diff --git a/docs/iam/api-ref/ALL_META.TXT.json b/docs/iam/api-ref/ALL_META.TXT.json new file mode 100644 index 00000000..83200979 --- /dev/null +++ b/docs/iam/api-ref/ALL_META.TXT.json @@ -0,0 +1,1612 @@ +[ + { + "uri":"iam_02_0017.html", + "product_code":"iam", + "code":"1", + "des":"Public cloud APIs comply with the RESTful API design principles. REST-based web services are organized into resources. Each resource is identified by one or more Uniform ", + "doc_type":"api", + "kw":"API Usage Guidelines,API Reference", + "title":"API Usage Guidelines", + "githuburl":"" + }, + { + "uri":"iam_02_0000.html", + "product_code":"iam", + "code":"2", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Calling APIs", + "title":"Calling APIs", + "githuburl":"" + }, + { + "uri":"iam_02_0008.html", + "product_code":"iam", + "code":"3", + "des":"This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token (see Obtaining a User Token) as an example to demonstrate how ", + "doc_type":"api", + "kw":"Making an API Request,Calling APIs,API Reference", + "title":"Making an API Request", + "githuburl":"" + }, + { + "uri":"iam_02_0510.html", + "product_code":"iam", + "code":"4", + "des":"Requests for calling an API can be authenticated using either of the following methods:Token-based authentication: Requests are authenticated using a token.AK/SK-based au", + "doc_type":"api", + "kw":"Authentication,Calling APIs,API Reference", + "title":"Authentication", + "githuburl":"" + }, + { + "uri":"iam_02_0511.html", + "product_code":"iam", + "code":"5", + "des":"After sending a request, you will receive a response, including the status code, response header, and response body.A status code is a group of digits, ranging from 1xx t", + "doc_type":"api", + "kw":"Response,Calling APIs,API Reference", + "title":"Response", + "githuburl":"" + }, + { + "uri":"iam_20_0000.html", + "product_code":"iam", + "code":"6", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"APIs", + "title":"APIs", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845626.html", + "product_code":"iam", + "code":"7", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Token Management", + "title":"Token Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845583.html", + "product_code":"iam", + "code":"8", + "des":"This API is used to obtain a token through username/password authentication. A token is a system object encapsulating the identity and permissions of a user. When calling", + "doc_type":"api", + "kw":"Obtaining a User Token,Token Management,API Reference", + "title":"Obtaining a User Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0064274720.html", + "product_code":"iam", + "code":"9", + "des":"This API is used to obtain an agency token. For example, after a trust relationship is established between A and B, A is the delegating party and B is the delegated party", + "doc_type":"api", + "kw":"Obtaining an Agency Token,Token Management,API Reference", + "title":"Obtaining an Agency Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845585.html", + "product_code":"iam", + "code":"10", + "des":"This API is used to check the validity of a specified token. If the token is valid, detailed information about the token will be returned.GET /v3/auth/tokensParameters in", + "doc_type":"api", + "kw":"Verifying a Token and Returning a Valid Token,Token Management,API Reference", + "title":"Verifying a Token and Returning a Valid Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845586.html", + "product_code":"iam", + "code":"11", + "des":"This API can be used by the administrator to verify the token of a user or used by a user to verify their token. The administrator can only verify the token of a user cre", + "doc_type":"api", + "kw":"Verifying a Token,Token Management,API Reference", + "title":"Verifying a Token", + "githuburl":"" + }, + { + "uri":"iam_02_0063.html", + "product_code":"iam", + "code":"12", + "des":"This API is used to delete a token no matter whether the token has expired or not.DELETE /v3/auth/tokensParameters in the request headerParameterMandatoryTypeDescriptionX", + "doc_type":"api", + "kw":"Deleting a User Token,Token Management,API Reference", + "title":"Deleting a User Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0097942776.html", + "product_code":"iam", + "code":"13", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Access Key Management", + "title":"Access Key Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0097949518.html", + "product_code":"iam", + "code":"14", + "des":"You can obtain a temporary AK/SK and security token (offline AK/SK) by using a user token, agency token, and federated token. A temporary AK/SK is a token with temporary ", + "doc_type":"api", + "kw":"Obtaining a Temporary AK/SK,Access Key Management,API Reference", + "title":"Obtaining a Temporary AK/SK", + "githuburl":"" + }, + { + "uri":"iam_03_0001.html", + "product_code":"iam", + "code":"15", + "des":"This API can be used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key for itself.Access keys ", + "doc_type":"api", + "kw":"Creating a Permanent Access Key,Access Key Management,API Reference", + "title":"Creating a Permanent Access Key", + "githuburl":"" + }, + { + "uri":"iam_03_0003.html", + "product_code":"iam", + "code":"16", + "des":"This API can be used by the administrator to list all permanent access key of an IAM user or used by an IAM user to list all of their permanent access keys.The API can be", + "doc_type":"api", + "kw":"Listing Permanent Access Keys,Access Key Management,API Reference", + "title":"Listing Permanent Access Keys", + "githuburl":"" + }, + { + "uri":"iam_03_0002.html", + "product_code":"iam", + "code":"17", + "des":"This API can be used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their permanent access keys.Th", + "doc_type":"api", + "kw":"Querying a Permanent Access Key,Access Key Management,API Reference", + "title":"Querying a Permanent Access Key", + "githuburl":"" + }, + { + "uri":"iam_03_0004.html", + "product_code":"iam", + "code":"18", + "des":"This API can be used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their permanent access keys.", + "doc_type":"api", + "kw":"Modifying a Permanent Access Key,Access Key Management,API Reference", + "title":"Modifying a Permanent Access Key", + "githuburl":"" + }, + { + "uri":"iam_03_0005.html", + "product_code":"iam", + "code":"19", + "des":"This API can be used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their permanent access keys.", + "doc_type":"api", + "kw":"Deleting a Permanent Access Key,Access Key Management,API Reference", + "title":"Deleting a Permanent Access Key", + "githuburl":"" + }, + { + "uri":"en-us_topic_0067148042.html", + "product_code":"iam", + "code":"20", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Region Management", + "title":"Region Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0067148043.html", + "product_code":"iam", + "code":"21", + "des":"This API is used to query a region list.GET /v3/regionsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset", + "doc_type":"api", + "kw":"Querying a Region List,Region Management,API Reference", + "title":"Querying a Region List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0067148044.html", + "product_code":"iam", + "code":"22", + "des":"This API is used to query region details.URI formatGET /v3/regions/{region_id}GET /v3/regions/{region_id}URI parametersParameterMandatoryTypeDescriptionregion_idYesString", + "doc_type":"api", + "kw":"Querying Region Details,Region Management,API Reference", + "title":"Querying Region Details", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845642.html", + "product_code":"iam", + "code":"23", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Project Management", + "title":"Project Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845625.html", + "product_code":"iam", + "code":"24", + "des":"This API is used to query project information based on the specified criteria.URI formatGET /v3/projects{?domain_id,name,enabled,parent_id,is_domain,page,per_page}GET /v3", + "doc_type":"api", + "kw":"Querying Project Information Based on the Specified Criteria,Project Management,API Reference", + "title":"Querying Project Information Based on the Specified Criteria", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845622.html", + "product_code":"iam", + "code":"25", + "des":"This API is used to query the project list of a specified user.URI formatGET /v3/users/{user_id}/projectsGET /v3/users/{user_id}/projectsURI parametersParameterMandatoryT", + "doc_type":"api", + "kw":"Querying a User Project List,Project Management,API Reference", + "title":"Querying a User Project List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845558.html", + "product_code":"iam", + "code":"26", + "des":"This API is used to query the list of projects accessible to users.GET /v3/auth/projectsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesSt", + "doc_type":"api", + "kw":"Querying the List of Projects Accessible to Users,Project Management,API Reference", + "title":"Querying the List of Projects Accessible to Users", + "githuburl":"" + }, + { + "uri":"en-us_topic_0066154565.html", + "product_code":"iam", + "code":"27", + "des":"This API is used to create a project.POST /v3/projectsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset=", + "doc_type":"api", + "kw":"Creating a Project,Project Management,API Reference", + "title":"Creating a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0066154566.html", + "product_code":"iam", + "code":"28", + "des":"This API is used to modify project information.URI formatPATCH /v3/projects/{project_id}PATCH /v3/projects/{project_id}URI parametersParameterMandatoryTypeDescriptionproj", + "doc_type":"api", + "kw":"Modifying Project Data,Project Management,API Reference", + "title":"Modifying Project Data", + "githuburl":"" + }, + { + "uri":"en-us_topic_0066154567.html", + "product_code":"iam", + "code":"29", + "des":"This API is used to query detailed information about a project based on the project ID.URI formatGET /v3/projects/{project_id}GET /v3/projects/{project_id}URI parametersP", + "doc_type":"api", + "kw":"Querying Information About a Specified Project,Project Management,API Reference", + "title":"Querying Information About a Specified Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0074171149.html", + "product_code":"iam", + "code":"30", + "des":"This API is used to set the status of a specified project. The project statuses include Normal and Suspended.URI formatPUT /v3-ext/projects/{project_id}PUT /v3-ext/projec", + "doc_type":"api", + "kw":"Setting the Status of a Specified Project,Project Management,API Reference", + "title":"Setting the Status of a Specified Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079466135.html", + "product_code":"iam", + "code":"31", + "des":"This API is used to query details about a specified project, including the project status.URI formatGET /v3-ext/projects/{project_id}GET /v3-ext/projects/{project_id}URI ", + "doc_type":"api", + "kw":"Querying Information and Status of a Specified Project,Project Management,API Reference", + "title":"Querying Information and Status of a Specified Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0094012960.html", + "product_code":"iam", + "code":"32", + "des":"This API is used to delete a project.URI formatDELETE /v3/projects/{project_id}DELETE /v3/projects/{project_id}URI parametersParameterMandatoryTypeDescriptionproject_idYe", + "doc_type":"api", + "kw":"Deleting a Project,Project Management,API Reference", + "title":"Deleting a Project", + "githuburl":"" + }, + { + "uri":"iam_02_0037.html", + "product_code":"iam", + "code":"33", + "des":"This API is used to query the quotas of a specified project.URI formatGET /v3.0/OS-QUOTA/projects/{project_id}GET /v3.0/OS-QUOTA/projects/{project_id}URI parametersStatus", + "doc_type":"api", + "kw":"Querying the Quotas of a Project,Project Management,API Reference", + "title":"Querying the Quotas of a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845621.html", + "product_code":"iam", + "code":"34", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Tenant Management", + "title":"Tenant Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845574.html", + "product_code":"iam", + "code":"35", + "des":"This API is used to query the list of domains accessible to users.GET /v3/auth/domainsParameters in the request headerParameterMandatoryTypeDescriptionX-Auth-TokenYesStri", + "doc_type":"api", + "kw":"Querying the List of Domains Accessible to Users,Tenant Management,API Reference", + "title":"Querying the List of Domains Accessible to Users", + "githuburl":"" + }, + { + "uri":"iam_02_0007.html", + "product_code":"iam", + "code":"36", + "des":"This API is used to query the password strength policy, including its regular expression and description.URI formatGET /v3/domains/{domain_id}/config/security_complianceG", + "doc_type":"api", + "kw":"Querying the Password Strength Policy,Tenant Management,API Reference", + "title":"Querying the Password Strength Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0113.html", + "product_code":"iam", + "code":"37", + "des":"This API is used to query the password strength policy by option. The option can be the regular expression and description of the password strength policy.URI formatGET /", + "doc_type":"api", + "kw":"Querying the Password Strength Policy by Option,Tenant Management,API Reference", + "title":"Querying the Password Strength Policy by Option", + "githuburl":"" + }, + { + "uri":"iam_02_0114.html", + "product_code":"iam", + "code":"38", + "des":"This API is used to query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies.URI formatGET /v3.0/OS-QUOTA/domains", + "doc_type":"api", + "kw":"Querying a Resource Quota,Tenant Management,API Reference", + "title":"Querying a Resource Quota", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845593.html", + "product_code":"iam", + "code":"39", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"User Management", + "title":"User Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845638.html", + "product_code":"iam", + "code":"40", + "des":"This API is used to query a user list.URI formatGET /v3/usersGET /v3/usersURI parametersParameterMandatoryTypeDescriptiondomain_idNoStringID of the domain that a user bel", + "doc_type":"api", + "kw":"Querying a User List,User Management,API Reference", + "title":"Querying a User List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845652.html", + "product_code":"iam", + "code":"41", + "des":"This API is used to query detailed information about a specified user.URI formatGET /v3/users/{user_id}GET /v3/users/{user_id}URI parametersParameterMandatoryTypeDescript", + "doc_type":"api", + "kw":"Querying User Details,User Management,API Reference", + "title":"Querying User Details", + "githuburl":"" + }, + { + "uri":"iam_08_0004.html", + "product_code":"iam", + "code":"42", + "des":"This API can be used by the administrator to query the details about a specified user or used by a user to query their details.GET /v3.0/OS-USER/users/{user_id}Status cod", + "doc_type":"api", + "kw":"Querying User Details (Recommended),User Management,API Reference", + "title":"Querying User Details (Recommended)", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845554.html", + "product_code":"iam", + "code":"43", + "des":"This API is used to query the information about the user group to which a specified user belongs.URI formatGET /v3/users/{user_id}/groupsGET /v3/users/{user_id}/groupsURI", + "doc_type":"api", + "kw":"Querying the User Group to Which a User Belongs,User Management,API Reference", + "title":"Querying the User Group to Which a User Belongs", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845561.html", + "product_code":"iam", + "code":"44", + "des":"This API is used to query users in a user group.URI formatGET /v3/groups/{group_id}/usersGET /v3/groups/{group_id}/usersURI