From 0b9f92cbfa1f41548aff2599f12e197a9c5c7c49 Mon Sep 17 00:00:00 2001 From: Yogeshwar Srikrishnan Date: Fri, 16 Sep 2011 09:51:49 -0500 Subject: [PATCH] Changes to support extensions document.Also bringing cramers wadltodocbook changes.Changes to extension names. Change-Id: I21928c9313999cd8670e382ef259db7d85a1c370 --- openstack-identity-api/pom.xml | 67 +- .../src/docbkx/OS-KSADM-admin-devguide.xml | 177 +++++ .../docbkx/OS-KSCATALOG-admin-devguide.xml | 178 +++++ .../src/docbkx/OS-KSEC2-admin-devguide.xml | 271 +++++++ .../src/docbkx/OS-KSEC2-service-devguide.xml | 271 +++++++ .../src/docbkx/RAX-KSGRP-service-devguide.xml | 292 ++++++++ .../src/docbkx/RAX-KSKEY-admin-devguide.xml | 271 +++++++ .../src/docbkx/RAX-KSKEY-service-devguide.xml | 270 +++++++ .../src/docbkx/identity-OS-KSADM-api.xml | 112 +++ .../src/docbkx/identity-OS-KSCATALOG-api.xml | 54 ++ .../src/docbkx/identity-client-api.xml | 194 +---- .../src/docbkx/identity-dev-guide.xml | 95 ++- .../src/docbkx/identity-service-api.xml | 663 ++---------------- 13 files changed, 2099 insertions(+), 816 deletions(-) create mode 100644 openstack-identity-api/src/docbkx/OS-KSADM-admin-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/OS-KSCATALOG-admin-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/OS-KSEC2-admin-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/OS-KSEC2-service-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/RAX-KSGRP-service-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/RAX-KSKEY-admin-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/RAX-KSKEY-service-devguide.xml create mode 100644 openstack-identity-api/src/docbkx/identity-OS-KSADM-api.xml create mode 100644 openstack-identity-api/src/docbkx/identity-OS-KSCATALOG-api.xml mode change 100755 => 100644 openstack-identity-api/src/docbkx/identity-dev-guide.xml diff --git a/openstack-identity-api/pom.xml b/openstack-identity-api/pom.xml index f7a3c8b2..3a17daba 100644 --- a/openstack-identity-api/pom.xml +++ b/openstack-identity-api/pom.xml @@ -117,9 +117,44 @@ jar="${net.sourceforge.saxon:saxon:jar}" fork="true"> - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -180,7 +215,30 @@ - + + + + + + + + @@ -190,7 +248,8 @@ true src/docbkx - identity-dev-guide.xml + identity-dev-guide.xml,,OS-KSADM-admin-devguide.xml,OS-KSCATALOG-admin-devguide.xml,RAX-KSKEY-service-devguide.xml, + OS-KSEC2-service-devguide.xml,RAX-KSGRP-service-devguide.xml,RAX-KSKEY-admin-devguide.xml,OS-KSEC2-admin-devguide.xml reviewer openstack diff --git a/openstack-identity-api/src/docbkx/OS-KSADM-admin-devguide.xml b/openstack-identity-api/src/docbkx/OS-KSADM-admin-devguide.xml new file mode 100644 index 00000000..82e66f49 --- /dev/null +++ b/openstack-identity-api/src/docbkx/OS-KSADM-admin-devguide.xml @@ -0,0 +1,177 @@ + + + + + + + +GET'> +PUT'> +POST'> +DELETE'> + + + + + +'> + + + + + + + + + + +Verb +URI +Description + +'> + + + + +]> + + + OS-KSADM Extension + OS-KSADM Extension Document + + + + + + + + OpenStack + + + + 2010 + 2011 + OpenStack + + API v2.0 + Keystone - OpenStack OS-KSADM Extension + 2011-08-29 + + + Copyright details are filled in by the template. + + + + This document includes details on various operations supported by the OS-KSADM extensions on top of core keystone operations. + + + + + About This Extension + + + Name + + OpenStack KSADM Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + + &CURRENTWADL; + + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + OpenStack KSADM Admin Extension to Keystone v2.0 API adds the capability to do CRUD on Users, Tenants, Roles and Services. + + + + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Sep. 09, 2011 + + + + + Initial release. + + + + + + + +
