in: body
  501   required: true
  502   type: object
  503 auth_application_credential_restricted_body:
  504   description: |
  505     Whether the application credential is permitted to be used for creating and
  506     deleting additional application credentials and trusts.
  507   in: body
  508   required: true
  509   type: object
  510 auth_domain:
  511   description: |
  512     Specify either ``id`` or ``name`` to uniquely
  513     identify the domain.
  514   in: body
  515   required: false
  516   type: object
  517 auth_methods:
  518   description: |
  519     The authentication methods, which are commonly ``password``,
  520     ``token``, or other methods.  Indicates the accumulated set of
  521     authentication methods that were used to obtain the token. For
  522     example, if the token was obtained by password authentication, it
  523     contains ``password``. Later, if the token is exchanged by using
  524     the token authentication method one or more times, the
  525     subsequently created tokens contain both ``password`` and
  526     ``token`` in their ``methods`` attribute.  Unlike multi-factor
  527     authentication, the ``methods`` attribute merely indicates the
  528     methods that were used to authenticate the user in exchange for a
  529     token. The client is responsible for determining the total number
  530     of authentication factors.
  531   in: body
  532   required: true
  533   type: array
  534 auth_methods_application_credential:
  535   description: |
  536     The authentication method. To authenticate with an application credential,
  537     specify ``application_credential``.
  538   in: body
  539   required: true
  540   type: array
  541 auth_methods_passwd:
  542   description: |
  543     The authentication method. For password
  544     authentication, specify ``password``.
  545   in: body
  546   required: true
  547   type: array
  548 auth_methods_receipt:
  549   description: |
  550     The authentication methods, which are commonly ``password``,
  551     ``totp``, or other methods.  Indicates the accumulated set of
  552     authentication methods that were used to obtain the receipt. For
  553     example, if the receipt was obtained by password authentication, it
  554     contains ``password``. Later, if the receipt is exchanged by using
  555     another authentication method one or more times, the
  556     subsequently created receipts could contain both ``password`` and
  557     ``totp`` in their ``methods`` attribute.
  558   in: body
  559   required: true
  560   type: array
  561 auth_methods_token:
  562   description: |
  563     The authentication method. For token
  564     authentication, specify ``token``.
  565   in: body
  566   required: true
  567   type: array
  568 auth_methods_totp:
  569   description: |
  570     The authentication method. For totp
  571     authentication, specify ``totp``.
  572   in: body
  573   required: true
  574   type: array
  575 auth_token:
  576   description: |
  577     A ``token`` object. The token authentication
  578     method is used. This method is typically used in combination with
  579     a request to change authorization scope.
  580   in: body
  581   required: true
  582   type: object
  583 auth_token_id:
  584   description: |
  585     A token ID.
  586   in: body
  587   required: true
  588   type: string
  589 catalog:
  590   description: |
  591     A ``catalog`` object.
  592   in: body
  593   required: true
  594   type: array
  595 catalog_response_body_optional:
  596   description: |
  597     A ``catalog`` object.
  598   in: body
  599   required: false
  600   type: array
  601 credential:
  602   description: |
  603     A ``credential`` object.
  604   in: body
  605   required: true
  606   type: object
  607 credential_blob:
  608   description: |
  609     The credential itself, as a serialized blob.
  610   in: body
  611   required: true
  612   type: string
  613 credential_blob_not_required:
  614   description: |
  615     The credential itself, as a serialized blob.
  616   in: body
  617   required: false
  618   type: string
  619 credential_id:
  620   description: |
  621     The UUID for the credential.
  622   in: body
  623   required: true
  624   type: string
  625 credential_links:
  626   description: |
  627     The links for the ``credential`` resource.
  628   in: body
  629   required: true
  630   type: object
  631 credential_type:
  632   description: |
  633     The credential type, such as ``ec2`` or ``cert``.
  634     The implementation determines the list of supported types.
  635   in: body
  636   required: true
  637   type: string
  638 credential_type_not_required:
  639   description: |
  640     The credential type, such as ``ec2`` or ``cert``.
  641     The implementation determines the list of supported types.
  642   in: body
  643   required: false
  644   type: string
  645 credential_user_id:
  646   description: |
  647     The ID of the user who owns the credential.
  648   in: body
  649   required: true
  650   type: string
  651 credential_user_id_not_required:
  652   description: |
  653     The ID of the user who owns the credential.
  654   in: body
  655   required: false
  656   type: string
  657 credentials:
  658   description: |
  659     A list of ``credential`` objects.
  660   in: body
  661   required: true
  662   type: array
  663 credentials_links:
  664   description: |
  665     The links for the ``credentials`` resource.
  666   in: body
  667   required: true
  668   type: object
  669 default_limit:
  670   description: |
  671     The default limit for the registered limit.
  672   in: body
  673   required: true
  674   type: integer
  675 default_project_id_request_body:
  676   description: |
  677     The ID of the default project for the user.
  678     A user's default project must not be a domain. Setting this
  679     attribute does not grant any actual authorization on the project,
  680     and is merely provided for convenience. Therefore, the referenced
  681     project does not need to exist within the user domain.  (Since v3.1)
  682     If the user does not have authorization to their default project,
  683     the default project is ignored at token creation.  (Since v3.1)
  684     Additionally, if your default project is not valid, a token is
  685     issued without an explicit scope of authorization.
  686   in: body
  687   required: false
  688   type: string
  689 default_project_id_response_body:
  690   description: |
  691     The ID of the default project for the user.
  692   in: body
  693   required: false
  694   type: string
  695 default_project_id_update_body:
  696   description: |
  697     The new ID of the default project for the user.
  698   in: body
  699   required: false
  700   type: string
  701 description_limit_request_body:
  702   description: |
  703     The limit description.
  704   in: body
  705   required: false
  706   type: string
  707 description_limit_response_body:
  708   description: |
  709     The limit description.
  710   in: body
  711   required: true
  712   type: string
  713 description_region_request_body:
  714   description: |
  715     The region description.
  716   in: body
  717   required: false
  718   type: string
  719 description_region_response_body:
  720   description: |
  721     The region description.
  722   in: body
  723   required: true
  724   type: string
  725 description_registered_limit_request_body:
  726   description: |
  727     The registered limit description.
  728   in: body
  729   required: false
  730   type: string
  731 description_registered_limit_response_body:
  732   description: |
  733     The registered limit description.
  734   in: body
  735   required: true
  736   type: string
  737 domain:
  738   description: |
  739     A ``domain`` object
  740   in: body
  741   required: true
  742   type: object
  743 domain_config:
  744   description: |
  745     A ``config`` object.
  746   in: body
  747   required: true
  748   type: object
  749 domain_description_request_body:
  750   description: |
  751     The description of the domain.
  752   in: body
  753   required: false
  754   type: string
  755 domain_description_response_body:
  756   description: |
  757     The description of the domain.
  758   in: body
  759   required: true
  760   type: string
  761 domain_description_update_request_body:
  762   description: |
  763     The new description of the domain.
  764   in: body
  765   required: false
  766   type: string
  767 domain_driver:
  768   description: |
  769     The Identity backend driver.
  770   in: body
  771   required: true
  772   type: string
  773 domain_enabled_request_body:
  774   description: |
  775     If set to ``true``, domain is created enabled. If set to
  776     ``false``, domain is created disabled. The default is ``true``.