parametersParameterMandatoryTypeDescriptiongro", + "doc_type":"api", + "kw":"Querying Users in a User Group,User Management,API Reference", + "title":"Querying Users in a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845637.html", + "product_code":"iam", + "code":"45", + "des":"This API is used to create a user under a domain.POST /v3/usersParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json", + "doc_type":"api", + "kw":"Creating a User,User Management,API Reference", + "title":"Creating a User", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845653.html", + "product_code":"iam", + "code":"46", + "des":"This API is used to change the password for a user.URI formatPOST /v3/users/{user_id}/passwordPOST /v3/users/{user_id}/passwordURI parametersParameterMandatoryTypeDescrip", + "doc_type":"api", + "kw":"Changing a Password,User Management,API Reference", + "title":"Changing a Password", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845611.html", + "product_code":"iam", + "code":"47", + "des":"This API is used to modify user information under a domain.URI formatPATCH /v3/users/{user_id}PATCH /v3/users/{user_id}URI parametersParameterMandatoryTypeDescriptionuser", + "doc_type":"api", + "kw":"Modifying User Information,User Management,API Reference", + "title":"Modifying User Information", + "githuburl":"" + }, + { + "uri":"iam_08_0011.html", + "product_code":"iam", + "code":"48", + "des":"This API is provided for the administrator to modify user information.PUT /v3.0/OS-USER/users/{user_id}Status code: 200The request is successful.", + "doc_type":"api", + "kw":"Modifying User Information (Including Email Address and Mobile Number),User Management,API Reference", + "title":"Modifying User Information (Including Email Address and Mobile Number)", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845630.html", + "product_code":"iam", + "code":"49", + "des":"This API is used to delete a user.URI formatDELETE /v3/users/{user_id}DELETE /v3/users/{user_id}URI parametersParameterMandatoryTypeDescriptionuser_idYesStringUser ID.Par", + "doc_type":"api", + "kw":"Deleting a User,User Management,API Reference", + "title":"Deleting a User", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845601.html", + "product_code":"iam", + "code":"50", + "des":"This API is used to delete a user from a user group.URI formatDELETE /v3/groups/{group_id}/users/{user_id}DELETE /v3/groups/{group_id}/users/{user_id}URI parametersParame", + "doc_type":"api", + "kw":"Deleting a User from a User Group,User Management,API Reference", + "title":"Deleting a User from a User Group", + "githuburl":"" + }, + { + "uri":"iam_08_0012.html", + "product_code":"iam", + "code":"51", + "des":"This API is provided for the administrator to query the MFA device information of users.GET /v3.0/OS-MFA/virtual-mfa-devicesStatus code: 200The request is successful.Stat", + "doc_type":"api", + "kw":"Querying MFA Device Information of Users,User Management,API Reference", + "title":"Querying MFA Device Information of Users", + "githuburl":"" + }, + { + "uri":"iam_08_0013.html", + "product_code":"iam", + "code":"52", + "des":"This API can be used by the administrator to query the MFA device information of a specified user or used by a user to query their MFA device information.GET /v3.0/OS-MFA", + "doc_type":"api", + "kw":"Querying the MFA Device Information of a User,User Management,API Reference", + "title":"Querying the MFA Device Information of a User", + "githuburl":"" + }, + { + "uri":"iam_08_0014.html", + "product_code":"iam", + "code":"53", + "des":"This API is provided for the administrator to query the login protection configurations of users.GET /v3.0/OS-USER/login-protectsStatus code: 200The request is successful", + "doc_type":"api", + "kw":"Querying Login Protection Configurations of Users,User Management,API Reference", + "title":"Querying Login Protection Configurations of Users", + "githuburl":"" + }, + { + "uri":"iam_08_0016.html", + "product_code":"iam", + "code":"54", + "des":"This API can be used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration.", + "doc_type":"api", + "kw":"Querying the Login Protection Configuration of a User,User Management,API Reference", + "title":"Querying the Login Protection Configuration of a User", + "githuburl":"" + }, + { + "uri":"iam_08_0019.html", + "product_code":"iam", + "code":"55", + "des":"This API is provided for IAM users to create a virtual MFA device.POST /v3.0/OS-MFA/virtual-mfa-devicesStatus code: 201Status code: 201The request is successful.", + "doc_type":"api", + "kw":"Creating a Virtual MFA Device,User Management,API Reference", + "title":"Creating a Virtual MFA Device", + "githuburl":"" + }, + { + "uri":"iam_08_0020.html", + "product_code":"iam", + "code":"56", + "des":"This API is provided for the administrator to delete their own virtual MFA device.DELETE /v3.0/OS-MFA/virtual-mfa-devicesNoneNone", + "doc_type":"api", + "kw":"Deleting a Virtual MFA Device,User Management,API Reference", + "title":"Deleting a Virtual MFA Device", + "githuburl":"" + }, + { + "uri":"iam_08_0017.html", + "product_code":"iam", + "code":"57", + "des":"This API is provided for IAM users to bind a virtual MFA device.PUT /v3.0/OS-MFA/mfa-devices/bindNoneNone", + "doc_type":"api", + "kw":"Binding a Virtual MFA Device,User Management,API Reference", + "title":"Binding a Virtual MFA Device", + "githuburl":"" + }, + { + "uri":"iam_08_0018.html", + "product_code":"iam", + "code":"58", + "des":"This API is used by the administrator to unbind a virtual MFA device from an IAM user, or used by an IAM user to unbind their own virtual MFA device.PUT /v3.0/OS-MFA/mfa-", + "doc_type":"api", + "kw":"Unbinding a Virtual MFA Device,User Management,API Reference", + "title":"Unbinding a Virtual MFA Device", + "githuburl":"" + }, + { + "uri":"iam_08_0021.html", + "product_code":"iam", + "code":"59", + "des":"This API is provided for the administrator to modify the login protection configuration of a user.PUT /v3.0/OS-USER/users/{user_id}/login-protectStatus code: 200Status co", + "doc_type":"api", + "kw":"Modifying the Login Protection Configuration of a User,User Management,API Reference", + "title":"Modifying the Login Protection Configuration of a User", + "githuburl":"" + }, + { + "uri":"iam_08_0025.html", + "product_code":"iam", + "code":"60", + "des":"This API is used by the administrator to send a welcome email to a user.The welcome email contains a one-time password-free login link, which can be used by the user to s", + "doc_type":"api", + "kw":"Sending a Welcome Email to a User,User Management,API Reference", + "title":"Sending a Welcome Email to a User", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845641.html", + "product_code":"iam", + "code":"61", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"User Group Management", + "title":"User Group Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845602.html", + "product_code":"iam", + "code":"62", + "des":"This API is used to query user group information.URI formatGET /v3/groups{?domain_id,name}GET /v3/groups{?domain_id,name}Query parametersParameterMandatoryTypeDescription", + "doc_type":"api", + "kw":"Listing User Groups,User Group Management,API Reference", + "title":"Listing User Groups", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845618.html", + "product_code":"iam", + "code":"63", + "des":"This API is used to query detailed information about a user group.URI formatGET /v3/groups/{group_id}GET /v3/groups/{group_id}Query parametersParameterMandatoryTypeDescri", + "doc_type":"api", + "kw":"Querying User Group Details,User Group Management,API Reference", + "title":"Querying User Group Details", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845650.html", + "product_code":"iam", + "code":"64", + "des":"This API is used to create a user group.POST /v3/groupsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset", + "doc_type":"api", + "kw":"Creating a User Group,User Group Management,API Reference", + "title":"Creating a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845654.html", + "product_code":"iam", + "code":"65", + "des":"This API is used to add a user to a user group.URI formatPUT /v3/groups/{group_id}/users/{user_id}PUT /v3/groups/{group_id}/users/{user_id}URI parametersParameterMandator", + "doc_type":"api", + "kw":"Adding a User to a User Group,User Group Management,API Reference", + "title":"Adding a User to a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845600.html", + "product_code":"iam", + "code":"66", + "des":"This API is used to update user group information.URI formatPATCH /v3/groups/{group_id}PATCH /v3/groups/{group_id}URI parametersParameterMandatoryTypeDescriptiongroup_idY", + "doc_type":"api", + "kw":"Updating a User Group,User Group Management,API Reference", + "title":"Updating a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845566.html", + "product_code":"iam", + "code":"67", + "des":"This API is used to delete a user group.URI formatDELETE /v3/groups/{group_id}DELETE /v3/groups/{group_id}URI parametersParameterMandatoryTypeDescriptiongroup_idYesString", + "doc_type":"api", + "kw":"Deleting a User Group,User Group Management,API Reference", + "title":"Deleting a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845599.html", + "product_code":"iam", + "code":"68", + "des":"This API is used to query whether a user belongs to a user group.URI formatHEAD /v3/groups/{group_id}/users/{user_id}HEAD /v3/groups/{group_id}/users/{user_id}URI paramet", + "doc_type":"api", + "kw":"Querying Whether a User Belongs to a User Group,User Group Management,API Reference", + "title":"Querying Whether a User Belongs to a User Group", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845579.html", + "product_code":"iam", + "code":"69", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Permission Management", + "title":"Permission Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845591.html", + "product_code":"iam", + "code":"70", + "des":"This API is used to query a role list, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.GET /v3/rolesStatus ", + "doc_type":"api", + "kw":"Querying a Role List,Permission Management,API Reference", + "title":"Querying a Role List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845603.html", + "product_code":"iam", + "code":"71", + "des":"This API is used to query role details, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.URI formatGET /v3/r", + "doc_type":"api", + "kw":"Querying Role Details,Permission Management,API Reference", + "title":"Querying Role Details", + "githuburl":"" + }, + { + "uri":"iam_11_0003.html", + "product_code":"iam", + "code":"72", + "des":"This API is used to query the user groups to which a specified role has been assigned.URI formatGET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.", + "doc_type":"api", + "kw":"Querying Role Assignments,Permission Management,API Reference", + "title":"Querying Role Assignments", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845571.html", + "product_code":"iam", + "code":"73", + "des":"This API is used to query the permissions of a user group under a domain. A role is a set of permissions and represents a group of actions.URI formatGET /v3/domains/{doma", + "doc_type":"api", + "kw":"Querying Permissions of a User Group Under a Domain,Permission Management,API Reference", + "title":"Querying Permissions of a User Group Under a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845640.html", + "product_code":"iam", + "code":"74", + "des":"This API is used to query the permissions of a specified user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI forma", + "doc_type":"api", + "kw":"Querying Permissions of a User Group Corresponding to a Project,Permission Management,API Reference", + "title":"Querying Permissions of a User Group Corresponding to a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845623.html", + "product_code":"iam", + "code":"75", + "des":"This API is used to grant permissions to a user group of a domain. A role is a set of permissions and represents a group of actions.URI formatPUT /v3/domains/{domain_id}/", + "doc_type":"api", + "kw":"Granting Permissions to a User Group of a Domain,Permission Management,API Reference", + "title":"Granting Permissions to a User Group of a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845597.html", + "product_code":"iam", + "code":"76", + "des":"This API is used to grant permissions to a user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI formatPUT /v3/proje", + "doc_type":"api", + "kw":"Granting Permissions to a User Group Corresponding to a Project,Permission Management,API Reference", + "title":"Granting Permissions to a User Group Corresponding to a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845572.html", + "product_code":"iam", + "code":"77", + "des":"This API is used to delete permissions of a user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI formatDELETE /v3/p", + "doc_type":"api", + "kw":"Deleting Permissions of a User Group Corresponding to a Project,Permission Management,API Reference", + "title":"Deleting Permissions of a User Group Corresponding to a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845560.html", + "product_code":"iam", + "code":"78", + "des":"This API is used to delete permissions of a specified user group of a domain. A role is a set of permissions and represents a group of actions.URI formatDELETE /v3/domain", + "doc_type":"api", + "kw":"Deleting Permissions of a User Group of a Domain,Permission Management,API Reference", + "title":"Deleting Permissions of a User Group of a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845632.html", + "product_code":"iam", + "code":"79", + "des":"This API is used to query whether a specified user group under a domain has specific permissions. A role is a set of permissions and represents a group of actions.URI for", + "doc_type":"api", + "kw":"Querying Whether a User Group Under a Domain Has Specific Permissions,Permission Management,API Refe", + "title":"Querying Whether a User Group Under a Domain Has Specific Permissions", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845620.html", + "product_code":"iam", + "code":"80", + "des":"This API is used to query whether a user group corresponding to a project has specific permissions. A role is a set of permissions and represents a group of actions.URI f", + "doc_type":"api", + "kw":"Querying Whether a User Group Corresponding to a Project Has Specific Permissions,Permission Managem", + "title":"Querying Whether a User Group Corresponding to a Project Has Specific Permissions", + "githuburl":"" + }, + { + "uri":"iam_10_0013.html", + "product_code":"iam", + "code":"81", + "des":"This API is provided for the administrator to remove the specified permissions of a user group in all projects.DELETE /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}", + "doc_type":"api", + "kw":"Removing Specified Permissions of a User Group in All Projects,Permission Management,API Reference", + "title":"Removing Specified Permissions of a User Group in All Projects", + "githuburl":"" + }, + { + "uri":"iam_10_0012.html", + "product_code":"iam", + "code":"82", + "des":"This API is provided for the administrator to check whether a user group has specified permissions for all projects.HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_", + "doc_type":"api", + "kw":"Checking Whether a User Group Has Specified Permissions for All Projects,Permission Management,API R", + "title":"Checking Whether a User Group Has Specified Permissions for All Projects", + "githuburl":"" + }, + { + "uri":"iam_10_0011.html", + "product_code":"iam", + "code":"83", + "des":"This API is provided for the administrator to query all permissions that have been assigned to a user group.GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles", + "doc_type":"api", + "kw":"Querying All Permissions of a User Group,Permission Management,API