+ + + Extension Operations + + + diff --git a/openstack-identity-api/src/docbkx/OS-KSCATALOG-admin-devguide.xml b/openstack-identity-api/src/docbkx/OS-KSCATALOG-admin-devguide.xml new file mode 100644 index 00000000..e24849bd --- /dev/null +++ b/openstack-identity-api/src/docbkx/OS-KSCATALOG-admin-devguide.xml @@ -0,0 +1,178 @@ + + + + + + + +GET'> +PUT'> +POST'> +DELETE'> + + + + + +'> + + + + + + + + + + +Verb +URI +Description + +'> + + + + +]> + + + OS-KSCATALOG Extension + Keystone OS-KSCATALOG Extension Document(Admin) + + + + + + + + OpenStack + + + + 2010 + 2011 + OpenStack + + API v2.0 + Keystone - OpenStack OS-KSCATALOG Extension + 2011-08-29 + + + Copyright details are filled in by the template. + + + + This document includes details on various operations supported by the OS-KSCATALOG extensions on top of core keystone operations. + + + + + About This Extension + + + Name + + OpenStack KSCATALOG Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + + &CURRENTWADL; + + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + OpenStack KSCATALOG Admin Extension to Keystone v2.0 API adds the capability to do CRUD on Endpoint Templates and Endpoints. + + + + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Sep. 09, 2011 + + + + + Initial release. + + + + + + + +
+ + + + Extension Operations + + + diff --git a/openstack-identity-api/src/docbkx/OS-KSEC2-admin-devguide.xml b/openstack-identity-api/src/docbkx/OS-KSEC2-admin-devguide.xml new file mode 100644 index 00000000..f81bb46b --- /dev/null +++ b/openstack-identity-api/src/docbkx/OS-KSEC2-admin-devguide.xml @@ -0,0 +1,271 @@ + + + + + + + +GET'> +PUT'> +POST'> +DELETE'> + + + + + +'> + + + + + + + + + + +Verb +URI +Description + +'> + + + + + + + + + +]> + + OpenStack EC2 authentication Extension (Admin Operations) + + + + + + + + OpenStack + + + + 2010 + 2011 + OpenStack + + EXT v1.0 + >Keystone - OpenStack Identity + &PUB_DATE; + + + Copyright details are filled in by the template. + + + + + This document is intended for client developers interested + in using the OpenStack EC2 Authentication Service Extension along with the + Keystone - OpenStack Identity + (API). + + + + + About This Extension + + + Name + + OpenStack EC2 authentication Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + OS-KSEC2 Extension + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + + &CURRENTWADL; + + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + OpenStack EC2 authentication Service Extension to Keystone v2.0 API adds the capability to support EC2 style authentication. + + + + + + + Extension Query Response: XML + + + + Extension Query Response: JSON + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Sep. 13, 2011 + + + + + Initial release. + + + + + + + +
+ + + + Summary of Changes + + The OpenStack EC2 authentication Extension allows crud/listing operations on ec2Credentials. + +
+ New Headers + None. +
+
+ New Faults + None. +
+
+ New Resources + None. +
+
+ New Actions + None. +
+
+ New Element +
+ ec2Credentials + This extension allows authentication calls to accept new type of credentials ec2Credentials. + These are additional type of credentials defined to support ec2 style authentication. + Examples of ec2Credentials are illustrated below + + + ec2Credentials XML + + + + ec2Credentials JSON + + +
+
+
+ OS-KSEC2-admin Extension API Operations + + + + + + + + + + + + + + + + +
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
+ Following operations are the list of operations whose behavior is altered by OpenStack EC2 authentication Extension: +
+ User Operations + + + + + + + + + + + + +
+
+ + diff --git a/openstack-identity-api/src/docbkx/OS-KSEC2-service-devguide.xml b/openstack-identity-api/src/docbkx/OS-KSEC2-service-devguide.xml new file mode 100644 index 00000000..7d7a9ac5 --- /dev/null +++ b/openstack-identity-api/src/docbkx/OS-KSEC2-service-devguide.xml @@ -0,0 +1,271 @@ + + + + + + + + GET'> + PUT'> + POST'> + DELETE'> + + + + + + '> + + + + + + + + + + + Verb + URI + Description + + '> + + + + + + + + + + + +]> + + OpenStack EC2 authentication Extension (Service Operations) + + + + + + + + OpenStack + + + + 2010 + 2011 + OpenStack + + EXT v1.0 + >Keystone - OpenStack Identity + &PUB_DATE; + + + Copyright details are filled in by the template. + + + + + This document is intended for client developers interested + in using the OpenStack EC2 Authentication Service Extension along with the + Keystone - OpenStack Identity + (API). + + + + + About This Extension + + + Name + + OpenStack EC2 authentication Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + None, the extension makes no modification to the API WADL. + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + OpenStack EC2 authentication Service Extension to Keystone v2.0 API adds the capability to support EC2 style authentication.. + + + + + + + Extension Query Response: XML + + + + Extension Query Response: JSON + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Aug. 24, 2011 + + + + + Initial release. + + + + + + + +