  777 
  778     Users can only authorize against an enabled domain (and any of its
  779     projects). In addition, users can only authenticate if the domain that owns
  780     them is also enabled. Disabling a domain prevents both of these things.
  781   in: body
  782   required: false
  783   type: string
  784 domain_enabled_response_body:
  785   description: |
  786     If set to ``true``, domain is enabled. If set to
  787     ``false``, domain is disabled.
  788   in: body
  789   required: true
  790   type: string
  791 domain_enabled_update_request_body:
  792   description: |
  793     If set to ``true``, domain is enabled. If set to
  794     ``false``, domain is disabled. The default is ``true``.
  795 
  796     Users can only authorize against an enabled domain (and any of its
  797     projects). In addition, users can only authenticate if the domain that owns
  798     them is also enabled. Disabling a domain prevents both of these things.
  799     When you disable a domain, all tokens that are authorized for that domain
  800     become invalid. However, if you reenable the domain, these tokens become
  801     valid again, providing that they haven't expired.
  802   in: body
  803   required: false
  804   type: string
  805 domain_id_response_body:
  806   description: |
  807     The ID of the domain.
  808   in: body
  809   required: true
  810   type: string
  811 domain_ldap:
  812   description: |
  813     An ``ldap`` object. Required to set the LDAP
  814     group configuration options.
  815   in: body
  816   required: true
  817   type: object
  818 domain_link_response_body:
  819   description: |
  820     The links to the ``domain`` resource.
  821   in: body
  822   required: true
  823   type: object
  824 domain_name_request_body:
  825   description: |
  826     The name of the domain.
  827   in: body
  828   required: true
  829   type: string
  830 domain_name_response_body:
  831   description: |
  832     The name of the domain.
  833   in: body
  834   required: true
  835   type: string
  836 domain_name_update_request_body:
  837   description: |
  838     The new name of the domain.
  839   in: body
  840   required: false
  841   type: string
  842 domain_scope_response_body_optional:
  843   description: |
  844     A ``domain`` object including the ``id`` and ``name`` representing the
  845     domain the token is scoped to. This is only included in tokens that are
  846     scoped to a domain.
  847   in: body
  848   required: false
  849   type: object
  850 domain_url:
  851   description: |
  852     The LDAP URL.
  853   in: body
  854   required: true
  855   type: string
  856 domain_user_tree_dn:
  857   description: |
  858     The base distinguished name (DN) of LDAP, from
  859     where all users can be reached. For example,
  860     ``ou=Users,dc=root,dc=org``.
  861   in: body
  862   required: true
  863   type: string
  864 domains:
  865   description: |
  866     A list of ``domain`` objects
  867   in: body
  868   required: true
  869   type: array
  870 email:
  871   description: |
  872     The email address for the user.
  873   in: body
  874   required: true
  875   type: string
  876 enabled_user_request_body:
  877   description: |
  878     If the user is enabled, this value is ``true``.
  879     If the user is disabled, this value is ``false``.
  880   in: body
  881   required: false
  882   type: boolean
  883 enabled_user_response_body:
  884   description: |
  885     If the user is enabled, this value is ``true``.
  886     If the user is disabled, this value is ``false``.
  887   in: body
  888   required: true
  889   type: boolean
  890 enabled_user_update_body:
  891   description: |
  892     Enables or disables the user.  An enabled user
  893     can authenticate and receive authorization.  A disabled user
  894     cannot authenticate or receive authorization. Additionally, all
  895     tokens that the user holds become no longer valid. If you reenable
  896     this user, pre-existing tokens do not become valid.  To enable the
  897     user, set to ``true``. To disable the user, set to ``false``.
  898     Default is ``true``.
  899   in: body
  900   required: false
  901   type: boolean
  902 endpoint:
  903   description: |
  904     An ``endpoint`` object.
  905   in: body
  906   required: true
  907   type: object
  908 endpoint_enabled:
  909   description: |
  910     Indicates whether the endpoint appears in the
  911     service catalog:  - ``false``. The endpoint does not appear in the
  912     service catalog.  - ``true``. The endpoint appears in the service
  913     catalog.
  914   in: body
  915   required: true
  916   type: boolean
  917 endpoint_enabled_not_required:
  918   description: |
  919     Defines whether the endpoint appears in the
  920     service catalog:  - ``false``. The endpoint does not appear in the
  921     service catalog.  - ``true``. The endpoint appears in the service
  922     catalog.  Default is ``true``.
  923   in: body
  924   required: false
  925   type: boolean
  926 endpoint_id:
  927   description: |
  928     The endpoint ID.
  929   in: body
  930   required: true
  931   type: string
  932 endpoint_interface:
  933   description: |
  934     The interface type, which describes the
  935     visibility of the endpoint.  Value is:  - ``public``. Visible by
  936     end users on a publicly available network   interface.  -
  937     ``internal``. Visible by end users on an unmetered internal
  938     network interface.  - ``admin``. Visible by administrative users
  939     on a secure network   interface.
  940   in: body
  941   required: true
  942   type: string
  943 endpoint_links:
  944   description: |
  945     The links for the ``endpoint`` resource.
  946   in: body
  947   required: true
  948   type: object
  949 endpoint_name:
  950   description: |
  951     The endpoint name.
  952   in: body
  953   required: true
  954   type: string
  955 endpoint_region:
  956   description: |
  957     (Deprecated in v3.2) The geographic location of
  958     the service endpoint.