Reference", + "title":"Querying All Permissions of a User Group", + "githuburl":"" + }, + { + "uri":"iam_02_0010.html", + "product_code":"iam", + "code":"84", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Custom Policy Management", + "title":"Custom Policy Management", + "githuburl":"" + }, + { + "uri":"iam_02_0011.html", + "product_code":"iam", + "code":"85", + "des":"This API is provided for the administrator to list all custom policies.The API can be called using both the global endpoint and region-specific endpoints.GET /v3.0/OS-ROL", + "doc_type":"api", + "kw":"Listing Custom Policies,Custom Policy Management,API Reference", + "title":"Listing Custom Policies", + "githuburl":"" + }, + { + "uri":"iam_02_0012.html", + "product_code":"iam", + "code":"86", + "des":"This API is provided for the administrator to query custom policy details.The API can be called using both the global endpoint and region-specific endpoints.GET /v3.0/OS-", + "doc_type":"api", + "kw":"Querying Custom Policy Details,Custom Policy Management,API Reference", + "title":"Querying Custom Policy Details", + "githuburl":"" + }, + { + "uri":"iam_02_0013.html", + "product_code":"iam", + "code":"87", + "des":"This API is provided for the administrator to create a custom policy for cloud services.The API can be called using both the global endpoint and region-specific endpoints", + "doc_type":"api", + "kw":"Creating a Custom Policy for Cloud Services,Custom Policy Management,API Reference", + "title":"Creating a Custom Policy for Cloud Services", + "githuburl":"" + }, + { + "uri":"iam_11_0016.html", + "product_code":"iam", + "code":"88", + "des":"This API is provided for the administrator to create a custom policy.The API can be called using both the global endpoint and region-specific endpoints.POST /v3.0/OS-ROLE", + "doc_type":"api", + "kw":"Creating a Custom Policy,Custom Policy Management,API Reference", + "title":"Creating a Custom Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0014.html", + "product_code":"iam", + "code":"89", + "des":"This API is provided for the administrator to modify a custom policy for cloud services.The API can be called using both the global endpoint and region-specific endpoints", + "doc_type":"api", + "kw":"Modifying a Custom Policy for Cloud Services,Custom Policy Management,API Reference", + "title":"Modifying a Custom Policy for Cloud Services", + "githuburl":"" + }, + { + "uri":"iam_11_0017.html", + "product_code":"iam", + "code":"90", + "des":"This API is provided for the administrator to modify a custom policy.The API can be called using both the global endpoint and region-specific endpoints.PATCH /v3.0/OS-ROL", + "doc_type":"api", + "kw":"Modifying a Custom Policy,Custom Policy Management,API Reference", + "title":"Modifying a Custom Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0015.html", + "product_code":"iam", + "code":"91", + "des":"This API is provided for the administrator to delete a custom policy.The API can be called using both the global endpoint and region-specific endpoints.DELETE /v3.0/OS-RO", + "doc_type":"api", + "kw":"Deleting a Custom Policy,Custom Policy Management,API Reference", + "title":"Deleting a Custom Policy", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467612.html", + "product_code":"iam", + "code":"92", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Agency Management", + "title":"Agency Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467617.html", + "product_code":"iam", + "code":"93", + "des":"This API is used to create an agency.POST /v3.0/OS-AGENCY/agenciesParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringapplication/json;c", + "doc_type":"api", + "kw":"Creating an Agency,Agency Management,API Reference", + "title":"Creating an Agency", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467614.html", + "product_code":"iam", + "code":"94", + "des":"This API is used to query an agency list based on the specified conditions.URI formatGET /v3.0/OS-AGENCY/agencies{?domain_id,name,trust_domain_id}GET /v3.0/OS-AGENCY/agen", + "doc_type":"api", + "kw":"Querying an Agency List Based on the Specified Conditions,Agency Management,API Reference", + "title":"Querying an Agency List Based on the Specified Conditions", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467615.html", + "product_code":"iam", + "code":"95", + "des":"This API is used to obtain the details of a specified agency.URI formatGET /v3.0/OS-AGENCY/agencies/{agency_id}GET /v3.0/OS-AGENCY/agencies/{agency_id}URI parametersParam", + "doc_type":"api", + "kw":"Obtaining Details of a Specified Agency,Agency Management,API Reference", + "title":"Obtaining Details of a Specified Agency", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467623.html", + "product_code":"iam", + "code":"96", + "des":"This API is used to modify agency information, including the trust_domain_id, description, and trust_domain_name parameters.URI formatPUT /v3.0/OS-AGENCY/agencies/{agency", + "doc_type":"api", + "kw":"Modifying an Agency,Agency Management,API Reference", + "title":"Modifying an Agency", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467625.html", + "product_code":"iam", + "code":"97", + "des":"This API is used to delete an agency.After this operation, the delegated party can no longer access the relevant resources. Exercise caution when performing this operatio", + "doc_type":"api", + "kw":"Deleting an Agency,Agency Management,API Reference", + "title":"Deleting an Agency", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467620.html", + "product_code":"iam", + "code":"98", + "des":"This API is used to grant permissions to an agency for a project.URI formatPUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}PUT /v3.0/OS-AGEN", + "doc_type":"api", + "kw":"Granting Permissions to an Agency for a Project,Agency Management,API Reference", + "title":"Granting Permissions to an Agency for a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079578163.html", + "product_code":"iam", + "code":"99", + "des":"This API is used to check whether an agency has the specified permissions on a project.URI formatHEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{ro", + "doc_type":"api", + "kw":"Checking Whether an Agency Has the Specified Permissions on a Project,Agency Management,API Referenc", + "title":"Checking Whether an Agency Has the Specified Permissions on a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079578164.html", + "product_code":"iam", + "code":"100", + "des":"This API is used to query the list of permissions of an agency on a project.URI formatGET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/rolesGET /v3.0/OS-AGE", + "doc_type":"api", + "kw":"Querying the List of Permissions of an Agency on a Project,Agency Management,API Reference", + "title":"Querying the List of Permissions of an Agency on a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467627.html", + "product_code":"iam", + "code":"101", + "des":"This API is used to delete permissions of an agency on a project.URI formatDELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}DELETE /v3.0/O", + "doc_type":"api", + "kw":"Deleting Permissions of an Agency on a Project,Agency Management,API Reference", + "title":"Deleting Permissions of an Agency on a Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467624.html", + "product_code":"iam", + "code":"102", + "des":"This API is used to grant permissions to an agency on a domain.URI formatPUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}PUT /v3.0/OS-AGENCY/d", + "doc_type":"api", + "kw":"Granting Permissions to an Agency on a Domain,Agency Management,API Reference", + "title":"Granting Permissions to an Agency on a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079578165.html", + "product_code":"iam", + "code":"103", + "des":"This API is used to check whether an agency has the specified permissions on a domain.URI formatHEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_", + "doc_type":"api", + "kw":"Checking Whether an Agency Has the Specified Permissions on a Domain,Agency Management,API Reference", + "title":"Checking Whether an Agency Has the Specified Permissions on a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079578166.html", + "product_code":"iam", + "code":"104", + "des":"This API is used to query the list of permissions of an agency on a domain.URI formatGET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/rolesGET /v3.0/OS-AGENCY", + "doc_type":"api", + "kw":"Querying the List of Permissions of an Agency on a Domain,Agency Management,API Reference", + "title":"Querying the List of Permissions of an Agency on a Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0079467622.html", + "product_code":"iam", + "code":"105", + "des":"This API is used to delete permissions of an agency on a domain.URI formatDELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}DELETE /v3.0/OS-A", + "doc_type":"api", + "kw":"Deleting Permissions of an Agency on a Domain,Agency Management,API Reference", + "title":"Deleting Permissions of an Agency on a Domain", + "githuburl":"" + }, + { + "uri":"iam_02_0020.html", + "product_code":"iam", + "code":"106", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Security Settings", + "title":"Security Settings", + "githuburl":"" + }, + { + "uri":"iam_02_0024.html", + "product_code":"iam", + "code":"107", + "des":"This API is used to query the password policy.GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policyStatus code: 200The request is successful.Status code: 403Acc", + "doc_type":"api", + "kw":"Querying the Password Policy,Security Settings,API Reference", + "title":"Querying the Password Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0023.html", + "product_code":"iam", + "code":"108", + "des":"This API is provided for the administrator to modify the password policy.PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policyStatus code: 200The request is suc", + "doc_type":"api", + "kw":"Modifying the Password Policy,Security Settings,API Reference", + "title":"Modifying the Password Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0026.html", + "product_code":"iam", + "code":"109", + "des":"This API is used to query the login authentication policy.GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policyStatus code: 200The request is successful.Status cod", + "doc_type":"api", + "kw":"Querying the Login Authentication Policy,Security Settings,API Reference", + "title":"Querying the Login Authentication Policy", + "githuburl":"" + }, + { + "uri":"iam_02_0025.html", + "product_code":"iam", + "code":"110", + "des":"This API is provided for the administrator to modify the login authentication policy.PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policyStatus code: 200The reque", + "doc_type":"api", + "kw":"Modifying the Login Authentication Policy,Security Settings,API Reference", + "title":"Modifying the Login Authentication Policy", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845573.html", + "product_code":"iam", + "code":"111", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Federated Identity Authentication Management", + "title":"Federated Identity Authentication Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845646.html", + "product_code":"iam", + "code":"112", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Obtaining a Token in Federated Identity Authentication Mode", + "title":"Obtaining a Token in Federated Identity Authentication Mode", + "githuburl":"" + }, + { + "uri":"iam_02_0001.html", + "product_code":"iam", + "code":"113", + "des":"OpenStack and Shibboleth are widely used open-source federated identity authentication solutions. They provide powerful SSO capabilities and connect users to various appl", + "doc_type":"api", + "kw":"SP Initiated,Obtaining a Token in Federated Identity Authentication Mode,API Reference", + "title":"SP Initiated", + "githuburl":"" + }, + { + "uri":"iam_02_0002.html", + "product_code":"iam", + "code":"114", + "des":"This section uses the Client4ShibbolethIdP script as an example to describe how to obtain a federated authentication token in the IdP-initiated mode. The Client4Shibbolet", + "doc_type":"api", + "kw":"IdP Initiated,Obtaining a Token in Federated Identity Authentication Mode,API Reference", + "title":"IdP Initiated", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845605.html", + "product_code":"iam", + "code":"115", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Identity Provider", + "title":"Identity Provider", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845581.html", + "product_code":"iam", + "code":"116", + "des":"This API is used to query the identity provider list.GET /v3/OS-FEDERATION/identity_providersParameters in the request headerParameterMandatoryTypeDescriptionContent-Type", + "doc_type":"api", + "kw":"Querying the Identity Provider List,Identity Provider,API Reference", + "title":"Querying the Identity Provider List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845639.html", + "product_code":"iam", + "code":"117", + "des":"This API is used to query the information about an identity provider.URI formatGET /v3/OS-FEDERATION/identity_providers/{id}GET /v3/OS-FEDERATION/identity_providers/{id}U", + "doc_type":"api", + "kw":"Querying an Identity Provider,Identity Provider,API Reference", + "title":"Querying an Identity Provider", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845606.html", + "product_code":"iam", + "code":"118", + "des":"This API is used to create a SAML identity provider.URI formatPUT /v3/OS-FEDERATION/identity_providers/{id}PUT /v3/OS-FEDERATION/identity_providers/{id}URI parametersPara", + "doc_type":"api", + "kw":"Creating a SAML Identity Provider,Identity Provider,API Reference", + "title":"Creating a SAML Identity Provider", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845612.html", + "product_code":"iam", + "code":"119", + "des":"This API is used to update the information about a SAML identity provider.URI formatPATCH /v3/OS-FEDERATION/identity_providers/{id}PATCH /v3/OS-FEDERATION/identity_provid", + "doc_type":"api", + "kw":"Updating a SAML Identity Provider,Identity Provider,API Reference", + "title":"Updating a SAML Identity Provider", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845570.html", + "product_code":"iam", + "code":"120", + "des":"This API is used to delete a SAML or OpenID Connect identity provider.URI formatDELETE /v3/OS-FEDERATION/identity_providers/{id}DELETE /v3/OS-FEDERATION/identity_provider", + "doc_type":"api", + "kw":"Deleting an Identity Provider,Identity Provider,API Reference", + "title":"Deleting an Identity Provider", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845588.html", + "product_code":"iam", + "code":"121", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Mapping", + "title":"Mapping", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845567.html", + "product_code":"iam", + "code":"122", + "des":"This API is used to query the mapping list.GET /v3/OS-FEDERATION/mappingsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill applic", + "doc_type":"api", + "kw":"Querying the Mapping List,Mapping,API Reference", + "title":"Querying the Mapping List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845645.html", + "product_code":"iam", + "code":"123", + "des":"This API is used to query the information about a mapping.URI formatGET /v3/OS-FEDERATION/mappings/{id}GET /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMandatory", + "doc_type":"api", + "kw":"Querying a Mapping,Mapping,API Reference", + "title":"Querying a Mapping", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845590.html", + "product_code":"iam", + "code":"124", + "des":"This API is used to create a mapping.URI formatPUT /v3/OS-FEDERATION/mappings/{id}PUT /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMandatoryTypeDescriptionidYesS", + "doc_type":"api", + "kw":"Creating a Mapping,Mapping,API Reference", + "title":"Creating a