openstack
/
api-site
Code Issues Proposed changes

Add os-trust extension for Identity v3 

Change-Id: I4b47ca6b4f9eed2d163d456ecd7c640b2623a0ed
Closes-Bug: #1289562
This commit is contained in:
Diane Fleming 2015-04-04 20:16:50 -05:00
parent f7feabd151
commit 33ec1bd067
6 changed files with 295 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
api-ref/src/docbkx/ch_identity-v3-ext.xml
View File

@ -13,8 +13,8 @@
role="api-reference">
<title>Identity API v3 extensions (CURRENT)</title>
<section xml:id="identity_v3_OS-OAUTH1-ext">
<title>OS-OAUTH1 extension</title>
<para>Enables users to delegate roles to third-party consumers
<title>OAuth extension (OS-OAUTH1)</title>
<para>Enable users to delegate roles to third-party consumers
through the <link xlink:href="http://oauth.net/core/1.0a/"
>OAuth 1.0a specification</link>.</para>
<para>A user is an Identity API user who delegates its
@ -65,4 +65,28 @@
href="../wadls/identity-api/src/v3/wadl/OS-OAUTH1-v3.wadl"
xmlns:wadl="http://wadl.dev.java.net/2009/02"/>
</section>
<section xml:id="identity_v3_OS-TRUST-ext">
<title>Trust extension (OS-TRUST)</title>
<para>Create a trust.</para>
<para>
A trust is an OpenStack Identity extension that enables delegation
and, optionally, impersonation through <code>keystone</code>. A
trust extension defines a relationship between a trustor and
trustee. A trustor is the user who delegates a limited set of
their own rights to another user. A trustee is the user whose
trust is being delegated to, for a limited time.
</para>
<para>
The trust can eventually enable the trustee to impersonate the
trustor. For security reasons, some safety measures are added. For
example, if a trustor loses a given role, any trusts and the
related tokens that the user issued with that role are
automatically revoked.
</para>
<para>For more information, see <link
xlink:href="http://docs.openstack.org/admin-guide-cloud/content/section_keystone-trusts.html">Use trusts</link>.</para>
<wadl:resources
href="../wadls/identity-api/src/v3/wadl/OS-TRUST-v3.wadl"
xmlns:wadl="http://wadl.dev.java.net/2009/02"/>
</section>
</chapter>

4
api-ref/src/wadls/identity-api/src/v3/wadl/OS-OAUTH1-v3.wadl
View File

@ -14,14 +14,14 @@
<application xmlns="http://wadl.dev.java.net/2009/02"
xmlns:wadl="http://wadl.dev.java.net/2009/02"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:identity="http://docs.openstack.org/identity/api/v2.0"
xmlns:identity="http://docs.openstack.org/identity/api/v3"
xmlns:capi="http://docs.openstack.org/common/api/v1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:db="http://docbook.org/ns/docbook"
xmlns:csapi="http://docs.openstack.org/identity/api/v3"
xmlns:xsdxt="http://docs.rackspacecloud.com/xsd-ext/v1.0"
xsi:schemaLocation="http://docs.openstack.org/identity/api/v3.0 ../xsd/api.xsd
xsi:schemaLocation="http://docs.openstack.org/identity/api/v3 ../xsd/api.xsd
http://docs.openstack.org/common/api/v1.0 ../xsd/api-common.xsd
http://wadl.dev.java.net/2009/02 http://www.w3.org/Submission/wadl/wadl.xsd
">

224
api-ref/src/wadls/identity-api/src/v3/wadl/OS-TRUST-v3.wadl Normal file
View File