  959   in: body
  960   required: true
  961   type: string
  962 endpoint_type:
  963   description: |
  964     The endpoint type.
  965   in: body
  966   required: true
  967   type: string
  968 endpoint_url:
  969   description: |
  970     The endpoint URL.
  971   in: body
  972   required: true
  973   type: string
  974 endpoints:
  975   description: |
  976     A list of ``endpoint`` objects.
  977   in: body
  978   required: true
  979   type: array
  980 endpoints_links:
  981   description: |
  982     The links for the ``endpoints`` resource.
  983   in: body
  984   required: true
  985   type: object
  986 expires_at:
  987   description: |
  988     The date and time when the token expires.
  989 
  990     The date and time stamp format is `ISO 8601
  991     <https://en.wikipedia.org/wiki/ISO_8601>`_:
  992 
  993     ::
  994 
  995        CCYY-MM-DDThh:mm:ss.sssZ
  996 
  997     For example, ``2015-08-27T09:49:58.000000Z``.
  998 
  999     A ``null`` value indicates that the token never expires.
 1000   in: body
 1001   required: true
 1002   type: string
 1003 explicit_unscoped_string:
 1004   description: |
 1005     The authorization scope (Since v3.4). Specify
 1006     ``unscoped`` to make an explicit unscoped token request, which
 1007     returns an unscoped response without any authorization. This
 1008     request behaves the same as a token request with no scope where
 1009     the user has no default project defined. If an explicit,
 1010     ``unscoped`` token request is not made and the user has
 1011     authorization to their default project, then the response will
 1012     return a project-scoped token. If a default project is not defined,
 1013     a token is issued without an explicit scope of authorization,
 1014     which is the same as asking for an explicit unscoped token.
 1015   in: body
 1016   required: false
 1017   type: string
 1018 extra_request_body:
 1019   description: |
 1020     The extra attributes of a resource.
 1021     The actual name ``extra`` is not the key name in the request body,
 1022     but rather a collection of any attributes that a resource may contain
 1023     that are not part of the resource's default attributes.
 1024     Generally these are custom fields that are added to a resource in keystone
 1025     by operators for their own specific uses,
 1026     such as ``email`` and ``description`` for users.
 1027   in: body
 1028   required: false
 1029   type: string
 1030 federated_in_request_body:
 1031   description: |
 1032     List of federated objects associated with a user. Each object in the list
 1033     contains the ``idp_id`` and ``protocols``. ``protocols`` is a list of
 1034     objects, each of which contains ``protocol_id`` and ``unique_id`` of
 1035     the protocol and user respectively. For example::
 1036 
 1037       "federated": [
 1038         {
 1039           "idp_id": "efbab5a6acad4d108fec6c63d9609d83",
 1040           "protocols": [
 1041             {"protocol_id": mapped, "unique_id": "test@example.com"}
 1042           ]
 1043         }
 1044       ]
 1045   in: body
 1046   required: false
 1047   type: list
 1048 federated_in_response_body:
 1049   description: |
 1050     List of federated objects associated with a user. Each object in the list
 1051     contains the ``idp_id`` and ``protocols``. ``protocols`` is a list of
 1052     objects, each of which contains ``protocol_id`` and ``unique_id`` of
 1053     the protocol and user respectively. For example::
 1054 
 1055       "federated": [
 1056         {
 1057           "idp_id": "efbab5a6acad4d108fec6c63d9609d83",
 1058           "protocols": [
 1059             {"protocol_id": "mapped", "unique_id": "test@example.com"}
 1060           ]
 1061         }
 1062       ]
 1063   in: body
 1064   required: false
 1065   type: list
 1066 group:
 1067   description: |
 1068     A ``group`` object
 1069   in: body
 1070   required: true
 1071   type: object
 1072 group_description_request_body:
 1073   description: |
 1074     The description of the group.
 1075   in: body
 1076   required: false
 1077   type: string
 1078 group_description_response_body:
 1079   description: |
 1080     The description of the group.
 1081   in: body
 1082   required: true
 1083   type: string
 1084 group_description_update_request_body:
 1085   description: |
 1086     The new description of the group.
 1087   in: body
 1088   required: false
 1089   type: string
 1090 group_domain_id:
 1091   description: |
 1092     The ID of the domain that owns the group.  If you
 1093     omit the domain ID, defaults to the domain to which the client
 1094     token is scoped.
 1095   in: body
 1096   required: false
 1097   type: string
 1098 group_domain_id_request_body:
 1099   description: |
 1100     The ID of the domain of the group. If the domain ID is not
 1101     provided in the request, the Identity service will attempt to
 1102     pull the domain ID from the token used in the request. Note that
 1103     this requires the use of a domain-scoped token.
 1104   in: body
 1105   required: false
 1106   type: string
 1107 group_domain_id_response_body:
 1108   description: |
 1109     The ID of the domain of the group.
 1110   in: body
 1111   required: true
 1112   type: string
 1113 group_domain_id_update_request_body:
 1114   description: |
 1115     The ID of the new domain for the group. The ability to change the domain
 1116     of a group is now deprecated, and will be removed in subsequent release.
 1117     It is already disabled by default in most Identity service implementations.
 1118   in: body
 1119   required: false
 1120   type: string
 1121 group_id_response_body:
 1122   description: |
 1123     The ID of the group.
 1124   in: body
 1125   required: true
 1126   type: string
 1127 group_name_request_body:
 1128   description: |
 1129     The name of the group.
 1130   in: body
 1131   required: true
 1132   type: string
 1133 group_name_response_body:
 1134   description: |
 1135     The name of the group.
 1136   in: body
 1137   required: true
 1138   type: string
 1139 group_name_update_request_body:
 1140   description: |
 1141     The new name of the group.
 1142   in: body
 1143   required: false
 1144   type: string
 1145 groups:
 1146   description: |
 1147     A list of ``group`` objects
 1148   in: body
 1149   required: true
 1150   type: array
 1151 id_region_response_body:
 1152   description: |
 1153     The ID for the region.
 1154   in: body
 1155   required: true
 1156   type: string
 1157 id_region_resquest_body:
 1158   description: |
 1159     The ID for the region.
 1160   in: body
 1161   required: false
 1162   type: string
 1163 id_user_body:
 1164   description: |
 1165     The user ID.
 1166   in: body
 1167   required: true
 1168   type: string
 1169 identity:
 1170   description: |
 1171     An ``identity`` object.
 1172   in: body
 1173   required: true
 1174   type: object
 1175 implies_role_array_body:
 1176   description: |
 1177     An array of implied role objects.
 1178   in: body
 1179   required: true
 1180   type: array
 1181 implies_role_object_body:
 1182   description: |
 1183     An implied role object.
 1184   in: body
 1185   required: true
 1186   type: object
 1187 is_domain_request_body:
 1188   description: |
 1189     Indicates whether the project also acts as a domain. If set to ``true``,
 1190     this project acts as both a project and domain. As a domain, the project
 1191     provides a name space in which you can create users, groups, and other
 1192     projects. If set to ``false``, this project behaves as a regular project
 1193     that contains only resources. Default is ``false``. You cannot update
 1194     this parameter after you create the project.