Mapping", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845568.html", + "product_code":"iam", + "code":"125", + "des":"This API is used to update the information about a mapping.URI formatPATCH /v3/OS-FEDERATION/mappings/{id}PATCH /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMand", + "doc_type":"api", + "kw":"Updating a Mapping,Mapping,API Reference", + "title":"Updating a Mapping", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845648.html", + "product_code":"iam", + "code":"126", + "des":"This API is used to delete the information about a mapping.URI formatDELETE /v3/OS-FEDERATION/mappings/{id}DELETE /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMa", + "doc_type":"api", + "kw":"Deleting a Mapping,Mapping,API Reference", + "title":"Deleting a Mapping", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845619.html", + "product_code":"iam", + "code":"127", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Protocol", + "title":"Protocol", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845644.html", + "product_code":"iam", + "code":"128", + "des":"This API is used to query the protocol list.URI formatGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocolsGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protoco", + "doc_type":"api", + "kw":"Querying the Protocol List,Protocol,API Reference", + "title":"Querying the Protocol List", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845616.html", + "product_code":"iam", + "code":"129", + "des":"This API is used to query the information about a protocol.URI formatGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}GET /v3/OS-FEDERATION/identi", + "doc_type":"api", + "kw":"Querying a Protocol,Protocol,API Reference", + "title":"Querying a Protocol", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845575.html", + "product_code":"iam", + "code":"130", + "des":"This API is used to register a protocol, that is, associate a rule with an identity provider.URI formatPUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protoc", + "doc_type":"api", + "kw":"Registering a Protocol,Protocol,API Reference", + "title":"Registering a Protocol", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845609.html", + "product_code":"iam", + "code":"131", + "des":"This API is used to update the information about a protocol.URI formatPATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}PATCH /v3/OS-FEDERATION/i", + "doc_type":"api", + "kw":"Updating a Protocol,Protocol,API Reference", + "title":"Updating a Protocol", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845559.html", + "product_code":"iam", + "code":"132", + "des":"This API is used to delete the information about a protocol.URI formatDELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}DELETE /v3/OS-FEDERATION", + "doc_type":"api", + "kw":"Deleting a Protocol,Protocol,API Reference", + "title":"Deleting a Protocol", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845607.html", + "product_code":"iam", + "code":"133", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Metadata", + "title":"Metadata", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845553.html", + "product_code":"iam", + "code":"134", + "des":"This API is used to query the content of the metadata file imported by an identity provider to the IAM system.URI formatGET /v3-ext/OS-FEDERATION/identity_providers/{idp_", + "doc_type":"api", + "kw":"Querying a Metadata File,Metadata,API Reference", + "title":"Querying a Metadata File", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845577.html", + "product_code":"iam", + "code":"135", + "des":"This API is used to query the metadata file of the keystone.GET /v3-ext/auth/OS-FEDERATION/SSO/metadataParameters in the request headerParameterMandatoryTypeDescriptionun", + "doc_type":"api", + "kw":"Querying the Metadata File of Keystone,Metadata,API Reference", + "title":"Querying the Metadata File of Keystone", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845615.html", + "product_code":"iam", + "code":"136", + "des":"Before using the federated identity authentication function, a metadata file must be imported to the IAM system. This API is used to import a metadata file of a domain.UR", + "doc_type":"api", + "kw":"Importing a Metadata File,Metadata,API Reference", + "title":"Importing a Metadata File", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845565.html", + "product_code":"iam", + "code":"137", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Token", + "title":"Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845629.html", + "product_code":"iam", + "code":"138", + "des":"This API is used to obtain an unscoped token in SP-initiated federated identity authentication mode.An unscoped token cannot be used for authentication. If a federated us", + "doc_type":"api", + "kw":"Obtaining an Unscoped Token (SP Initiated),Token,API Reference", + "title":"Obtaining an Unscoped Token (SP Initiated)", + "githuburl":"" + }, + { + "uri":"iam_02_0003.html", + "product_code":"iam", + "code":"139", + "des":"This API is used to obtain an unscoped token in IdP-initiated federated identity authentication mode.An unscoped token cannot be used for authentication. If a federated u", + "doc_type":"api", + "kw":"Obtaining an Unscoped Token (IdP Initiated),Token,API Reference", + "title":"Obtaining an Unscoped Token (IdP Initiated)", + "githuburl":"" + }, + { + "uri":"iam_13_0604.html", + "product_code":"iam", + "code":"140", + "des":"This API is used to obtain a scoped token through federated identity authentication.POST /v3/auth/tokensStatus code: 201The scoped token is obtained successfully.None", + "doc_type":"api", + "kw":"Obtaining a Scoped Token,Token,API Reference", + "title":"Obtaining a Scoped Token", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845633.html", + "product_code":"iam", + "code":"141", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Domain", + "title":"Domain", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845596.html", + "product_code":"iam", + "code":"142", + "des":"This API is used to query the list of domains accessible to federated users.GET /v3/OS-FEDERATION/domainsParameters in the request headerParameterMandatoryTypeDescription", + "doc_type":"api", + "kw":"Querying the List of Domains Accessible to Federated Users,Domain,API Reference", + "title":"Querying the List of Domains Accessible to Federated Users", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845643.html", + "product_code":"iam", + "code":"143", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Project", + "title":"Project", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845595.html", + "product_code":"iam", + "code":"144", + "des":"This API is used to query the list of projects accessible to federated users. The project list is used to obtain the scoped token in federated identity authentication mod", + "doc_type":"api", + "kw":"Querying the List of Projects Accessible to Federated Users,Project,API Reference", + "title":"Querying the List of Projects Accessible to Federated Users", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845631.html", + "product_code":"iam", + "code":"145", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Version Information Management", + "title":"Version Information Management", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845569.html", + "product_code":"iam", + "code":"146", + "des":"This API is used to obtain the keystone API version information.GET /Example requestResponse parameter descriptionParameterMandatoryTypeDescriptionversionsYesObjectKeysto", + "doc_type":"api", + "kw":"Querying Keystone API Version Information,Version Information Management,API Reference", + "title":"Querying Keystone API Version Information", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845613.html", + "product_code":"iam", + "code":"147", + "des":"This API is used to obtain the information about the keystone API version 3.0.GET /v3Example requestcurl -i -k -X GET https://sample.domain.com/v3Response parameter descr", + "doc_type":"api", + "kw":"Querying Information About Keystone API Version 3.0,Version Information Management,API Reference", + "title":"Querying Information About Keystone API Version 3.0", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845604.html", + "product_code":"iam", + "code":"148", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Services and Endpoints", + "title":"Services and Endpoints", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845587.html", + "product_code":"iam", + "code":"149", + "des":"This API is used to query the service list.URI formatGET /v3/services{?type}GET /v3/services{?type}URI parametersParameterMandatoryTypeDescriptiontypeNoStringService type", + "doc_type":"api", + "kw":"Querying Services,Services and Endpoints,API Reference", + "title":"Querying Services", + "githuburl":"" + }, + { + "uri":"en-us_topic_0067148045.html", + "product_code":"iam", + "code":"150", + "des":"This API is used to query service details.URI formatGET /v3/services/{service_id}GET /v3/services/{service_id}URI parametersParameterMandatoryTypeDescriptionservice_idYes", + "doc_type":"api", + "kw":"Querying Service Details,Services and Endpoints,API Reference", + "title":"Querying Service Details", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845562.html", + "product_code":"iam", + "code":"151", + "des":"This API is used to query the list of terminal addresses and provides a service access entry.URI formatGET /v3/endpoints{?interface, service_id}GET /v3/endpoints{?interfa", + "doc_type":"api", + "kw":"Querying Endpoints,Services and Endpoints,API Reference", + "title":"Querying Endpoints", + "githuburl":"" + }, + { + "uri":"en-us_topic_0067148046.html", + "product_code":"iam", + "code":"152", + "des":"This API is used to query endpoint details.URI formatGET /v3/endpoints/{endpoint_id}GET /v3/endpoints/{endpoint_id}URI parametersParameterMandatoryTypeDescriptionendpoint", + "doc_type":"api", + "kw":"Querying Endpoint Details,Services and Endpoints,API Reference", + "title":"Querying Endpoint Details", + "githuburl":"" + }, + { + "uri":"iam_02_0004.html", + "product_code":"iam", + "code":"153", + "des":"This API is used to query the service catalog corresponding to X-Auth-Token contained in the request.GET /v3/auth/catalogParameters in the request headerParameterMandator", + "doc_type":"api", + "kw":"Querying the Service Catalog,Services and Endpoints,API Reference", + "title":"Querying the Service Catalog", + "githuburl":"" + }, + { + "uri":"iam_19_0004.html", + "product_code":"iam", + "code":"154", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Permissions Policies and Supported Actions", + "title":"Permissions Policies and Supported Actions", + "githuburl":"" + }, + { + "uri":"iam_19_0003.html", + "product_code":"iam", + "code":"155", + "des":"By default, new users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies to these groups. Users inherit permi", + "doc_type":"api", + "kw":"Introduction,Permissions Policies and Supported Actions,API Reference", + "title":"Introduction", + "githuburl":"" + }, + { + "uri":"iam_02_0046.html", + "product_code":"iam", + "code":"156", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Action List,Permissions Policies and Supported Actions,API Reference", + "title":"Action List", + "githuburl":"" + }, + { + "uri":"iam_02_0512.html", + "product_code":"iam", + "code":"157", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Appendix", + "title":"Appendix", + "githuburl":"" + }, + { + "uri":"iam_02_0005.html", + "product_code":"iam", + "code":"158", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Status Codes,Appendix,API Reference", + "title":"Status Codes", + "githuburl":"" + }, + { + "uri":"iam_02_0006.html", + "product_code":"iam", + "code":"159", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Error Codes,Appendix,API Reference", + "title":"Error Codes", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845624.html", + "product_code":"iam", + "code":"160", + "des":"Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for calling certain APIs. Obtain these par", + "doc_type":"api", + "kw":"Obtaining User, Account, User Group, Project, and Agency Information,Appendix,API Reference", + "title":"Obtaining User, Account, User Group, Project, and Agency Information", + "githuburl":"" + }, + { + "uri":"en-us_topic_0057845564.html", + "product_code":"iam", + "code":"161", + "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "doc_type":"api", + "kw":"Change History,API Reference", + "title":"Change History", + "githuburl":"" + } +] \ No newline at end of file diff --git a/docs/iam/api-ref/CLASS.TXT.json b/docs/iam/api-ref/CLASS.TXT.json new file mode 100644 index 00000000..48672a9e --- /dev/null +++ b/docs/iam/api-ref/CLASS.TXT.json @@ -0,0 +1,1451 @@ +[ + { + "desc":"Public cloud APIs comply with the RESTful API design principles. REST-based web services are organized into resources. Each resource is identified by one or more Uniform ", + "product_code":"iam", + "title":"API Usage Guidelines", + "uri":"iam_02_0017.html", + "doc_type":"api", + "p_code":"", + "code":"1" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Calling APIs", + "uri":"iam_02_0000.html", + "doc_type":"api", + "p_code":"", + "code":"2" + }, + { + "desc":"This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token (see Obtaining a User Token) as an example to demonstrate how ", + "product_code":"iam", + "title":"Making an API Request", + "uri":"iam_02_0008.html", + "doc_type":"api", + "p_code":"2", + "code":"3" + }, + { + "desc":"Requests for calling an API can be authenticated using either of the following methods:Token-based authentication: Requests are authenticated using a token.AK/SK-based au", + "product_code":"iam", + "title":"Authentication", + "uri":"iam_02_0510.html", + "doc_type":"api", + "p_code":"2", + "code":"4" + }, + { + "desc":"After sending a request, you will receive a response, including the status code, response header, and response body.A status code is a group of digits, ranging from 1xx t", + "product_code":"iam", + "title":"Response", + "uri":"iam_02_0511.html", + "doc_type":"api", + "p_code":"2", + "code":"5" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"APIs", + "uri":"iam_20_0000.html", + "doc_type":"api", + "p_code":"", + "code":"6" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Token Management", + "uri":"en-us_topic_0057845626.html", + "doc_type":"api", + "p_code":"6", + "code":"7" + }, + { + "desc":"This API is used to obtain a token through username/password authentication. A token is a system object encapsulating the identity and permissions of a user. When calling", + "product_code":"iam", + "title":"Obtaining a User Token", + "uri":"en-us_topic_0057845583.html", + "doc_type":"api", + "p_code":"7", + "code":"8" + }, + { + "desc":"This API is used to obtain an agency token. For example, after a trust relationship is established between A and B, A is the delegating party and B is the delegated party", + "product_code":"iam", + "title":"Obtaining an Agency Token", + "uri":"en-us_topic_0064274720.html", + "doc_type":"api", + "p_code":"7", + "code":"9" + }, + { + "desc":"This API is used to check the validity of a specified token. If the token is valid, detailed information about the token will be returned.GET /v3/auth/tokensParameters in", + "product_code":"iam", + "title":"Verifying a Token and Returning a Valid Token", + "uri":"en-us_topic_0057845585.html", + "doc_type":"api", + "p_code":"7", + "code":"10" + }, + { + "desc":"This API can be used by the administrator to verify the token of a user or used by a user to verify their token. The administrator can only verify the token of a user cre", + "product_code":"iam", + "title":"Verifying a Token", + "uri":"en-us_topic_0057845586.html", + "doc_type":"api", + "p_code":"7", + "code":"11" + }, + { + "desc":"This API is used to delete a token no matter whether the token has expired or not.DELETE /v3/auth/tokensParameters