+ + + Summary of Changes + The OpenStack EC2 authentication Service Extension allows + authenticate call using ec2Credentials. +
+ New Headers + None. +
+
+ New Faults + None. +
+
+ New Resources + None. +
+
+ New Actions + None. +
+
+ New Element +
+ + Openstack extension to Keystone v2.0 API enabling EC2 style authentication. + +
+ Authenticate + This extension allows authentication calls to accept new type of credentials ec2Credentials. + These are additional type of credentials defined to support EC2 style authentication. + The usage of ec2Credentials on a existing call to authenticate is illustrated below + + + &URI_REFHEAD; + + + &POST; + /tokens + Authenticate to generate a token. + + + + &CODES;200, 203 + &ERROR_CODES; unauthorized (401), userDisabled + (403), badRequest (400), identityFault + (500), serviceUnavailable(503) + + This call will return a token if successful. + Clients obtain + this token, along with the URL to other service APIs, by first authenticating against the + Keystone Service and supplying valid credentials. + This extension provides support for Rackspace Style API Key credentials. + + + Client authentication is provided via a ReST interface using the POST method, + with v2.0/tokens supplied as the path. A payload of credentials must be included + in the body. + + + The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. + To access the Keystone Service, you must know URL of the Keystone service. + + + XML Auth Request using EC2CREDENTIALS + + + + JSON Auth Request using EC2CREDENTIALS + + + + XML Auth Response + + + + JSON Auth Response + + +
+
+
+ + diff --git a/openstack-identity-api/src/docbkx/RAX-KSGRP-service-devguide.xml b/openstack-identity-api/src/docbkx/RAX-KSGRP-service-devguide.xml new file mode 100644 index 00000000..edf4668b --- /dev/null +++ b/openstack-identity-api/src/docbkx/RAX-KSGRP-service-devguide.xml @@ -0,0 +1,292 @@ + + + + + + + + GET'> + PUT'> + POST'> + DELETE'> + + + + + + '> + + + + + + + + + + + Verb + URI + Description + + '> + + + + + + + + + + + + + + + + + +]> + + Rackspace Keystone Group Extension(Service Operations) + + + + + + + + Rackspace Cloud + + + + 2011 + Rackspace US, Inc. + + EXT v1.0 + >Keystone - OpenStack Identity + &PUB_DATE; + + + Copyright details are filled in by the template. + + + + + This document is intended for client developers interested + in using the Rackspace Keystone Group Extension(Service) along with the + Keystone - OpenStack Identity + (API). + + + + + About This Extension + + + Name + + Rackspace Keystone Group Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + None, the extension makes no modification to the API WADL. + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + Rackspace extensions to Keystone v2.0 API enabling groups. + + + + + + + Extension Query Response: XML + + + + Extension Query Response: JSON + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Aug. 24, 2011 + + + + + Initial release. + + + + + + + +
+ + + Summary of Changes + + Rackspace extensions to Keystone v2.0 API allows authenticate call to also return information about group memberships of the user. + +
+ New Headers + None. +
+
+ New Faults + None. +
+
+ New Resources + None. +
+
+ New Actions + None. +
+
+ New Elements +
+ + Rackspace extensions to Keystone v2.0 API enabling groups. + +
+ + New Elements + + This extension starts returning groups as a part of response when an authenticate call is made. + The samples of new elements that are defined as a part of this extension are listed below. + + + Groups Sample XML + + + + Groups Sample JSON + + +
+