 1195   in: body
 1196   required: false
 1197   type: boolean
 1198   min_version: 3.6
 1199 is_domain_response_body:
 1200   description: |
 1201     Indicates whether the project also acts as a domain. If set to ``true``,
 1202     this project acts as both a project and domain. As a domain, the project
 1203     provides a name space in which you can create users, groups, and other
 1204     projects. If set to ``false``, this project behaves as a regular project
 1205     that contains only resources.
 1206   in: body
 1207   required: true
 1208   type: boolean
 1209   min_version: 3.6
 1210 issued_at:
 1211   description: |
 1212     The date and time when the token was issued.
 1213 
 1214     The date and time stamp format is `ISO 8601
 1215     <https://en.wikipedia.org/wiki/ISO_8601>`_:
 1216 
 1217     ::
 1218 
 1219        CCYY-MM-DDThh:mm:ss.sssZ
 1220 
 1221     For example, ``2015-08-27T09:49:58.000000Z``.
 1222   in: body
 1223   required: true
 1224   type: string
 1225 limit:
 1226   description: |
 1227     A ``limit`` object
 1228   in: body
 1229   required: true
 1230   type: array
 1231 limit_id:
 1232   description: |
 1233     The limit ID.
 1234   in: body
 1235   required: true
 1236   type: string
 1237 limit_model_description_required_response_body:
 1238   description: A short description of the enforcement model used
 1239   in: body
 1240   required: true
 1241   type: string
 1242 limit_model_name_required_response_body:
 1243   description: The name of the enforcement model
 1244   in: body
 1245   required: true
 1246   type: string
 1247 limit_model_required_response_body:
 1248   description: A model object describing the configured enforcement model used
 1249     by the deployment.
 1250   in: body
 1251   required: true
 1252   type: object
 1253 limits:
 1254   description: |
 1255     A list of ``limits`` objects
 1256   in: body
 1257   required: true
 1258   type: array
 1259 link_collection:
 1260   description: |
 1261     The link to the collection of resources.
 1262   in: body
 1263   required: true
 1264   type: object
 1265 link_response_body:
 1266   description: |
 1267     The link to the resources in question.
 1268   in: body
 1269   required: true
 1270   type: object
 1271 links_project:
 1272   description: |
 1273     The links for the ``project`` resource.
 1274   in: body
 1275   required: true
 1276   type: object
 1277 links_region:
 1278   description: |
 1279     The links for the ``region`` resource.
 1280   in: body
 1281   required: true
 1282   type: object
 1283 links_user:
 1284   description: |
 1285     The links for the ``user`` resource.
 1286   in: body
 1287   required: true
 1288   type: object
 1289 membership_expires_at_response_body:
 1290   description: |
 1291     The date and time when the group membership expires.
 1292     A ``null`` value indicates that the membership never expires.
 1293   in: body
 1294   required: true
 1295   type: string
 1296   min_version: 3.14
 1297 original_password:
 1298   description: |
 1299     The original password for the user.
 1300   in: body
 1301   required: true
 1302   type: string
 1303 parent_region_id_request_body:
 1304   description: |
 1305     To make this region a child of another region,
 1306     set this parameter to the ID of the parent region.
 1307   in: body
 1308   required: false
 1309   type: string
 1310 parent_region_id_response_body:
 1311   description: |
 1312     To make this region a child of another region,
 1313     set this parameter to the ID of the parent region.
 1314   in: body
 1315   required: true
 1316   type: string
 1317 password:
 1318   description: |
 1319     The ``password`` object, contains the authentication information.
 1320   in: body
 1321   required: true
 1322   type: object
 1323 password_expires_at:
 1324   description: |
 1325     The date and time when the password expires. The time zone
 1326     is UTC.
 1327 
 1328     This is a response object attribute; not valid for requests.
 1329     A ``null`` value indicates that the password never expires.
 1330   in: body
 1331   required: true
 1332   type: string
 1333   min_version: 3.7
 1334 password_request_body:
 1335   description: |
 1336     The password for the user.
 1337   in: body
 1338   required: false
 1339   type: string
 1340 policies:
 1341   description: |
 1342     A ``policies`` object.
 1343   in: body
 1344   required: true
 1345   type: array
 1346 policy:
 1347   description: |
 1348     A ``policy`` object.
 1349   in: body
 1350   required: true
 1351   type: object
 1352 policy_blob_obj:
 1353   description: |
 1354     The policy rule itself, as a serialized blob.
 1355   in: body
 1356   required: true
 1357   type: object
 1358 policy_blob_str:
 1359   description: |
 1360     The policy rule set itself, as a serialized blob.
 1361   in: body
 1362   required: true
 1363   type: string
 1364 policy_id:
 1365   description: |
 1366     The policy ID.
 1367   in: body
 1368   required: true
 1369   type: string
 1370 policy_links:
 1371   description: |
 1372     The links for the ``policy`` resource.
 1373   in: body
 1374   required: true
 1375   type: object
 1376 policy_type:
 1377   description: |
 1378     The MIME media type of the serialized policy
 1379     blob.
 1380   in: body
 1381   required: true
 1382   type: string
 1383 prior_role_body:
 1384   description: |
 1385     A prior role object.
 1386   in: body
 1387   required: true
 1388   type: object
 1389 project:
 1390   description: |
 1391     A ``project`` object
 1392   in: body
 1393   required: true
 1394   type: object
 1395 project_description_request_body:
 1396   description: |
 1397     The description of the project.
 1398   in: body
 1399   required: false
 1400   type: string
 1401 project_description_response_body:
 1402   description: |
 1403     The description of the project.
 1404   in: body
 1405   required: true
 1406   type: string
 1407 project_domain_id:
 1408   description: |
 1409     The ID of the domain for the project.  If you
 1410     omit the domain ID, default is the domain to which your token is
 1411     scoped.
 1412   in: body
 1413   required: false
 1414   type: string
 1415 project_domain_id_request_body:
 1416   description: |
 1417     The ID of the domain for the project.
 1418 
 1419     For projects acting as a domain, the ``domain_id`` must not be specified,
 1420     it will be generated by the Identity service implementation.