in the request headerParameterMandatoryTypeDescriptionX", + "product_code":"iam", + "title":"Deleting a User Token", + "uri":"iam_02_0063.html", + "doc_type":"api", + "p_code":"7", + "code":"12" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Access Key Management", + "uri":"en-us_topic_0097942776.html", + "doc_type":"api", + "p_code":"6", + "code":"13" + }, + { + "desc":"You can obtain a temporary AK/SK and security token (offline AK/SK) by using a user token, agency token, and federated token. A temporary AK/SK is a token with temporary ", + "product_code":"iam", + "title":"Obtaining a Temporary AK/SK", + "uri":"en-us_topic_0097949518.html", + "doc_type":"api", + "p_code":"13", + "code":"14" + }, + { + "desc":"This API can be used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key for itself.Access keys ", + "product_code":"iam", + "title":"Creating a Permanent Access Key", + "uri":"iam_03_0001.html", + "doc_type":"api", + "p_code":"13", + "code":"15" + }, + { + "desc":"This API can be used by the administrator to list all permanent access key of an IAM user or used by an IAM user to list all of their permanent access keys.The API can be", + "product_code":"iam", + "title":"Listing Permanent Access Keys", + "uri":"iam_03_0003.html", + "doc_type":"api", + "p_code":"13", + "code":"16" + }, + { + "desc":"This API can be used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their permanent access keys.Th", + "product_code":"iam", + "title":"Querying a Permanent Access Key", + "uri":"iam_03_0002.html", + "doc_type":"api", + "p_code":"13", + "code":"17" + }, + { + "desc":"This API can be used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their permanent access keys.", + "product_code":"iam", + "title":"Modifying a Permanent Access Key", + "uri":"iam_03_0004.html", + "doc_type":"api", + "p_code":"13", + "code":"18" + }, + { + "desc":"This API can be used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their permanent access keys.", + "product_code":"iam", + "title":"Deleting a Permanent Access Key", + "uri":"iam_03_0005.html", + "doc_type":"api", + "p_code":"13", + "code":"19" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Region Management", + "uri":"en-us_topic_0067148042.html", + "doc_type":"api", + "p_code":"6", + "code":"20" + }, + { + "desc":"This API is used to query a region list.GET /v3/regionsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset", + "product_code":"iam", + "title":"Querying a Region List", + "uri":"en-us_topic_0067148043.html", + "doc_type":"api", + "p_code":"20", + "code":"21" + }, + { + "desc":"This API is used to query region details.URI formatGET /v3/regions/{region_id}GET /v3/regions/{region_id}URI parametersParameterMandatoryTypeDescriptionregion_idYesString", + "product_code":"iam", + "title":"Querying Region Details", + "uri":"en-us_topic_0067148044.html", + "doc_type":"api", + "p_code":"20", + "code":"22" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Project Management", + "uri":"en-us_topic_0057845642.html", + "doc_type":"api", + "p_code":"6", + "code":"23" + }, + { + "desc":"This API is used to query project information based on the specified criteria.URI formatGET /v3/projects{?domain_id,name,enabled,parent_id,is_domain,page,per_page}GET /v3", + "product_code":"iam", + "title":"Querying Project Information Based on the Specified Criteria", + "uri":"en-us_topic_0057845625.html", + "doc_type":"api", + "p_code":"23", + "code":"24" + }, + { + "desc":"This API is used to query the project list of a specified user.URI formatGET /v3/users/{user_id}/projectsGET /v3/users/{user_id}/projectsURI parametersParameterMandatoryT", + "product_code":"iam", + "title":"Querying a User Project List", + "uri":"en-us_topic_0057845622.html", + "doc_type":"api", + "p_code":"23", + "code":"25" + }, + { + "desc":"This API is used to query the list of projects accessible to users.GET /v3/auth/projectsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesSt", + "product_code":"iam", + "title":"Querying the List of Projects Accessible to Users", + "uri":"en-us_topic_0057845558.html", + "doc_type":"api", + "p_code":"23", + "code":"26" + }, + { + "desc":"This API is used to create a project.POST /v3/projectsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset=", + "product_code":"iam", + "title":"Creating a Project", + "uri":"en-us_topic_0066154565.html", + "doc_type":"api", + "p_code":"23", + "code":"27" + }, + { + "desc":"This API is used to modify project information.URI formatPATCH /v3/projects/{project_id}PATCH /v3/projects/{project_id}URI parametersParameterMandatoryTypeDescriptionproj", + "product_code":"iam", + "title":"Modifying Project Data", + "uri":"en-us_topic_0066154566.html", + "doc_type":"api", + "p_code":"23", + "code":"28" + }, + { + "desc":"This API is used to query detailed information about a project based on the project ID.URI formatGET /v3/projects/{project_id}GET /v3/projects/{project_id}URI parametersP", + "product_code":"iam", + "title":"Querying Information About a Specified Project", + "uri":"en-us_topic_0066154567.html", + "doc_type":"api", + "p_code":"23", + "code":"29" + }, + { + "desc":"This API is used to set the status of a specified project. The project statuses include Normal and Suspended.URI formatPUT /v3-ext/projects/{project_id}PUT /v3-ext/projec", + "product_code":"iam", + "title":"Setting the Status of a Specified Project", + "uri":"en-us_topic_0074171149.html", + "doc_type":"api", + "p_code":"23", + "code":"30" + }, + { + "desc":"This API is used to query details about a specified project, including the project status.URI formatGET /v3-ext/projects/{project_id}GET /v3-ext/projects/{project_id}URI ", + "product_code":"iam", + "title":"Querying Information and Status of a Specified Project", + "uri":"en-us_topic_0079466135.html", + "doc_type":"api", + "p_code":"23", + "code":"31" + }, + { + "desc":"This API is used to delete a project.URI formatDELETE /v3/projects/{project_id}DELETE /v3/projects/{project_id}URI parametersParameterMandatoryTypeDescriptionproject_idYe", + "product_code":"iam", + "title":"Deleting a Project", + "uri":"en-us_topic_0094012960.html", + "doc_type":"api", + "p_code":"23", + "code":"32" + }, + { + "desc":"This API is used to query the quotas of a specified project.URI formatGET /v3.0/OS-QUOTA/projects/{project_id}GET /v3.0/OS-QUOTA/projects/{project_id}URI parametersStatus", + "product_code":"iam", + "title":"Querying the Quotas of a Project", + "uri":"iam_02_0037.html", + "doc_type":"api", + "p_code":"23", + "code":"33" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Tenant Management", + "uri":"en-us_topic_0057845621.html", + "doc_type":"api", + "p_code":"6", + "code":"34" + }, + { + "desc":"This API is used to query the list of domains accessible to users.GET /v3/auth/domainsParameters in the request headerParameterMandatoryTypeDescriptionX-Auth-TokenYesStri", + "product_code":"iam", + "title":"Querying the List of Domains Accessible to Users", + "uri":"en-us_topic_0057845574.html", + "doc_type":"api", + "p_code":"34", + "code":"35" + }, + { + "desc":"This API is used to query the password strength policy, including its regular expression and description.URI formatGET /v3/domains/{domain_id}/config/security_complianceG", + "product_code":"iam", + "title":"Querying the Password Strength Policy", + "uri":"iam_02_0007.html", + "doc_type":"api", + "p_code":"34", + "code":"36" + }, + { + "desc":"This API is used to query the password strength policy by option. The option can be the regular expression and description of the password strength policy.URI formatGET /", + "product_code":"iam", + "title":"Querying the Password Strength Policy by Option", + "uri":"iam_02_0113.html", + "doc_type":"api", + "p_code":"34", + "code":"37" + }, + { + "desc":"This API is used to query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies.URI formatGET /v3.0/OS-QUOTA/domains", + "product_code":"iam", + "title":"Querying a Resource Quota", + "uri":"iam_02_0114.html", + "doc_type":"api", + "p_code":"34", + "code":"38" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"User Management", + "uri":"en-us_topic_0057845593.html", + "doc_type":"api", + "p_code":"6", + "code":"39" + }, + { + "desc":"This API is used to query a user list.URI formatGET /v3/usersGET /v3/usersURI parametersParameterMandatoryTypeDescriptiondomain_idNoStringID of the domain that a user bel", + "product_code":"iam", + "title":"Querying a User List", + "uri":"en-us_topic_0057845638.html", + "doc_type":"api", + "p_code":"39", + "code":"40" + }, + { + "desc":"This API is used to query detailed information about a specified user.URI formatGET /v3/users/{user_id}GET /v3/users/{user_id}URI parametersParameterMandatoryTypeDescript", + "product_code":"iam", + "title":"Querying User Details", + "uri":"en-us_topic_0057845652.html", + "doc_type":"api", + "p_code":"39", + "code":"41" + }, + { + "desc":"This API can be used by the administrator to query the details about a specified user or used by a user to query their details.GET /v3.0/OS-USER/users/{user_id}Status cod", + "product_code":"iam", + "title":"Querying User Details (Recommended)", + "uri":"iam_08_0004.html", + "doc_type":"api", + "p_code":"39", + "code":"42" + }, + { + "desc":"This API is used to query the information about the user group to which a specified user belongs.URI formatGET /v3/users/{user_id}/groupsGET /v3/users/{user_id}/groupsURI", + "product_code":"iam", + "title":"Querying the User Group to Which a User Belongs", + "uri":"en-us_topic_0057845554.html", + "doc_type":"api", + "p_code":"39", + "code":"43" + }, + { + "desc":"This API is used to query users in a user group.URI formatGET /v3/groups/{group_id}/usersGET /v3/groups/{group_id}/usersURI parametersParameterMandatoryTypeDescriptiongro", + "product_code":"iam", + "title":"Querying Users in a User Group", + "uri":"en-us_topic_0057845561.html", + "doc_type":"api", + "p_code":"39", + "code":"44" + }, + { + "desc":"This API is used to create a user under a domain.POST /v3/usersParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json", + "product_code":"iam", + "title":"Creating a User", + "uri":"en-us_topic_0057845637.html", + "doc_type":"api", + "p_code":"39", + "code":"45" + }, + { + "desc":"This API is used to change the password for a user.URI formatPOST /v3/users/{user_id}/passwordPOST /v3/users/{user_id}/passwordURI parametersParameterMandatoryTypeDescrip", + "product_code":"iam", + "title":"Changing a Password", + "uri":"en-us_topic_0057845653.html", + "doc_type":"api", + "p_code":"39", + "code":"46" + }, + { + "desc":"This API is used to modify user information under a domain.URI formatPATCH /v3/users/{user_id}PATCH /v3/users/{user_id}URI parametersParameterMandatoryTypeDescriptionuser", + "product_code":"iam", + "title":"Modifying User Information", + "uri":"en-us_topic_0057845611.html", + "doc_type":"api", + "p_code":"39", + "code":"47" + }, + { + "desc":"This API is provided for the administrator to modify user information.PUT /v3.0/OS-USER/users/{user_id}Status code: 200The request is successful.", + "product_code":"iam", + "title":"Modifying User Information (Including Email Address and Mobile Number)", + "uri":"iam_08_0011.html", + "doc_type":"api", + "p_code":"39", + "code":"48" + }, + { + "desc":"This API is used to delete a user.URI formatDELETE /v3/users/{user_id}DELETE /v3/users/{user_id}URI parametersParameterMandatoryTypeDescriptionuser_idYesStringUser ID.Par", + "product_code":"iam", + "title":"Deleting a User", + "uri":"en-us_topic_0057845630.html", + "doc_type":"api", + "p_code":"39", + "code":"49" + }, + { + "desc":"This API is used to delete a user from a user group.URI formatDELETE /v3/groups/{group_id}/users/{user_id}DELETE /v3/groups/{group_id}/users/{user_id}URI parametersParame", + "product_code":"iam", + "title":"Deleting a User from a User Group", + "uri":"en-us_topic_0057845601.html", + "doc_type":"api", + "p_code":"39", + "code":"50" + }, + { + "desc":"This API is provided for the administrator to query the MFA device information of users.GET /v3.0/OS-MFA/virtual-mfa-devicesStatus code: 200The request is successful.Stat", + "product_code":"iam", + "title":"Querying MFA Device Information of Users", + "uri":"iam_08_0012.html", + "doc_type":"api", + "p_code":"39", + "code":"51" + }, + { + "desc":"This API can be used by the administrator to query the MFA device information of a specified user or used by a user to query their MFA device information.GET /v3.0/OS-MFA", + "product_code":"iam", + "title":"Querying the MFA Device Information of a User", + "uri":"iam_08_0013.html", + "doc_type":"api", + "p_code":"39", + "code":"52" + }, + { + "desc":"This API is provided for the administrator to query the login protection configurations of users.GET /v3.0/OS-USER/login-protectsStatus code: 200The request is successful", + "product_code":"iam", + "title":"Querying Login Protection Configurations of Users", + "uri":"iam_08_0014.html", + "doc_type":"api", + "p_code":"39", + "code":"53" + }, + { + "desc":"This API can be used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration.", + "product_code":"iam", + "title":"Querying the Login Protection Configuration of a User", + "uri":"iam_08_0016.html", + "doc_type":"api", + "p_code":"39", + "code":"54" + }, + { + "desc":"This API is provided for IAM users to create a virtual MFA device.POST /v3.0/OS-MFA/virtual-mfa-devicesStatus code: 201Status code: 201The request is successful.", + "product_code":"iam", + "title":"Creating a Virtual MFA Device", + "uri":"iam_08_0019.html", + "doc_type":"api", + "p_code":"39", + "code":"55" + }, + { + "desc":"This API is provided for the administrator to delete their own virtual MFA device.DELETE /v3.0/OS-MFA/virtual-mfa-devicesNoneNone", + "product_code":"iam", + "title":"Deleting a Virtual MFA Device", + "uri":"iam_08_0020.html", + "doc_type":"api", + "p_code":"39", + "code":"56" + }, + { + "desc":"This API is provided for IAM users to bind a virtual MFA device.PUT /v3.0/OS-MFA/mfa-devices/bindNoneNone", + "product_code":"iam", + "title":"Binding a Virtual MFA Device", + "uri":"iam_08_0017.html", + "doc_type":"api", + "p_code":"39", + "code":"57" + }, + { + "desc":"This API is used by the administrator to unbind a virtual MFA device from an IAM user, or used by an IAM user to unbind their own virtual MFA device.PUT /v3.0/OS-MFA/mfa-", + "product_code":"iam", + "title":"Unbinding a Virtual MFA Device", + "uri":"iam_08_0018.html", + "doc_type":"api", + "p_code":"39", + "code":"58" + }, + { + "desc":"This API is provided for the administrator to modify the login protection configuration of a user.PUT /v3.0/OS-USER/users/{user_id}/login-protectStatus code: 200Status co", + "product_code":"iam", + "title":"Modifying the Login Protection Configuration of a User", + "uri":"iam_08_0021.html", + "doc_type":"api", + "p_code":"39", + "code":"59" + }, + { + "desc":"This API is used by the administrator to send a welcome email to a user.The welcome email contains a one-time password-free login link, which can be used by the user to s", + "product_code":"iam", + "title":"Sending a Welcome Email to a User", + "uri":"iam_08_0025.html", + "doc_type":"api", + "p_code":"39", + "code":"60" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"User Group Management", + "uri":"en-us_topic_0057845641.html", + "doc_type":"api", + "p_code":"6", + "code":"61" + }, + { + "desc":"This API is used to query user group information.URI formatGET /v3/groups{?domain_id,name}GET /v3/groups{?domain_id,name}Query parametersParameterMandatoryTypeDescription", + "product_code":"iam", + "title":"Listing User Groups", + "uri":"en-us_topic_0057845602.html", + "doc_type":"api", + "p_code":"61", + "code":"62" + }, + { + "desc":"This API is used to query detailed information about a user group.URI formatGET /v3/groups/{group_id}GET /v3/groups/{group_id}Query parametersParameterMandatoryTypeDescri", + "product_code":"iam", + "title":"Querying User Group