+ Authenticate + This extension allows authentication calls to also return information about groups. + The usage of an existing call to authenticate, where it returns groups is illustrated below + + + &URI_REFHEAD; + + + &POST; + /tokens + Authenticate to generate a token. + + + + &CODES;200, 203 + &ERROR_CODES; unauthorized (401), userDisabled + (403), badRequest (400), identityFault + (500), serviceUnavailable(503) + + This call will return a token if successful. Each ReST request against other services (or other + calls on Keystone such as the GET /tenants call) + requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token. + Clients obtain + this token, along with the URL to other service APIs, by first authenticating against the + Keystone Service and supplying valid credentials. + + + Client authentication is provided via a ReST interface using the POST method, + with v2.0/tokens supplied as the path. A payload of credentials must be included + in the body. + + + The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. + To access the Keystone Service, you must know URL of the Keystone service. + + + XML Auth Request using passwordCredentials + + + + JSON Auth Request using passwordCredentials + + + + XML Auth Response that contains Groups + Yet To Be added + + + JSON Auth Response that contains Groups + Yet To Be added + +
+
+
+ + diff --git a/openstack-identity-api/src/docbkx/RAX-KSKEY-admin-devguide.xml b/openstack-identity-api/src/docbkx/RAX-KSKEY-admin-devguide.xml new file mode 100644 index 00000000..d1347a6d --- /dev/null +++ b/openstack-identity-api/src/docbkx/RAX-KSKEY-admin-devguide.xml @@ -0,0 +1,271 @@ + + + + + + + + GET'> + PUT'> + POST'> + DELETE'> + + + + + + '> + + + + + + + + + + + Verb + URI + Description + + '> + + + + + + + + + + + + +]> + + Rackspace API Key Authentication Extension (Admin Operations) + + + + + + + + Rackspace Cloud + + + + 2011 + Rackspace US, Inc. + + EXT v1.0 + >Keystone - OpenStack Identity + &PUB_DATE; + + + Copyright details are filled in by the template. + + + + + This document is intended for service developers interested + in using the Rackspace API Key Authentication Admin Extension along with the + Keystone - OpenStack Identity + (API). + + + + + About This Extension + + + Name + + Rackspace API Key Authentication Admin Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + >&ALIAS; Extension + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + + &CURRENTWADL; + + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + Rackspace extensions to Keystone v2.0 API enabling API Key authentication. + + + + + + + Extension Query Response: XML + + + + Extension Query Response: JSON + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Sep. 13, 2011 + + + + + Initial release. + + + + + + + +
+ + + Summary of Changes + + The Rackspace API Key Authentication Admin Extension allows crud/listing operations on apikeyCredentials. + +
+ New Headers + None. +
+
+ New Faults + None. +
+
+ New Resources + None. +
+
+ New Actions + None. +
+
+ New Element +
+ apikeyCredentials + This extension allows authentication calls to accept new type of credentials apikeyCredentials. + These are additional type of credentials defined to support rackspace style authentication. + Examples of apikeyCredentials are illustrated below + + + apikeyCredentials XML + + + + apikeyCredentials JSON + + +
+
+
+ RAX-KSKEY-admin Extension API Operations + + + + + + + + + + + + + + + + +
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
+ Following operations are the list of operations whose behavior is altered by Rackspace API Key Authentication Extension: +
+ User Operations + + + + + + + + + + + + +
+