 1421 
 1422     For regular projects (i.e. those not acing as a domain), if ``domain_id``
 1423     is not specified, but ``parent_id`` is specified, then the domain ID of the
 1424     parent will be used. If neither ``domain_id`` or ``parent_id`` is
 1425     specified, the Identity service implementation will default to the domain
 1426     to which the client's token is scoped. If both ``domain_id`` and
 1427     ``parent_id`` are specified, and they do not indicate the same domain, an
 1428     ``Bad Request (400)`` will be returned.
 1429   in: body
 1430   required: false
 1431   type: string
 1432 project_domain_id_response_body:
 1433   description: |
 1434     The ID of the domain for the project.
 1435   in: body
 1436   required: true
 1437   type: string
 1438 project_domain_id_update_request_body:
 1439   description: |
 1440     The ID of the new domain for the project. The ability to change the domain
 1441     of a project is now deprecated, and will be removed in subequent release.
 1442     It is already disabled by default in most Identity service implementations.
 1443   in: body
 1444   required: false
 1445   type: string
 1446 project_enabled_request_body:
 1447   description: |
 1448     If set to ``true``, project is enabled. If set to
 1449     ``false``, project is disabled. The default is ``true``.
 1450   in: body
 1451   required: false
 1452   type: boolean
 1453 project_enabled_response_body:
 1454   description: |
 1455     If set to ``true``, project is enabled. If set to
 1456     ``false``, project is disabled.
 1457   in: body
 1458   required: true
 1459   type: boolean
 1460 project_enabled_update_request_body:
 1461   description: |
 1462     If set to ``true``, project is enabled. If set to
 1463     ``false``, project is disabled.
 1464   in: body
 1465   required: false
 1466   type: boolean
 1467 project_id:
 1468   description: |
 1469     The ID for the project.
 1470   in: body
 1471   required: true
 1472   type: string
 1473 project_name_request_body:
 1474   description: |
 1475     The name of the project, which must be unique within the
 1476     owning domain. A project can have the same name as its domain.
 1477   in: body
 1478   required: true
 1479   type: string
 1480 project_name_response_body:
 1481   description: |
 1482     The name of the project.
 1483   in: body
 1484   required: true
 1485   type: string
 1486 project_name_update_request_body:
 1487   description: |
 1488     The name of the project, which must be unique within the
 1489     owning domain. A project can have the same name as its domain.
 1490   in: body
 1491   required: false
 1492   type: string
 1493 project_parent_id_request_body:
 1494   description: |
 1495     The ID of the parent of the project.
 1496 
 1497     If specified on project creation, this places the project within a
 1498     hierarchy and implicitly defines the owning domain, which will be the
 1499     same domain as the parent specified. If ``parent_id`` is
 1500     not specified and ``is_domain`` is ``false``, then the project will use its
 1501     owning domain as its parent. If ``is_domain`` is ``true`` (i.e. the project
 1502     is acting as a domain), then ``parent_id`` must not specified (or if it is,
 1503     it must be ``null``) since domains have no parents.
 1504 
 1505     ``parent_id`` is immutable, and can't be updated after the project is
 1506     created - hence a project cannot be moved within the hierarchy.
 1507   in: body
 1508   required: false
 1509   type: string
 1510   min_version: 3.4
 1511 project_parent_id_response_body:
 1512   description: |
 1513     The ID of the parent for the project.
 1514   in: body
 1515   required: true
 1516   type: string
 1517   min_version: 3.4
 1518 project_scope_response_body_optional:
 1519   description: |
 1520     A ``project`` object including the ``id``, ``name`` and ``domain`` object
 1521     representing the project the token is scoped to. This is only included in
 1522     tokens that are scoped to a project.
 1523   in: body
 1524   required: false
 1525   type: object
 1526 project_tags_request_body:
 1527   description: |
 1528     A list of simple strings assigned to a project.
 1529     Tags can be used to classify projects into groups.
 1530   in: body
 1531   required: false
 1532   type: array
 1533 projects:
 1534   description: |
 1535     A list of ``project`` objects
 1536   in: body
 1537   required: true
 1538   type: array
 1539 receipt_expires_at:
 1540   description: |
 1541     The date and time when the receipt expires.
 1542 
 1543     The date and time stamp format is `ISO 8601
 1544     <https://en.wikipedia.org/wiki/ISO_8601>`_:
 1545 
 1546     ::
 1547 
 1548        CCYY-MM-DDThh:mm:ss.sssZ
 1549 
 1550     For example, ``2015-08-27T09:49:58.000000Z``.
 1551 
 1552     A ``null`` value indicates that the receipt never expires.
 1553   in: body
 1554   required: true
 1555   type: string
 1556 receipt_issued_at:
 1557   description: |
 1558     The date and time when the receipt was issued.
 1559 
 1560     The date and time stamp format is `ISO 8601
 1561     <https://en.wikipedia.org/wiki/ISO_8601>`_:
 1562 
 1563     ::
 1564 
 1565        CCYY-MM-DDThh:mm:ss.sssZ
 1566 
 1567     For example, ``2015-08-27T09:49:58.000000Z``.
 1568   in: body
 1569   required: true
 1570   type: string
 1571 region_id_not_required:
 1572   description: |
 1573     (Since v3.2) The ID of the region that contains
 1574     the service endpoint.
 1575   in: body
 1576   required: false
 1577   type: string
 1578 region_id_request_body:
 1579   description: |
 1580     The ID of the region that contains the service endpoint.
 1581   in: body
 1582   required: false
 1583   type: string
 1584 region_id_required:
 1585   description: |
 1586     (Since v3.2) The ID of the region that contains
 1587     the service endpoint.
 1588   in: body
 1589   required: true
 1590   type: string
 1591 region_id_response_body:
 1592   description: |
 1593     The ID of the region that contains the service endpoint.
 1594     The value can be None.
 1595   in: body
 1596   required: true
 1597   type: string
 1598 region_object:
 1599   description: |
 1600     A ``region`` object
 1601   in: body
 1602   required: true
 1603   type: object
 1604 regions_object:
 1605   description: |
 1606     A list of ``region`` object
 1607   in: body
 1608   required: true
 1609   type: array
 1610 registered_limit:
 1611   description: |
 1612     A ``registered_limit`` objects
 1613   in: body
 1614   required: true
 1615   type: array
 1616 registered_limit_id:
 1617   description: |
 1618     The registered limit ID.
 1619   in: body
 1620   required: true
 1621   type: string
 1622 registered_limits:
 1623   description: |
 1624     A list of ``registered_limits`` objects
 1625   in: body
 1626   required: true
 1627   type: array
 1628 request_application_credential_access_rules_body_not_required:
 1629   description: |
 1630     A list of ``access_rules`` objects
 1631   in: body
 1632   required: false
 1633   type: list
 1634 request_application_credential_auth_id_body_not_required:
 1635   description: |
 1636     The ID of the application credential used for authentication. If not
 1637     provided, the application credential must be identified by its name and
 1638     its owning user.