Details", + "uri":"en-us_topic_0057845618.html", + "doc_type":"api", + "p_code":"61", + "code":"63" + }, + { + "desc":"This API is used to create a user group.POST /v3/groupsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill application/json;charset", + "product_code":"iam", + "title":"Creating a User Group", + "uri":"en-us_topic_0057845650.html", + "doc_type":"api", + "p_code":"61", + "code":"64" + }, + { + "desc":"This API is used to add a user to a user group.URI formatPUT /v3/groups/{group_id}/users/{user_id}PUT /v3/groups/{group_id}/users/{user_id}URI parametersParameterMandator", + "product_code":"iam", + "title":"Adding a User to a User Group", + "uri":"en-us_topic_0057845654.html", + "doc_type":"api", + "p_code":"61", + "code":"65" + }, + { + "desc":"This API is used to update user group information.URI formatPATCH /v3/groups/{group_id}PATCH /v3/groups/{group_id}URI parametersParameterMandatoryTypeDescriptiongroup_idY", + "product_code":"iam", + "title":"Updating a User Group", + "uri":"en-us_topic_0057845600.html", + "doc_type":"api", + "p_code":"61", + "code":"66" + }, + { + "desc":"This API is used to delete a user group.URI formatDELETE /v3/groups/{group_id}DELETE /v3/groups/{group_id}URI parametersParameterMandatoryTypeDescriptiongroup_idYesString", + "product_code":"iam", + "title":"Deleting a User Group", + "uri":"en-us_topic_0057845566.html", + "doc_type":"api", + "p_code":"61", + "code":"67" + }, + { + "desc":"This API is used to query whether a user belongs to a user group.URI formatHEAD /v3/groups/{group_id}/users/{user_id}HEAD /v3/groups/{group_id}/users/{user_id}URI paramet", + "product_code":"iam", + "title":"Querying Whether a User Belongs to a User Group", + "uri":"en-us_topic_0057845599.html", + "doc_type":"api", + "p_code":"61", + "code":"68" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Permission Management", + "uri":"en-us_topic_0057845579.html", + "doc_type":"api", + "p_code":"6", + "code":"69" + }, + { + "desc":"This API is used to query a role list, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.GET /v3/rolesStatus ", + "product_code":"iam", + "title":"Querying a Role List", + "uri":"en-us_topic_0057845591.html", + "doc_type":"api", + "p_code":"69", + "code":"70" + }, + { + "desc":"This API is used to query role details, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.URI formatGET /v3/r", + "product_code":"iam", + "title":"Querying Role Details", + "uri":"en-us_topic_0057845603.html", + "doc_type":"api", + "p_code":"69", + "code":"71" + }, + { + "desc":"This API is used to query the user groups to which a specified role has been assigned.URI formatGET /v3/role_assignments{?role.id,user.id,group.id,scope.project.id,scope.", + "product_code":"iam", + "title":"Querying Role Assignments", + "uri":"iam_11_0003.html", + "doc_type":"api", + "p_code":"69", + "code":"72" + }, + { + "desc":"This API is used to query the permissions of a user group under a domain. A role is a set of permissions and represents a group of actions.URI formatGET /v3/domains/{doma", + "product_code":"iam", + "title":"Querying Permissions of a User Group Under a Domain", + "uri":"en-us_topic_0057845571.html", + "doc_type":"api", + "p_code":"69", + "code":"73" + }, + { + "desc":"This API is used to query the permissions of a specified user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI forma", + "product_code":"iam", + "title":"Querying Permissions of a User Group Corresponding to a Project", + "uri":"en-us_topic_0057845640.html", + "doc_type":"api", + "p_code":"69", + "code":"74" + }, + { + "desc":"This API is used to grant permissions to a user group of a domain. A role is a set of permissions and represents a group of actions.URI formatPUT /v3/domains/{domain_id}/", + "product_code":"iam", + "title":"Granting Permissions to a User Group of a Domain", + "uri":"en-us_topic_0057845623.html", + "doc_type":"api", + "p_code":"69", + "code":"75" + }, + { + "desc":"This API is used to grant permissions to a user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI formatPUT /v3/proje", + "product_code":"iam", + "title":"Granting Permissions to a User Group Corresponding to a Project", + "uri":"en-us_topic_0057845597.html", + "doc_type":"api", + "p_code":"69", + "code":"76" + }, + { + "desc":"This API is used to delete permissions of a user group corresponding to a project. A role is a set of permissions and represents a group of actions.URI formatDELETE /v3/p", + "product_code":"iam", + "title":"Deleting Permissions of a User Group Corresponding to a Project", + "uri":"en-us_topic_0057845572.html", + "doc_type":"api", + "p_code":"69", + "code":"77" + }, + { + "desc":"This API is used to delete permissions of a specified user group of a domain. A role is a set of permissions and represents a group of actions.URI formatDELETE /v3/domain", + "product_code":"iam", + "title":"Deleting Permissions of a User Group of a Domain", + "uri":"en-us_topic_0057845560.html", + "doc_type":"api", + "p_code":"69", + "code":"78" + }, + { + "desc":"This API is used to query whether a specified user group under a domain has specific permissions. A role is a set of permissions and represents a group of actions.URI for", + "product_code":"iam", + "title":"Querying Whether a User Group Under a Domain Has Specific Permissions", + "uri":"en-us_topic_0057845632.html", + "doc_type":"api", + "p_code":"69", + "code":"79" + }, + { + "desc":"This API is used to query whether a user group corresponding to a project has specific permissions. A role is a set of permissions and represents a group of actions.URI f", + "product_code":"iam", + "title":"Querying Whether a User Group Corresponding to a Project Has Specific Permissions", + "uri":"en-us_topic_0057845620.html", + "doc_type":"api", + "p_code":"69", + "code":"80" + }, + { + "desc":"This API is provided for the administrator to remove the specified permissions of a user group in all projects.DELETE /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}", + "product_code":"iam", + "title":"Removing Specified Permissions of a User Group in All Projects", + "uri":"iam_10_0013.html", + "doc_type":"api", + "p_code":"69", + "code":"81" + }, + { + "desc":"This API is provided for the administrator to check whether a user group has specified permissions for all projects.HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_", + "product_code":"iam", + "title":"Checking Whether a User Group Has Specified Permissions for All Projects", + "uri":"iam_10_0012.html", + "doc_type":"api", + "p_code":"69", + "code":"82" + }, + { + "desc":"This API is provided for the administrator to query all permissions that have been assigned to a user group.GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles", + "product_code":"iam", + "title":"Querying All Permissions of a User Group", + "uri":"iam_10_0011.html", + "doc_type":"api", + "p_code":"69", + "code":"83" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Custom Policy Management", + "uri":"iam_02_0010.html", + "doc_type":"api", + "p_code":"6", + "code":"84" + }, + { + "desc":"This API is provided for the administrator to list all custom policies.The API can be called using both the global endpoint and region-specific endpoints.GET /v3.0/OS-ROL", + "product_code":"iam", + "title":"Listing Custom Policies", + "uri":"iam_02_0011.html", + "doc_type":"api", + "p_code":"84", + "code":"85" + }, + { + "desc":"This API is provided for the administrator to query custom policy details.The API can be called using both the global endpoint and region-specific endpoints.GET /v3.0/OS-", + "product_code":"iam", + "title":"Querying Custom Policy Details", + "uri":"iam_02_0012.html", + "doc_type":"api", + "p_code":"84", + "code":"86" + }, + { + "desc":"This API is provided for the administrator to create a custom policy for cloud services.The API can be called using both the global endpoint and region-specific endpoints", + "product_code":"iam", + "title":"Creating a Custom Policy for Cloud Services", + "uri":"iam_02_0013.html", + "doc_type":"api", + "p_code":"84", + "code":"87" + }, + { + "desc":"This API is provided for the administrator to create a custom policy.The API can be called using both the global endpoint and region-specific endpoints.POST /v3.0/OS-ROLE", + "product_code":"iam", + "title":"Creating a Custom Policy", + "uri":"iam_11_0016.html", + "doc_type":"api", + "p_code":"84", + "code":"88" + }, + { + "desc":"This API is provided for the administrator to modify a custom policy for cloud services.The API can be called using both the global endpoint and region-specific endpoints", + "product_code":"iam", + "title":"Modifying a Custom Policy for Cloud Services", + "uri":"iam_02_0014.html", + "doc_type":"api", + "p_code":"84", + "code":"89" + }, + { + "desc":"This API is provided for the administrator to modify a custom policy.The API can be called using both the global endpoint and region-specific endpoints.PATCH /v3.0/OS-ROL", + "product_code":"iam", + "title":"Modifying a Custom Policy", + "uri":"iam_11_0017.html", + "doc_type":"api", + "p_code":"84", + "code":"90" + }, + { + "desc":"This API is provided for the administrator to delete a custom policy.The API can be called using both the global endpoint and region-specific endpoints.DELETE /v3.0/OS-RO", + "product_code":"iam", + "title":"Deleting a Custom Policy", + "uri":"iam_02_0015.html", + "doc_type":"api", + "p_code":"84", + "code":"91" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Agency Management", + "uri":"en-us_topic_0079467612.html", + "doc_type":"api", + "p_code":"6", + "code":"92" + }, + { + "desc":"This API is used to create an agency.POST /v3.0/OS-AGENCY/agenciesParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringapplication/json;c", + "product_code":"iam", + "title":"Creating an Agency", + "uri":"en-us_topic_0079467617.html", + "doc_type":"api", + "p_code":"92", + "code":"93" + }, + { + "desc":"This API is used to query an agency list based on the specified conditions.URI formatGET /v3.0/OS-AGENCY/agencies{?domain_id,name,trust_domain_id}GET /v3.0/OS-AGENCY/agen", + "product_code":"iam", + "title":"Querying an Agency List Based on the Specified Conditions", + "uri":"en-us_topic_0079467614.html", + "doc_type":"api", + "p_code":"92", + "code":"94" + }, + { + "desc":"This API is used to obtain the details of a specified agency.URI formatGET /v3.0/OS-AGENCY/agencies/{agency_id}GET /v3.0/OS-AGENCY/agencies/{agency_id}URI parametersParam", + "product_code":"iam", + "title":"Obtaining Details of a Specified Agency", + "uri":"en-us_topic_0079467615.html", + "doc_type":"api", + "p_code":"92", + "code":"95" + }, + { + "desc":"This API is used to modify agency information, including the trust_domain_id, description, and trust_domain_name parameters.URI formatPUT /v3.0/OS-AGENCY/agencies/{agency", + "product_code":"iam", + "title":"Modifying an Agency", + "uri":"en-us_topic_0079467623.html", + "doc_type":"api", + "p_code":"92", + "code":"96" + }, + { + "desc":"This API is used to delete an agency.After this operation, the delegated party can no longer access the relevant resources. Exercise caution when performing this operatio", + "product_code":"iam", + "title":"Deleting an Agency", + "uri":"en-us_topic_0079467625.html", + "doc_type":"api", + "p_code":"92", + "code":"97" + }, + { + "desc":"This API is used to grant permissions to an agency for a project.URI formatPUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}PUT /v3.0/OS-AGEN", + "product_code":"iam", + "title":"Granting Permissions to an Agency for a Project", + "uri":"en-us_topic_0079467620.html", + "doc_type":"api", + "p_code":"92", + "code":"98" + }, + { + "desc":"This API is used to check whether an agency has the specified permissions on a project.URI formatHEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{ro", + "product_code":"iam", + "title":"Checking Whether an Agency Has the Specified Permissions on a Project", + "uri":"en-us_topic_0079578163.html", + "doc_type":"api", + "p_code":"92", + "code":"99" + }, + { + "desc":"This API is used to query the list of permissions of an agency on a project.URI formatGET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/rolesGET /v3.0/OS-AGE", + "product_code":"iam", + "title":"Querying the List of Permissions of an Agency on a Project", + "uri":"en-us_topic_0079578164.html", + "doc_type":"api", + "p_code":"92", + "code":"100" + }, + { + "desc":"This API is used to delete permissions of an agency on a project.URI formatDELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}DELETE /v3.0/O", + "product_code":"iam", + "title":"Deleting Permissions of an Agency on a Project", + "uri":"en-us_topic_0079467627.html", + "doc_type":"api", + "p_code":"92", + "code":"101" + }, + { + "desc":"This API is used to grant permissions to an agency on a domain.URI formatPUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}PUT /v3.0/OS-AGENCY/d", + "product_code":"iam", + "title":"Granting Permissions to an Agency on a Domain", + "uri":"en-us_topic_0079467624.html", + "doc_type":"api", + "p_code":"92", + "code":"102" + }, + { + "desc":"This API is used to check whether an agency has the specified permissions on a domain.URI formatHEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_", + "product_code":"iam", + "title":"Checking Whether an Agency Has the Specified Permissions on a Domain", + "uri":"en-us_topic_0079578165.html", + "doc_type":"api", + "p_code":"92", + "code":"103" + }, + { + "desc":"This API is used to query the list of permissions of an agency on a domain.URI formatGET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/rolesGET /v3.0/OS-AGENCY", + "product_code":"iam", + "title":"Querying the List of Permissions of an Agency on a Domain", + "uri":"en-us_topic_0079578166.html", + "doc_type":"api", + "p_code":"92", + "code":"104" + }, + { + "desc":"This API is used to delete permissions of an agency on a domain.URI formatDELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}DELETE /v3.0/OS-A", + "product_code":"iam", + "title":"Deleting Permissions of an Agency on a Domain", + "uri":"en-us_topic_0079467622.html", + "doc_type":"api", + "p_code":"92", + "code":"105" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Security Settings", + "uri":"iam_02_0020.html", + "doc_type":"api", + "p_code":"6", + "code":"106" + }, + { + "desc":"This API is used to query the password policy.GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policyStatus code: 200The request is successful.Status code: 403Acc", + "product_code":"iam", + "title":"Querying the Password Policy", + "uri":"iam_02_0024.html", + "doc_type":"api", + "p_code":"106", + "code":"107" + }, + { + "desc":"This API is provided for the administrator to modify the password policy.PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policyStatus code: 200The request is suc", + "product_code":"iam", + "title":"Modifying the Password Policy", + "uri":"iam_02_0023.html", + "doc_type":"api", + "p_code":"106", + "code":"108" + }, + { + "desc":"This API is used to query the login authentication policy.GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policyStatus code: 200The request is successful.Status cod", + "product_code":"iam", + "title":"Querying the Login Authentication Policy", + "uri":"iam_02_0026.html", + "doc_type":"api", + "p_code":"106", + "code":"109" + }, + { + "desc":"This API is provided for the administrator to modify the login authentication policy.PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policyStatus code: 200The reque", + "product_code":"iam", + "title":"Modifying the Login Authentication Policy", + "uri":"iam_02_0025.html", + "doc_type":"api", + "p_code":"106", + "code":"110" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Federated Identity Authentication Management", + "uri":"en-us_topic_0057845573.html", + "doc_type":"api", + "p_code":"6", + "code":"111" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Obtaining a Token in Federated Identity Authentication Mode", + "uri":"en-us_topic_0057845646.html", + "doc_type":"api", + "p_code":"111", + "code":"112" + }, + { + "desc":"OpenStack