+ + diff --git a/openstack-identity-api/src/docbkx/RAX-KSKEY-service-devguide.xml b/openstack-identity-api/src/docbkx/RAX-KSKEY-service-devguide.xml new file mode 100644 index 00000000..58284984 --- /dev/null +++ b/openstack-identity-api/src/docbkx/RAX-KSKEY-service-devguide.xml @@ -0,0 +1,270 @@ + + + + + + + + GET'> + PUT'> + POST'> + DELETE'> + + + + + + '> + + + + + + + + + + + Verb + URI + Description + + '> + + + + + + + + + + + +]> + + Rackspace API Key Authentication Extension (Service Operations) + + + + + + + + Rackspace Cloud + + + + 2011 + Rackspace US, Inc. + + EXT v1.0 + >Keystone - OpenStack Identity + &PUB_DATE; + + + Copyright details are filled in by the template. + + + + + This document is intended for client developers interested + in using the Rackspace API Key Authentication Service Extension along with the + Keystone - OpenStack Identity + (API). + + + + + About This Extension + + + Name + + Rackspace API Key Authentication Service Extension + + + + Namespace + + &NAMESPACE; + + + + Alias + + &ALIAS; + + + + Dependencies + + Keystone - OpenStack Identity + + + + Doc Link (PDF) + + + + &CURRENTGUIDE; + + + + + + Doc Link (WADL) + + + None, the extension makes no modification to the API WADL. + + + + + Doc Link (XSD) + + + + &EXTENSIONXSD; + + + + + + Short Description + + + Rackspace extensions to Keystone v2.0 API enabling API Key authentication. + + + + + + + Extension Query Response: XML + + + + Extension Query Response: JSON + + +
+ Document Change History + + + + Revision Date + Summary of Changes + + + + + Aug. 24, 2011 + + + + + Initial release. + + + + + + + +
+ + + Summary of Changes + + The Rackspace API Key Authentication Service Extension allows authenticate call to happen using apikeyCredentials. + +
+ New Headers + None. +
+
+ New Faults + None. +
+
+ New Resources + None. +
+
+ New Actions + None. +
+
+ New Element +
+ + Rackspace extensions to Keystone v2.0 API enabling API Key authentication. + +
+ Authenticate + This extension allows authentication calls to accept new type of credentials apikeyCredentials. + These are additional type of credentials defined to support rackspace style authentication. + The usage of apikeyCredentials on a existing call to authenticate is illustrated below + + + &URI_REFHEAD; + + + &POST; + /tokens + Authenticate to generate a token. + + + + &CODES;200, 203 + &ERROR_CODES; unauthorized (401), userDisabled + (403), badRequest (400), identityFault + (500), serviceUnavailable(503) + + This call will return a token if successful. + Clients obtain + this token, along with the URL to other service APIs, by first authenticating against the + Keystone Service and supplying valid credentials. + This extension provides support for Rackspace Style API Key credentials. + + + Client authentication is provided via a ReST interface using the POST method, + with v2.0/tokens supplied as the path. A payload of credentials must be included + in the body. + + + The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. + To access the Keystone Service, you must know URL of the Keystone service. + + + XML Auth Request using apikeyCredentials + + + + JSON Auth Request using apikeyCredentials + + + + XML Auth Response + + + + JSON Auth Response + + +
+
+
+ + diff --git a/openstack-identity-api/src/docbkx/identity-OS-KSADM-api.xml b/openstack-identity-api/src/docbkx/identity-OS-KSADM-api.xml new file mode 100644 index 00000000..cc6b10bd --- /dev/null +++ b/openstack-identity-api/src/docbkx/identity-OS-KSADM-api.xml @@ -0,0 +1,112 @@ + +
+ OS-KSADM Admin Extension API (Service Developer Operations) + Extension operations. + + + + + + + + + + + + + + + + +
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
+ The following calls are supported by OS-KSADM-admin Extension: + +
+ User Operations + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ Tenant Operations + + + + + + + + + + + + + + + + + + + + +
+ +
+ Role Operations + + + + + + + + + + +
+ +
+ Service Operations + + + + + + + + + + +
+
diff --git a/openstack-identity-api/src/docbkx/identity-OS-KSCATALOG-api.xml b/openstack-identity-api/src/docbkx/identity-OS-KSCATALOG-api.xml new file mode 100644 index 00000000..d69bc0a1 --- /dev/null +++ b/openstack-identity-api/src/docbkx/identity-OS-KSCATALOG-api.xml @@ -0,0 +1,54 @@ + +
+ OS-KSCATALOG Admin Extension + Extension operations. + + + + + + + + + + + + + + + + +
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
+ The following calls are supported by API OS-KSCATALOG Extension on top of Keystone Admin 2.0: + +
+ Endpoint Template Operations + + + + + + + + + + +
+ + +
+ Endpoint Operations + + + + + + + + + + +