 1639   in: body
 1640   required: false
 1641   type: string
 1642 request_application_credential_auth_name_body_not_required:
 1643   description: |
 1644     The name of the application credential used for authentication. If
 1645     provided, must be accompanied by a user object.
 1646   in: body
 1647   required: false
 1648   type: string
 1649 request_application_credential_auth_secret_body_required:
 1650   description: |
 1651     The secret for authenticating the application credential.
 1652   in: body
 1653   required: true
 1654   type: string
 1655 request_application_credential_body_required:
 1656   description: |
 1657     An application credential object.
 1658   in: body
 1659   required: true
 1660   type: object
 1661 request_application_credential_description_body_not_required:
 1662   description: |
 1663     A description of the application credential's purpose.
 1664   in: body
 1665   required: false
 1666   type: string
 1667 request_application_credential_expires_at_body_not_required:
 1668   description: |
 1669     An optional expiry time for the application credential. If unset, the
 1670     application credential does not expire.
 1671   in: body
 1672   required: false
 1673   type: string
 1674 request_application_credential_name_body_required:
 1675   description: |
 1676     The name of the application credential. Must be unique to a user.
 1677   in: body
 1678   required: true
 1679   type: string
 1680 request_application_credential_roles_body_not_required:
 1681   description: |
 1682     An optional list of role objects, identified by ID or name. The list
 1683     may only contain roles that the user has assigned on the project.
 1684     If not provided, the roles assigned to the application credential will
 1685     be the same as the roles in the current token.
 1686   in: body
 1687   required: false
 1688   type: array
 1689 request_application_credential_secret_body_not_required:
 1690   description: |
 1691     The secret that the application credential will be created with. If not
 1692     provided, one will be generated.
 1693   in: body
 1694   required: false
 1695   type: string
 1696 request_application_credential_unrestricted_body_not_required:
 1697   description: |
 1698     An optional flag to restrict whether the application credential may be
 1699     used for the creation or destruction of other application credentials or
 1700     trusts. Defaults to false.
 1701   in: body
 1702   required: false
 1703   type: boolean
 1704 request_application_credential_user_body_not_required:
 1705   description: |
 1706     A ``user`` object, required if an application credential is identified by
 1707     name and not ID.
 1708   in: body
 1709   required: false
 1710   type: object
 1711 request_default_limit_body_not_required:
 1712   description: |
 1713     The default limit for the registered limit.
 1714   in: body
 1715   required: false
 1716   type: integer
 1717 request_domain_options_body_not_required:
 1718   description: |
 1719     The resource options for the domain. Available resource options are
 1720     ``immutable``.
 1721   in: body
 1722   required: false
 1723   type: object
 1724 request_explicit_domain_id_body_not_required:
 1725   description: |
 1726     The ID of the domain. A domain created this way will not use an
 1727     auto-generated ID, but will use the ID passed in instead. Identifiers passed
 1728     in this way must conform to the existing ID generation scheme: UUID4 without
 1729     dashes.
 1730   in: body
 1731   required: false
 1732   type: string
 1733 request_limit_domain_id_not_required:
 1734   description: |
 1735     The name of the domain.
 1736   in: body
 1737   required: false
 1738   type: string
 1739 request_limit_project_id_not_required:
 1740   description: |
 1741     The ID for the project.
 1742   in: body
 1743   required: false
 1744   type: string
 1745 request_project_options_body_not_required:
 1746   description: |
 1747     The resource options for the project. Available resource options are
 1748     ``immutable``.
 1749   in: body
 1750   required: false
 1751   type: object
 1752 request_region_id_registered_limit_body_not_required:
 1753   description: |
 1754     The ID of the region that contains the service endpoint.
 1755     Either service_id, resource_name, or region_id must be
 1756     different than existing value otherwise it will raise 409.
 1757   in: body
 1758   required: false
 1759   type: string
 1760 request_resource_limit_body_not_required:
 1761   description: |
 1762     The override limit.
 1763   in: body
 1764   required: false
 1765   type: integer
 1766 request_resource_name_body_not_required:
 1767   description: |
 1768     The resource name. Either service_id, resource_name or
 1769     region_id must be different than existing value otherwise
 1770     it will raise 409.
 1771   in: body
 1772   required: false
 1773   type: string
 1774 request_role_options_body_not_required:
 1775   description: |
 1776     The resource options for the role. Available resource options are
 1777     ``immutable``.
 1778   in: body
 1779   required: false
 1780   type: object
 1781 request_service_id_registered_limit_body_not_required:
 1782   description: |
 1783     The UUID of the service to update to which the registered
 1784     limit belongs. Either service_id, resource_name, or region_id
 1785     must be different than existing value otherwise it will
 1786     raise 409.
 1787   in: body
 1788   required: false
 1789   type: string
 1790 required_auth_methods:
 1791   description: |
 1792     A list of authentication rules that may be used with the auth receipt
 1793     to complete the authentication process.
 1794   in: body
 1795   required: true
 1796   type: list of lists
 1797 resource_limit:
 1798   description: |
 1799     The override limit.
 1800   in: body
 1801   required: true
 1802   type: integer
 1803 resource_name:
 1804   description: |
 1805     The resource name.
 1806   in: body
 1807   required: true
 1808   type: string
 1809 response_access_rules_body:
 1810   description: |
 1811     A list of ``access_rules`` objects
 1812   in: body
 1813   type: list
 1814   required: true
 1815 response_access_rules_id_body:
 1816   description: |
 1817     The ID of the access rule
 1818   in: body
 1819   type: string
 1820   required: true
 1821 response_access_rules_method_body:
 1822   description: |
 1823     The request method that the application credential is permitted to use for
 1824     a given API endpoint.
 1825   in: body
 1826   type: string
 1827   required: true
 1828 response_access_rules_path_body:
 1829   description: |
 1830     The API path that the application credential is permitted to access. May
 1831     use named wildcards such as ``{tag}`` or the unnamed wildcard ``*`` to
 1832     match against any string in the path up to a ``/``, or the recursive
 1833     wildcard ``**`` to include ``/`` in the matched path.