and Shibboleth are widely used open-source federated identity authentication solutions. They provide powerful SSO capabilities and connect users to various appl", + "product_code":"iam", + "title":"SP Initiated", + "uri":"iam_02_0001.html", + "doc_type":"api", + "p_code":"112", + "code":"113" + }, + { + "desc":"This section uses the Client4ShibbolethIdP script as an example to describe how to obtain a federated authentication token in the IdP-initiated mode. The Client4Shibbolet", + "product_code":"iam", + "title":"IdP Initiated", + "uri":"iam_02_0002.html", + "doc_type":"api", + "p_code":"112", + "code":"114" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Identity Provider", + "uri":"en-us_topic_0057845605.html", + "doc_type":"api", + "p_code":"111", + "code":"115" + }, + { + "desc":"This API is used to query the identity provider list.GET /v3/OS-FEDERATION/identity_providersParameters in the request headerParameterMandatoryTypeDescriptionContent-Type", + "product_code":"iam", + "title":"Querying the Identity Provider List", + "uri":"en-us_topic_0057845581.html", + "doc_type":"api", + "p_code":"115", + "code":"116" + }, + { + "desc":"This API is used to query the information about an identity provider.URI formatGET /v3/OS-FEDERATION/identity_providers/{id}GET /v3/OS-FEDERATION/identity_providers/{id}U", + "product_code":"iam", + "title":"Querying an Identity Provider", + "uri":"en-us_topic_0057845639.html", + "doc_type":"api", + "p_code":"115", + "code":"117" + }, + { + "desc":"This API is used to create a SAML identity provider.URI formatPUT /v3/OS-FEDERATION/identity_providers/{id}PUT /v3/OS-FEDERATION/identity_providers/{id}URI parametersPara", + "product_code":"iam", + "title":"Creating a SAML Identity Provider", + "uri":"en-us_topic_0057845606.html", + "doc_type":"api", + "p_code":"115", + "code":"118" + }, + { + "desc":"This API is used to update the information about a SAML identity provider.URI formatPATCH /v3/OS-FEDERATION/identity_providers/{id}PATCH /v3/OS-FEDERATION/identity_provid", + "product_code":"iam", + "title":"Updating a SAML Identity Provider", + "uri":"en-us_topic_0057845612.html", + "doc_type":"api", + "p_code":"115", + "code":"119" + }, + { + "desc":"This API is used to delete a SAML or OpenID Connect identity provider.URI formatDELETE /v3/OS-FEDERATION/identity_providers/{id}DELETE /v3/OS-FEDERATION/identity_provider", + "product_code":"iam", + "title":"Deleting an Identity Provider", + "uri":"en-us_topic_0057845570.html", + "doc_type":"api", + "p_code":"115", + "code":"120" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Mapping", + "uri":"en-us_topic_0057845588.html", + "doc_type":"api", + "p_code":"111", + "code":"121" + }, + { + "desc":"This API is used to query the mapping list.GET /v3/OS-FEDERATION/mappingsParameters in the request headerParameterMandatoryTypeDescriptionContent-TypeYesStringFill applic", + "product_code":"iam", + "title":"Querying the Mapping List", + "uri":"en-us_topic_0057845567.html", + "doc_type":"api", + "p_code":"121", + "code":"122" + }, + { + "desc":"This API is used to query the information about a mapping.URI formatGET /v3/OS-FEDERATION/mappings/{id}GET /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMandatory", + "product_code":"iam", + "title":"Querying a Mapping", + "uri":"en-us_topic_0057845645.html", + "doc_type":"api", + "p_code":"121", + "code":"123" + }, + { + "desc":"This API is used to create a mapping.URI formatPUT /v3/OS-FEDERATION/mappings/{id}PUT /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMandatoryTypeDescriptionidYesS", + "product_code":"iam", + "title":"Creating a Mapping", + "uri":"en-us_topic_0057845590.html", + "doc_type":"api", + "p_code":"121", + "code":"124" + }, + { + "desc":"This API is used to update the information about a mapping.URI formatPATCH /v3/OS-FEDERATION/mappings/{id}PATCH /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMand", + "product_code":"iam", + "title":"Updating a Mapping", + "uri":"en-us_topic_0057845568.html", + "doc_type":"api", + "p_code":"121", + "code":"125" + }, + { + "desc":"This API is used to delete the information about a mapping.URI formatDELETE /v3/OS-FEDERATION/mappings/{id}DELETE /v3/OS-FEDERATION/mappings/{id}URI parametersParameterMa", + "product_code":"iam", + "title":"Deleting a Mapping", + "uri":"en-us_topic_0057845648.html", + "doc_type":"api", + "p_code":"121", + "code":"126" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Protocol", + "uri":"en-us_topic_0057845619.html", + "doc_type":"api", + "p_code":"111", + "code":"127" + }, + { + "desc":"This API is used to query the protocol list.URI formatGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocolsGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protoco", + "product_code":"iam", + "title":"Querying the Protocol List", + "uri":"en-us_topic_0057845644.html", + "doc_type":"api", + "p_code":"127", + "code":"128" + }, + { + "desc":"This API is used to query the information about a protocol.URI formatGET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}GET /v3/OS-FEDERATION/identi", + "product_code":"iam", + "title":"Querying a Protocol", + "uri":"en-us_topic_0057845616.html", + "doc_type":"api", + "p_code":"127", + "code":"129" + }, + { + "desc":"This API is used to register a protocol, that is, associate a rule with an identity provider.URI formatPUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protoc", + "product_code":"iam", + "title":"Registering a Protocol", + "uri":"en-us_topic_0057845575.html", + "doc_type":"api", + "p_code":"127", + "code":"130" + }, + { + "desc":"This API is used to update the information about a protocol.URI formatPATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}PATCH /v3/OS-FEDERATION/i", + "product_code":"iam", + "title":"Updating a Protocol", + "uri":"en-us_topic_0057845609.html", + "doc_type":"api", + "p_code":"127", + "code":"131" + }, + { + "desc":"This API is used to delete the information about a protocol.URI formatDELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}DELETE /v3/OS-FEDERATION", + "product_code":"iam", + "title":"Deleting a Protocol", + "uri":"en-us_topic_0057845559.html", + "doc_type":"api", + "p_code":"127", + "code":"132" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Metadata", + "uri":"en-us_topic_0057845607.html", + "doc_type":"api", + "p_code":"111", + "code":"133" + }, + { + "desc":"This API is used to query the content of the metadata file imported by an identity provider to the IAM system.URI formatGET /v3-ext/OS-FEDERATION/identity_providers/{idp_", + "product_code":"iam", + "title":"Querying a Metadata File", + "uri":"en-us_topic_0057845553.html", + "doc_type":"api", + "p_code":"133", + "code":"134" + }, + { + "desc":"This API is used to query the metadata file of the keystone.GET /v3-ext/auth/OS-FEDERATION/SSO/metadataParameters in the request headerParameterMandatoryTypeDescriptionun", + "product_code":"iam", + "title":"Querying the Metadata File of Keystone", + "uri":"en-us_topic_0057845577.html", + "doc_type":"api", + "p_code":"133", + "code":"135" + }, + { + "desc":"Before using the federated identity authentication function, a metadata file must be imported to the IAM system. This API is used to import a metadata file of a domain.UR", + "product_code":"iam", + "title":"Importing a Metadata File", + "uri":"en-us_topic_0057845615.html", + "doc_type":"api", + "p_code":"133", + "code":"136" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Token", + "uri":"en-us_topic_0057845565.html", + "doc_type":"api", + "p_code":"111", + "code":"137" + }, + { + "desc":"This API is used to obtain an unscoped token in SP-initiated federated identity authentication mode.An unscoped token cannot be used for authentication. If a federated us", + "product_code":"iam", + "title":"Obtaining an Unscoped Token (SP Initiated)", + "uri":"en-us_topic_0057845629.html", + "doc_type":"api", + "p_code":"137", + "code":"138" + }, + { + "desc":"This API is used to obtain an unscoped token in IdP-initiated federated identity authentication mode.An unscoped token cannot be used for authentication. If a federated u", + "product_code":"iam", + "title":"Obtaining an Unscoped Token (IdP Initiated)", + "uri":"iam_02_0003.html", + "doc_type":"api", + "p_code":"137", + "code":"139" + }, + { + "desc":"This API is used to obtain a scoped token through federated identity authentication.POST /v3/auth/tokensStatus code: 201The scoped token is obtained successfully.None", + "product_code":"iam", + "title":"Obtaining a Scoped Token", + "uri":"iam_13_0604.html", + "doc_type":"api", + "p_code":"137", + "code":"140" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Domain", + "uri":"en-us_topic_0057845633.html", + "doc_type":"api", + "p_code":"111", + "code":"141" + }, + { + "desc":"This API is used to query the list of domains accessible to federated users.GET /v3/OS-FEDERATION/domainsParameters in the request headerParameterMandatoryTypeDescription", + "product_code":"iam", + "title":"Querying the List of Domains Accessible to Federated Users", + "uri":"en-us_topic_0057845596.html", + "doc_type":"api", + "p_code":"141", + "code":"142" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Project", + "uri":"en-us_topic_0057845643.html", + "doc_type":"api", + "p_code":"111", + "code":"143" + }, + { + "desc":"This API is used to query the list of projects accessible to federated users. The project list is used to obtain the scoped token in federated identity authentication mod", + "product_code":"iam", + "title":"Querying the List of Projects Accessible to Federated Users", + "uri":"en-us_topic_0057845595.html", + "doc_type":"api", + "p_code":"143", + "code":"144" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Version Information Management", + "uri":"en-us_topic_0057845631.html", + "doc_type":"api", + "p_code":"6", + "code":"145" + }, + { + "desc":"This API is used to obtain the keystone API version information.GET /Example requestResponse parameter descriptionParameterMandatoryTypeDescriptionversionsYesObjectKeysto", + "product_code":"iam", + "title":"Querying Keystone API Version Information", + "uri":"en-us_topic_0057845569.html", + "doc_type":"api", + "p_code":"145", + "code":"146" + }, + { + "desc":"This API is used to obtain the information about the keystone API version 3.0.GET /v3Example requestcurl -i -k -X GET https://sample.domain.com/v3Response parameter descr", + "product_code":"iam", + "title":"Querying Information About Keystone API Version 3.0", + "uri":"en-us_topic_0057845613.html", + "doc_type":"api", + "p_code":"145", + "code":"147" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Services and Endpoints", + "uri":"en-us_topic_0057845604.html", + "doc_type":"api", + "p_code":"6", + "code":"148" + }, + { + "desc":"This API is used to query the service list.URI formatGET /v3/services{?type}GET /v3/services{?type}URI parametersParameterMandatoryTypeDescriptiontypeNoStringService type", + "product_code":"iam", + "title":"Querying Services", + "uri":"en-us_topic_0057845587.html", + "doc_type":"api", + "p_code":"148", + "code":"149" + }, + { + "desc":"This API is used to query service details.URI formatGET /v3/services/{service_id}GET /v3/services/{service_id}URI parametersParameterMandatoryTypeDescriptionservice_idYes", + "product_code":"iam", + "title":"Querying Service Details", + "uri":"en-us_topic_0067148045.html", + "doc_type":"api", + "p_code":"148", + "code":"150" + }, + { + "desc":"This API is used to query the list of terminal addresses and provides a service access entry.URI formatGET /v3/endpoints{?interface, service_id}GET /v3/endpoints{?interfa", + "product_code":"iam", + "title":"Querying Endpoints", + "uri":"en-us_topic_0057845562.html", + "doc_type":"api", + "p_code":"148", + "code":"151" + }, + { + "desc":"This API is used to query endpoint details.URI formatGET /v3/endpoints/{endpoint_id}GET /v3/endpoints/{endpoint_id}URI parametersParameterMandatoryTypeDescriptionendpoint", + "product_code":"iam", + "title":"Querying Endpoint Details", + "uri":"en-us_topic_0067148046.html", + "doc_type":"api", + "p_code":"148", + "code":"152" + }, + { + "desc":"This API is used to query the service catalog corresponding to X-Auth-Token contained in the request.GET /v3/auth/catalogParameters in the request headerParameterMandator", + "product_code":"iam", + "title":"Querying the Service Catalog", + "uri":"iam_02_0004.html", + "doc_type":"api", + "p_code":"148", + "code":"153" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Permissions Policies and Supported Actions", + "uri":"iam_19_0004.html", + "doc_type":"api", + "p_code":"", + "code":"154" + }, + { + "desc":"By default, new users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies to these groups. Users inherit permi", + "product_code":"iam", + "title":"Introduction", + "uri":"iam_19_0003.html", + "doc_type":"api", + "p_code":"154", + "code":"155" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Action List", + "uri":"iam_02_0046.html", + "doc_type":"api", + "p_code":"154", + "code":"156" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Appendix", + "uri":"iam_02_0512.html", + "doc_type":"api", + "p_code":"", + "code":"157" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Status Codes", + "uri":"iam_02_0005.html", + "doc_type":"api", + "p_code":"157", + "code":"158" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Error Codes", + "uri":"iam_02_0006.html", + "doc_type":"api", + "p_code":"157", + "code":"159" + }, + { + "desc":"Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for calling certain APIs. Obtain these par", + "product_code":"iam", + "title":"Obtaining User, Account, User Group, Project, and Agency Information", + "uri":"en-us_topic_0057845624.html", + "doc_type":"api", + "p_code":"157", + "code":"160" + }, + { + "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.", + "product_code":"iam", + "title":"Change History", + "uri":"en-us_topic_0057845564.html", + "doc_type":"api", + "p_code":"", + "code":"161" + } +] \ No newline at end of file diff --git a/docs/iam/api-ref/PARAMETERS.txt b/docs/iam/api-ref/PARAMETERS.txt new file mode 100644 index 00000000..6da8d5f0 --- /dev/null +++ b/docs/iam/api-ref/PARAMETERS.txt @@ -0,0 +1,3 @@ +version="" +language="en-us" +type="" \ No newline at end of file diff --git a/docs/iam/api-ref/en-us_image_0000001369235298.png b/docs/iam/api-ref/en-us_image_0000001369235298.png new file mode 100644 index 00000000..df211972 Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001369235298.png differ diff --git a/docs/iam/api-ref/en-us_image_0000001369395034.jpg b/docs/iam/api-ref/en-us_image_0000001369395034.jpg new file mode 100644 index 00000000..058dc45e Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001369395034.jpg differ diff --git a/docs/iam/api-ref/en-us_image_0000001369554958.png b/docs/iam/api-ref/en-us_image_0000001369554958.png new file mode 100644 index 00000000..d4a37a97 Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001369554958.png differ diff --git a/docs/iam/api-ref/en-us_image_0000001369714946.png b/docs/iam/api-ref/en-us_image_0000001369714946.png new file mode 100644 index 00000000..80ad6eb5 Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001369714946.png differ diff --git a/docs/iam/api-ref/en-us_image_0000001419956277.png b/docs/iam/api-ref/en-us_image_0000001419956277.png new file mode 100644 index 00000000..5d0541e1 Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001419956277.png differ diff --git a/docs/iam/api-ref/en-us_image_0000001420034881.jpg b/docs/iam/api-ref/en-us_image_0000001420034881.jpg new file mode 100644 index 00000000..dd2ab5db Binary files /dev/null and b/docs/iam/api-ref/en-us_image_0000001420034881.jpg differ diff --git a/docs/iam/api-ref/en-us_topic_0057845553.html b/docs/iam/api-ref/en-us_topic_0057845553.html new file mode 100644 index 00000000..350b9487 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845553.html @@ -0,0 +1,217 @@ + + +