+
diff --git a/openstack-identity-api/src/docbkx/identity-client-api.xml b/openstack-identity-api/src/docbkx/identity-client-api.xml index 78b18146..e8813c77 100644 --- a/openstack-identity-api/src/docbkx/identity-client-api.xml +++ b/openstack-identity-api/src/docbkx/identity-client-api.xml @@ -1,175 +1,19 @@ - - - - - - - -GET'> -PUT'> -POST'> -DELETE'> -HEAD'> - - - - - - -'> - - - -This operation does not require a request body.'> - - -Verb -URI -Description - -'> - - -Verb -URI -Description - -'> -]> - - Service API (Client Operations) - The operations described in this chapter allow clients to authenticate and get - access tokens and service endpoints. -
- Core Service API - The following calls are core Keystone Service APIs in version 2.0 - - &URI_REFHEAD; - - - &POST; - /tokens - Authenticate to generate a token. - - - &GET; - /tenants - Get a list of tenants accessible with supplied token. - - - -
- -
- Available Operations -
- Authenticate for Service API - - &URI_REFHEAD; - - - &POST; - /tokens - Authenticate to generate a token. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), userDisabled - (403), badRequest (400), identityFault - (500), serviceUnavailable(503) - - This call will return a token if successful. Each ReST request against other services (or other - calls on Keystone such as the GET /tenants call) - requires the inclusion of a specific authorization token HTTP x-header, defined as X-Auth-Token. - Clients obtain - this token, along with the URL to other service APIs, by first authenticating against the - Keystone Service and supplying valid credentials. - - - Client authentication is provided via a ReST interface using the POST method, - with v2.0/tokens supplied as the path. A payload of credentials must be included - in the body. - - - The Keystone Service is a ReSTful web service. It is the entry point to all service APIs. - To access the Keystone Service, you must know URL of the Keystone service. - - - XML Auth Request - - - - - - JSON Auth Request - - - - - - XML Auth Response - - - - - - JSON Auth Response - - - - -
-
- Get Tenants - - &LONG_URI_REFHEAD; - - - &GET; - /tenants - Get a list of tenants. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), overLimit(413), - badRequest (400), identityFault (500), - serviceUnavailable(503) - - The operation returns a list of tenants which the supplied token provides - access to. This call must be authenticated, so a valid token must - be passed in as a header. - - - Tenants Request with Auth Token - - - - - &NO_REQUEST; - - JSON Tenants Response - - - - - - XML Tenants Response - - - - -
-
- - + +
+ Service API (Client Operations) + The operations described in this chapter allow clients to authenticate and get access + tokens and service endpoints. The following calls are core Keystone Service APIs in version + 2.0: + + + + + + + + +
+ diff --git a/openstack-identity-api/src/docbkx/identity-dev-guide.xml b/openstack-identity-api/src/docbkx/identity-dev-guide.xml old mode 100755 new mode 100644 index adc64a6e..187ef04f --- a/openstack-identity-api/src/docbkx/identity-dev-guide.xml +++ b/openstack-identity-api/src/docbkx/identity-dev-guide.xml @@ -1,49 +1,46 @@ - - - - Keystone Developer Guide - - - - - - - - OpenStack - - - - 2010 - 2011 - OpenStack - - API v2.0 - Keystone - OpenStack Identity - 2011-08-29 - - - Copyright details are filled in by the template. - - - - This document is intended for software developers interested in developing - applications that utilize the Keystone Identity Service for authentication. This - document also includes details on how to integrate services with the Keystone - Identity Service. - - - - - - - - + + + + Keystone Developer Guide + + + + + + + + OpenStack + + + + 2010 + 2011 + OpenStack + + API v2.0 + Keystone - OpenStack Identity + 2011-08-29 + + + Copyright details are filled in by the template. + + + + This document is intended for software developers interested in developing + applications that utilize the Keystone Identity Service for authentication. This + document also includes details on how to integrate services with the Keystone + Identity Service. + + + + + + + API Operations + + + + diff --git a/openstack-identity-api/src/docbkx/identity-service-api.xml b/openstack-identity-api/src/docbkx/identity-service-api.xml index 3b19b23c..ccd5768f 100644 --- a/openstack-identity-api/src/docbkx/identity-service-api.xml +++ b/openstack-identity-api/src/docbkx/identity-service-api.xml @@ -1,591 +1,78 @@ - - - - - - -GET'> -PUT'> -POST'> -DELETE'> -HEAD'> - - - - - - -'> - - - -This operation does not require a request body.'