 1834   in: body
 1835   type: string
 1836   required: true
 1837 response_access_rules_service_body:
 1838   description: |
 1839     The service type identifier for the service that the application credential
 1840     is permitted to access. Must be a service type that is listed in the
 1841     service catalog and not a code name for a service.
 1842   in: body
 1843   type: string
 1844   required: true
 1845 response_application_credential_access_rules_body:
 1846   description: |
 1847     A list of ``access_rules`` objects
 1848   in: body
 1849   type: list
 1850   required: true
 1851 response_application_credential_body:
 1852   description: |
 1853     The application credential object.
 1854   in: body
 1855   type: object
 1856   required: true
 1857 response_application_credential_description_body:
 1858   description: |
 1859     A description of the application credential's purpose.
 1860   in: body
 1861   type: string
 1862   required: true
 1863 response_application_credential_expires_at_body:
 1864   description: |
 1865     The expiration time of the application credential, if one was specified.
 1866   in: body
 1867   type: string
 1868   required: true
 1869 response_application_credential_id_body:
 1870   description: |
 1871     The ID of the application credential.
 1872   in: body
 1873   type: string
 1874   required: true
 1875 response_application_credential_name_body:
 1876   description: |
 1877     The name of the application credential.
 1878   in: body
 1879   type: string
 1880   required: true
 1881 response_application_credential_project_id_body:
 1882   description: |
 1883     The ID of the project the application credential was created for and that
 1884     authentication requests using this application credential will be scoped
 1885     to.
 1886   in: body
 1887   type: string
 1888   required: true
 1889 response_application_credential_roles_body:
 1890   description: |
 1891     A list of one or more roles that this application credential has
 1892     associated with its project. A token using this application credential
 1893     will have these same roles.
 1894   in: body
 1895   type: array
 1896   required: true
 1897 response_application_credential_secret_body:
 1898   description: |
 1899     The secret for the application credential, either generated by the server
 1900     or provided by the user. This is only ever shown once in the response to a
 1901     create request. It is not stored nor ever shown again. If the secret is
 1902     lost, a new application credential must be created.
 1903   in: body
 1904   type: string
 1905   required: true
 1906 response_application_credential_unrestricted_body:
 1907   description: |
 1908     A flag indicating whether the application credential may be used for
 1909     creation or destruction of other application credentials or trusts.
 1910   in: body
 1911   type: boolean
 1912   required: true
 1913 response_body_project_tags_required:
 1914   description: |
 1915     A list of simple strings assigned to a project.
 1916   in: body
 1917   required: true
 1918   type: array
 1919 response_body_system_required:
 1920   description: |
 1921     A list of systems to access based on role assignments.
 1922   in: body
 1923   required: true
 1924   type: array
 1925 response_domain_options_body_required:
 1926   description: |
 1927     The resource options for the domain. Available resource options are
 1928     ``immutable``.
 1929   in: body
 1930   required: true
 1931   type: object
 1932 response_limit_domain_id_body:
 1933   description: |
 1934     The ID of the domain.
 1935   in: body
 1936   required: true
 1937   type: string
 1938 response_project_options_body_required:
 1939   description: |
 1940     The resource options for the project. Available resource options are
 1941     ``immutable``.
 1942   in: body
 1943   required: true
 1944   type: object
 1945 response_role_options_body_required:
 1946   description: |
 1947     The resource options for the role. Available resource options are
 1948     ``immutable``.
 1949   in: body
 1950   required: true
 1951   type: object
 1952 response_user_options_body_required:
 1953   description: |
 1954     The resource options for the user. Available resource options are
 1955     ``ignore_change_password_upon_first_use``, ``ignore_password_expiry``,
 1956     ``ignore_lockout_failure_attempts``, ``lock_password``,
 1957     ``multi_factor_auth_enabled``, and ``multi_factor_auth_rules``
 1958     ``ignore_user_inactivity``.
 1959   in: body
 1960   required: true
 1961   type: object
 1962 role:
 1963   description: |
 1964     A ``role`` object
 1965   in: body
 1966   required: true
 1967   type: object
 1968 role_assignments:
 1969   description: |
 1970     A list of ``role_assignment`` objects.
 1971   in: body
 1972   required: true
 1973   type: array
 1974 role_description_create_body:
 1975   description: |
 1976     Add description about the role.
 1977   in: body
 1978   required: false
 1979   type: string
 1980 role_description_response_body_required:
 1981   description: |
 1982     The role description.
 1983   in: body
 1984   required: true
 1985   type: string
 1986 role_description_update_body:
 1987   description: |
 1988     The new role description.
 1989   in: body
 1990   required: false
 1991   type: string
 1992 role_domain_id_request_body:
 1993   description: |
 1994     The ID of the domain of the role.
 1995   in: body
 1996   required: false
 1997   type: string
 1998 role_id_response_body:
 1999   description: |
 2000     The role ID.
 2001   in: body
 2002   required: true
 2003   type: string
 2004 role_inference_array_body:
 2005   description: |
 2006     An array of ``role_inference`` object.
 2007   in: body
 2008   required: true
 2009   type: array
 2010 role_inference_body:
 2011   description: |
 2012     Role inference object that contains ``prior_role`` object
 2013     and ``implies`` object.
 2014   in: body
 2015   required: true
 2016   type: object
 2017 role_name_create_body:
 2018   description: |
 2019     The role name.
 2020   in: body
 2021   required: true
 2022   type: string
 2023 role_name_response_body:
 2024   description: |
 2025     The role name.
 2026   in: body
 2027   required: true
 2028   type: string
 2029 role_name_update_body:
 2030   description: |
 2031     The new role name.
 2032   in: body
 2033   required: false
 2034   type: string
 2035 roles:
 2036   description: |
 2037     A list of ``role`` objects
 2038   in: body
 2039   required: true
 2040   type: array
 2041 scope_string:
 2042   description: |
 2043     The authorization scope, including the system (Since v3.10), a project, or
 2044     a domain (Since v3.4). If multiple scopes are specified in the same request
 2045     (e.g. ``project`` and ``domain`` or ``domain`` and ``system``) an HTTP
 2046     ``400 Bad Request`` will be returned, as a token cannot be simultaneously
 2047     scoped to multiple authorization targets. An ID is sufficient to uniquely
 2048     identify a project but if a project is specified by name, then the domain
 2049     of the project must also be specified in order to uniquely identify the
 2050     project by name. A domain scope may be specified by either the domain's ID
 2051     or name with equivalent results.