@ -0,0 +1,224 @@
<?xml version="1.0" encoding="UTF-8"?>
<!-- (C) 2011-2014 OpenStack Foundation, All Rights Reserved -->
<!--*******************************************************-->
<!-- Import Common XML Entities -->
<!-- -->
<!-- You can resolve the entities with xmllint -->
<!-- -->
<!-- xmllint -noent OS-TRUST-v3.wadl -->
<!--*******************************************************-->
<!DOCTYPE application [
<!ENTITY % common SYSTEM "common.ent">
%common;
]>
<application xmlns="http://wadl.dev.java.net/2009/02"
xmlns:wadl="http://wadl.dev.java.net/2009/02"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:identity="http://docs.openstack.org/identity/api/v3"
xmlns:capi="http://docs.openstack.org/common/api/v1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:db="http://docbook.org/ns/docbook"
xmlns:csapi="http://docs.openstack.org/identity/api/v3"
xmlns:xsdxt="http://docs.rackspacecloud.com/xsd-ext/v1.0"
xsi:schemaLocation="http://docs.openstack.org/identity/api/v3 ../xsd/api.xsd
http://docs.openstack.org/common/api/v1.0 ../xsd/api-common.xsd
http://wadl.dev.java.net/2009/02 http://www.w3.org/Submission/wadl/wadl.xsd
">
<grammars>
<include href="../xsd/api.xsd"/>
<include href="../xsd/api-common.xsd"/>
</grammars>
<!--*******************************************************-->
<!-- All Resources -->
<!--*******************************************************-->
<!-- We should use SSL in production -->
<resources base="http://localhost:5000" xml:id="OS-TRUST-v3">
<!-- FYI: double slash needed in path to get a single slash to display -->
<resource id="v3" path="//v3">
<resource id="os-trust" path="OS-TRUST">
<resource id="trust" path="trust">
<method href="#createTrust"/>
</resource>
</resource>
</resource>
</resources>
<!--*******************************************************-->
<!-- All Methods -->
<!--*******************************************************-->
<!--Consumers Operations-->
<method name="POST" id="createTrust">
<wadl:doc xml:lang="EN" xmlns="http://docbook.org/ns/docbook"
title="Create trust">
<para role="shortdesc">Creates a
trust.</para>
</wadl:doc>
<request>
<representation mediaType="application/json">
<wadl:doc xmlns="http://docbook.org/ns/docbook">
<xsdxt:sample>
<xsdxt:code
href="samples/OS-TRUST/trust-POST-req.json"
/>
</xsdxt:sample>
</wadl:doc>
<param name="trust" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>A trust object.</para>
</wadl:doc>
</param>
<param name="expires_at" style="plain"
type="xsd:dict" required="false">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The ISO 8601 date time when a trust
expires. If the Identity API does not
include this attribute or the attribute is
null, the trust lasts
indefinitely.
</para>
</wadl:doc>
</param>
<param name="impersonation" style="plain" type="xsd:boolean"
required="false">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The impersonation flag. Default is false.</para>
</wadl:doc>
</param>
<param name="project_id" style="plain" type="csapi:uuid"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The ID of the project.</para>
</wadl:doc>
</param>
<param name="remaining_uses" style="plain" type="xsd:boolean" required="false">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>Remaining uses flag. Default is null.</para>
</wadl:doc>
</param>
<param name="roles" style="plain" type="xsd:dict"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>A roles object.</para>
</wadl:doc>
</param>
<param name="name" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The role name.</para>
</wadl:doc>
</param>
<param name="trustee_user_id" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The trustee user ID.</para>
</wadl:doc>
</param>
<param name="trustor_user_id" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The trustor user ID.</para>
</wadl:doc>
</param>
</representation>
</request>
<response status="201">
<representation mediaType="application/json">
<wadl:doc xmlns="http://docbook.org/ns/docbook">
<xsdxt:sample>
<xsdxt:code
href="samples/OS-TRUST/trust-POST-resp.json"
/>
</xsdxt:sample>
</wadl:doc>
<param name="trust" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>A trust object.</para>
</wadl:doc>
</param>
<param name="expires_at" style="plain"
type="xsd:dict" required="false">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The ISO 8601 date time when a trust
expires. If you omit this attribute, the trust lasts
indefinitely.
</para>
</wadl:doc>
</param>
<param name="id" style="plain" type="csapi:uuid"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The ID of the trust.</para>
</wadl:doc>
</param>
<param name="impersonation" style="plain" type="xsd:boolean"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The impersonation flag.</para>
</wadl:doc>
</param>
<param name="links" style="plain" type="xsd:dict"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>Trust links.</para>
</wadl:doc>
</param>
<param name="project_id" style="plain" type="csapi:uuid"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The ID of the project.</para>
</wadl:doc>
</param>
<param name="remaining_uses" style="plain" type="xsd:boolean" required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>Remaining uses flag.</para>
</wadl:doc>
</param>
<param name="roles" style="plain" type="xsd:dict"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>A roles object. Includes <code>id</code>, <code>name</code>, and <code>links</code> for any roles.</para>
</wadl:doc>
</param>
<param name="roles_links" style="plain" type="xsd:dict"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>A roles links object. Includes <code>next</code>, <code>previous</code>, and <code>self</code> links for roles.</para>
</wadl:doc>
</param>
<param name="trustee_user_id" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The trustee user ID.</para>
</wadl:doc>
</param>
<param name="trustor_user_id" style="plain" type="xsd:string"
required="true">
<wadl:doc xml:lang="EN"
xmlns="http://docbook.org/ns/docbook">
<para>The trustor user ID.</para>
</wadl:doc>
</param>
</representation>
</response> &commonFaults;</method>
</application>

2
api-ref/src/wadls/identity-api/src/v3/wadl/identity-admin-v3.wadl
View File

@ -13,7 +13,7 @@
]>
<application xmlns="http://wadl.dev.java.net/2009/02"
xmlns:wadl="http://wadl.dev.java.net/2009/02"
xmlns:identity="http://docs.openstack.org/identity/api/v2.0"
xmlns:identity="http://docs.openstack.org/identity/api/v3"
xmlns:capi="http://docs.openstack.org/common/api/v1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"

14
api-ref/src/wadls/identity-api/src/v3/wadl/samples/OS-TRUST/trust-POST-req.json Normal file
View File

@ -0,0 +1,14 @@
{
"trust": {
"expires_at": "2014-12-30T23:59:59.999999Z",
"impersonation": false,
"project_id": "'$PROJECT_ID'",
"roles": [
{
"name": "admin"
}
],
"trustee_user_id": "'$DEMO_USER_ID'",
"trustor_user_id": "'$ADMIN_USER_ID'"
}
}

28
api-ref/src/wadls/identity-api/src/v3/wadl/samples/OS-TRUST/trust-POST-resp.json Normal file
View File

@ -0,0 +1,28 @@
{
"trust": {
"expires_at": "2014-12-30T23:59:59.999999Z",
"id": "394998fa61f14736b1f0c1f322882949",
"impersonation": false,
"links": {
"self": "http://localhost:5000/v3/OS-TRUST/trusts/394998fa61f14736b1f0c1f322882949"
},
"project_id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"remaining_uses": null,
"roles": [
{
"id": "c703057be878458588961ce9a0ce686b",
"links": {
"self": "http://localhost:5000/v3/roles/c703057be878458588961ce9a0ce686b"
},
"name": "admin"
}
],
"roles_links": {
"next": null,
"previous": null,
"self": "http: //localhost:5000/v3/OS-TRUST/trusts/394998fa61f14736b1f0c1f322882949/roles"
},
"trustee_user_id": "269348fdd9374b8885da1418e0730af1",
"trustor_user_id": "3ec3164f750146be97f21559ee4d9c51"
}
}