> - - -Verb -URI -Description - -'> - - -Verb -URI -Description - -'> -]> - - Admin API (Service Developer Operations) - - - The operations described in this chapter allow service developers to get and validate +
+ Admin API (Service Developer Operations) + The operations described in this chapter allow service developers to get and validate access tokens, manage users, tenants, roles, and service endpoints. - -
- Core Admin API - The following calls are core for the Keystone Admin 2.0 APIs - -
- Admin Access - Most calls on the Admin API require authentication. The only calls available without authentication are the calls to discover the service (getting version info, WADL contract, dev guide, help, etc…) and the call to authenticate and get a token. - -Authentication is performed by passing in a valid token in the X-Auth-Token header on the request from the client. -Keystone will verify the token has (or belongs to a user that has) the Admin role. - - - See the readme file or administrator guides for how to bootstrap Keystone and create your first administrator. - - - - - - - - - - - - - - - - - -
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
-
-
- Tokens - - &LONG_URI_REFHEAD; - - - &POST; - /tokens - Returns a token in exchange for valid credentials. - - - &GET; - /tokens/tokenId?belongsTo=tenantId - Validate a token.If `belongsTo` is provided, validates that a token belongs to a specific tenant. - - - &HEAD; - /tokens/tokenId?belongsTo=tenantId - Validate a token.(Quick check).Returns no body. - If `belongsTo` is provided, validates that a token belongs to a specific tenant. - - - - -
- -
- Users - - &LONG_URI_REFHEAD; - - - &GET; - /users?username=userName - Returns detailed information about a specific user, by user name. - - - &GET; - /users/userId - Returns detailed information about a specific user, by user id. - - - &GET; - - /users/userId/roles - - - Get a list of global roles for a specific user (excludes tenant roles). - - - - -
- -
- Tenants - - &LONG_URI_REFHEAD; - - - &GET; - /tenants - Get a list of tenants. - - - &GET; - /tenants/?tenantname=tenantName - Returns detailed information about a tenant, by name. - - - &GET; - /tenants/tenantId - Returns detailed information about a tenant, by id. - - - &GET; - /tenants/tenantId/roles - Get roles of a tenant. - - - &GET; - - /tenants/tenantId/endpoints - - - Get a list of endpoints for a tenant. - - - - &GET; - - /tenants/tenantId/users/userId/roles - - - Returns a list of roles for a user on a specific tenant. - - - - -
-
-
- Token Operations -
- Authenticate - - &URI_REFHEAD; - - - &POST; - /tokens - Authenticate to generate a token. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), userDisabled - (403), badRequest (400), identityFault - (500), serviceUnavailable(503) - - TenantID is optional and may be used to specify that a - token should be returned that has access to the resources - of that particular tenant. - - - XML Auth Request - - - - - - JSON Auth Request - - - - - - XML Auth Response - - - - - - JSON Auth Response - - - - -
- -
- Validate Token - - &LONG_URI_REFHEAD; - - - &GET; - /tokens/tokenId?belongsTo=tenantId - Check that a token is valid and that it belongs to a particular user - and return the permissions relevant to a particular client. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), forbidden - (403), userDisabled(403), - badRequest (400), itemNotFound (404), - identityFault(500), - serviceUnavailable(503) - &NO_REQUEST; - - Valid tokens will exist in the - /tokens/tokenId path and invalid - tokens will not. In other words, a user should expect an - itemNotFound (404) fault for an - invalid token. - - - XML Validate Token Response - - - - - - JSON Validate Token Response - - - - -