 2052   in: body
 2053   required: false
 2054   type: string
 2055 service:
 2056   description: |
 2057     A ``service`` object.
 2058   in: body
 2059   required: true
 2060   type: object
 2061 service_description:
 2062   description: |
 2063     The service description.
 2064   in: body
 2065   required: false
 2066   type: string
 2067 service_description_not_required:
 2068   description: |
 2069     The service description.
 2070   in: body
 2071   required: false
 2072   type: string
 2073 service_enabled:
 2074   description: |
 2075     Defines whether the service and its endpoints
 2076     appear in the service catalog:  - ``false``. The service and its
 2077     endpoints do not appear in the   service catalog.  - ``true``. The
 2078     service and its endpoints appear in the service   catalog.
 2079   in: body
 2080   required: false
 2081   type: boolean
 2082 service_enabled_not_required:
 2083   description: |
 2084     Defines whether the service and its endpoints
 2085     appear in the service catalog:  - ``false``. The service and its
 2086     endpoints do not appear in the   service catalog.  - ``true``. The
 2087     service and its endpoints appear in the service   catalog.
 2088     Default is ``true``.
 2089   in: body
 2090   required: false
 2091   type: boolean
 2092 service_id:
 2093   description: |
 2094     The UUID of the service to which the endpoint
 2095     belongs.
 2096   in: body
 2097   required: true
 2098   type: string
 2099 service_id_limit:
 2100   description: |
 2101     The UUID of the service to which the limit belongs.
 2102   in: body
 2103   required: true
 2104   type: string
 2105 service_id_registered_limit:
 2106   description: |
 2107     The UUID of the service to which the registered limit
 2108     belongs.
 2109   in: body
 2110   required: true
 2111   type: string
 2112 service_links:
 2113   description: |
 2114     The links for the ``service`` resource.
 2115   in: body
 2116   required: true
 2117   type: object
 2118 service_name:
 2119   description: |
 2120     The service name.
 2121   in: body
 2122   required: true
 2123   type: string
 2124 service_type:
 2125   description: |
 2126     The service type, which describes the API
 2127     implemented by the service. Value is ``compute``, ``ec2``,
 2128     ``identity``, ``image``, ``network``, or ``volume``.
 2129   in: body
 2130   required: true
 2131   type: string
 2132 services:
 2133   description: |
 2134     A list of ``service`` object.
 2135   in: body
 2136   required: true
 2137   type: array
 2138 system:
 2139   description: |
 2140     A ``system`` object.
 2141   in: body
 2142   required: false
 2143   type: object
 2144 system_roles_response_body:
 2145   description: |
 2146     A list of ``role`` objects containing ``domain_id``, ``id``, ``links``,
 2147     and ``name`` attributes.
 2148   in: body
 2149   required: true
 2150   type: array
 2151 system_scope_response_body_optional:
 2152   description: |
 2153     A ``system`` object containing information about which parts of the system
 2154     the token is scoped to. If the token is scoped to the entire deployment
 2155     system, the ``system`` object will consist of ``{"all": true}``. This is
 2156     only included in tokens that are scoped to the system.
 2157   in: body
 2158   required: false
 2159   type: object
 2160 system_scope_string:
 2161   description: |
 2162     Authorization scope specific to the deployment system (Since v3.10).
 2163     Specifying a project or domain scope in addition to system scope results
 2164     in an HTTP ``400 Bad Request``.
 2165   in: body
 2166   required: false
 2167   type: string
 2168 token:
 2169   description: |
 2170     A ``token`` object.
 2171   in: body
 2172   required: true
 2173   type: object
 2174 totp:
 2175   description: |
 2176     The ``totp`` object, contains the authentication information.
 2177   in: body
 2178   required: true
 2179   type: object
 2180 user:
 2181   description: |
 2182     A ``user`` object.
 2183   in: body
 2184   required: true
 2185   type: object
 2186 user_domain_id:
 2187   description: |
 2188     The ID of the domain for the user.
 2189   in: body
 2190   required: false
 2191   type: string
 2192 user_domain_id_request_body:
 2193   description: |
 2194     The ID of the domain of the user. If the domain ID is not
 2195     provided in the request, the Identity service will attempt to
 2196     pull the domain ID from the token used in the request. Note that
 2197     this requires the use of a domain-scoped token.
 2198   in: body
 2199   required: false
 2200   type: string
 2201 user_domain_id_update_body:
 2202   description: |
 2203     The ID of the new domain for the user. The ability to change the domain
 2204     of a user is now deprecated, and will be removed in subequent release.
 2205     It is already disabled by default in most Identity service implementations.
 2206   in: body
 2207   required: false
 2208   type: string
 2209 user_id:
 2210   description: |
 2211     The ID of the user.  Required if you do not
 2212     specify the user name.
 2213   in: body
 2214   required: false
 2215   type: string
 2216 user_name:
 2217   description: |
 2218     The user name.  Required if you do not specify
 2219     the ID of the user.  If you specify the user name, you must also
 2220     specify the domain, by ID or name.
 2221   in: body
 2222   required: false
 2223   type: string
 2224 user_name_create_request_body:
 2225   description: |
 2226     The user name. Must be unique within the owning domain.
 2227   in: body
 2228   required: true
 2229   type: string
 2230 user_name_response_body:
 2231   description: |
 2232     The user name. Must be unique within the owning domain.
 2233   in: body
 2234   required: true
 2235   type: string
 2236 user_name_update_body:
 2237   description: |
 2238     The new name for the user. Must be unique within the owning domain.
 2239   in: body
 2240   required: false
 2241   type: string
 2242 user_object:
 2243   description: |
 2244     A ``user`` object
 2245   in: body
 2246   required: true
 2247   type: object
 2248 user_options_request_body:
 2249   description: |
 2250     The resource options for the user. Available resource options are
 2251     ``ignore_change_password_upon_first_use``, ``ignore_password_expiry``,
 2252     ``ignore_lockout_failure_attempts``, ``lock_password``,
 2253     ``multi_factor_auth_enabled``, and ``multi_factor_auth_rules``
 2254     ``ignore_user_inactivity``.
 2255   in: body
 2256   required: false
 2257   type: object
 2258 user_password_update_body:
 2259   description: |
 2260     The new password for the user.
 2261   in: body
 2262   required: true
 2263   type: string
 2264 user_update_password_body:
 2265   description: |
 2266     The new password for the user.
 2267   in: body
 2268   required: false
 2269   type: string
 2270 users:
 2271   description: |
 2272     A ``users`` object.
 2273   in: body
 2274   required: true
 2275   type: array
 2276 users_object:
 2277   description: |
 2278     A list of ``user`` objects
 2279   in: body
 2280   required: true
 2281   type: array