-
- Validate Token - - &LONG_URI_REFHEAD; - - - &HEAD; - /tokens/tokenId?belongsTo=tenantId - Check that a token is valid and that it belongs to a particular user - (For perfromance). - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), forbidden - (403), userDisabled(403), - badRequest (400), itemNotFound (404), - identityFault(500), - serviceUnavailable(503) - &NO_REQUEST; - - Valid tokens will exist in the - /tokens/tokenId path and invalid - tokens will not. In other words, a user should expect an - itemNotFound (404) fault for an - invalid token. - - - XML Validate Token Response - - No Response body is returned. - - - - JSON Validate Token Response - - No Response body is returned. - - -
-
- -
- User Operations -
- Get a User - - &LONG_URI_REFHEAD; - - - &GET; - /users/userId - Get a user by user id. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML User Response - - - - - - JSON User Response - - - - -
- -
- Get a User - - &LONG_URI_REFHEAD; - - - &GET; - /users?username=userName - Get a user by user name. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML User Response - - - - - - JSON User Response - - - - -
- -
- Get list of User Roles - - &LONG_URI_REFHEAD; - - - &GET; - /users/user_id/roles - Returns a list of global roles associated with a specific user (excludes tenant roles). - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML User Role Response - - - - - - JSON User Role Response - - - - -
-
- -
+ Most calls on the Admin API require authentication. The only calls available without + authentication are the calls to discover the service (getting version info, WADL contract, + dev guide, help, etc…) and the call to authenticate and get a token. + Authentication is performed by passing in a valid token in the X-Auth-Token + header on the request from the client. Keystone will verify the token has (or belongs to a + user that has) the Admin role. + See the readme file or administrator guides for how to bootstrap Keystone and create your + first administrator. + + + + + + + + + + + + + + + + +
Authentication Header
Header TypeNameValue
HTTP/1.1 RequestX-Auth-Tokentxfa8426a08eaf
+ The following calls are core for the Keystone Admin 2.0 APIs: +
+ Token Operations + + + + + + + + + + + + +
+
+ User Operations + + + + + + + + + + + +
+
Tenant Operations -
- Get Tenants - - &LONG_URI_REFHEAD; - - - &GET; - /tenants - Get a list of tenants. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), overLimit(413), - badRequest (400), identityFault (500), - serviceUnavailable(503) - - The operation returns a list of tenants which the caller has - access to. This call must be authenticated, so a valid token must - be passed in as a header. - - - Tenants Request with Auth Token - - - - - &NO_REQUEST; - - JSON Tenants Response - - - - - - XML Tenants Response - - - - -
- -
- Get a Tenant - - &LONG_URI_REFHEAD; - - - &GET; - /tenants/tenantId - Get a tenant. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML Tenant Response - - - - - - JSON Tenant Response - - - - -
- -
- Get a Tenant by Name - - &LONG_URI_REFHEAD; - - - &GET; - /tenants?name=tenant_name - Get a tenant by name. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML Tenant Response - - - - - - JSON Tenant Response - - - - -
- -
- Get list of Tenant Endpoints - - &LONG_URI_REFHEAD; - - - &GET; - /tenants/tenantId/endpoints - Returns a list of roles for a user on a specific tenant. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML Tenant Response - - - - - - JSON Tenant Response - - - - -
- -
- Get list of Roles assigned for a User on a Tenant - - &LONG_URI_REFHEAD; - - - &GET; - /tenants/tenant_id/users/user_id/roles - Returns a list of roles assigned to a user for a specific tenant. - - - - &CODES;200, 203 - &ERROR_CODES; unauthorized (401), - forbidden(403), itemNotFound(404), - badRequest (400), identityFault (500), - serviceUnavailable(503) - &NO_REQUEST; - - XML Tenant Response - - - - - - JSON Tenant Response - - - - -
-
- + + + + + + + + + + + + +
+