Querying a Metadata File

+

Function

This API is used to query the content of the metadata file imported by an identity provider to the IAM system.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Metadata
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845554.html b/docs/iam/api-ref/en-us_topic_0057845554.html new file mode 100644 index 00000000..932df401 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845554.html @@ -0,0 +1,249 @@ + + +

Querying the User Group to Which a User Belongs

+

Function

This API is used to query the information about the user group to which a specified user belongs.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845558.html b/docs/iam/api-ref/en-us_topic_0057845558.html new file mode 100644 index 00000000..dd11d787 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845558.html @@ -0,0 +1,255 @@ + + +

Querying the List of Projects Accessible to Users

+

Function

This API is used to query the list of projects accessible to users.

+

+
+

URI

GET /v3/auth/projects

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845559.html b/docs/iam/api-ref/en-us_topic_0057845559.html new file mode 100644 index 00000000..73833f97 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845559.html @@ -0,0 +1,142 @@ + + +

Deleting a Protocol

+

Function

This API is used to delete the information about a protocol.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Protocol
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845560.html b/docs/iam/api-ref/en-us_topic_0057845560.html new file mode 100644 index 00000000..9f5ddbf0 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845560.html @@ -0,0 +1,121 @@ + + +

Deleting Permissions of a User Group of a Domain

+

Function

This API is used to delete permissions of a specified user group of a domain. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845561.html b/docs/iam/api-ref/en-us_topic_0057845561.html new file mode 100644 index 00000000..a2079b94 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845561.html @@ -0,0 +1,342 @@ + + +

Querying Users in a User Group

+

Function

This API is used to query users in a user group.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845562.html b/docs/iam/api-ref/en-us_topic_0057845562.html new file mode 100644 index 00000000..1f713550 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845562.html @@ -0,0 +1,282 @@ + + +

Querying Endpoints

+

Function

This API is used to query the list of terminal addresses and provides a service access entry.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Services and Endpoints
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845564.html b/docs/iam/api-ref/en-us_topic_0057845564.html new file mode 100644 index 00000000..f5a5bc92 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845564.html @@ -0,0 +1,209 @@ + + +

Change History

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Released On

+

Description

+

2020-12-30

+

This release incorporates the following changes:

+ +

2020-11-12

+

This release incorporates the following change:

+

Added the following section:

+ +

2020-08-30

+

This release incorporates the following changes:

+

Added the following sections:

+ +

2020-07-21

+

This release incorporates the following change:

+

Added the following sections:

+

Creating a Custom Policy for Cloud Services

+

Modifying a Custom Policy for Cloud Services

+

2020-07-01

+

This release incorporates the following change:

+
Added the following sections: +
+

2019-06-10

+

This release incorporates the following change:

+

Added section Deleting a User Token.

+

2019-04-23

+

This release incorporates the following change:

+

Added descriptions about token authentication in Token Management.

+

2019-01-09

+

This release incorporates the following changes:

+ +

2018-10-08

+

This release incorporates the following change:

+

Accepted in Open Telekom Cloud 3.2.

+

2018-08-14

+

This release incorporates the following changes:

+ +

2018-06-29

+

This release incorporates the following changes:

+ +

2018-05-10

+

This release incorporates the following change:

+

Accepted in Open Telekom Cloud 3.1.

+

2018-03-31

+

This release incorporates the following changes:

+

Added the link for downloading the Client4ShibbolethIdP.py script in Obtaining an Unscoped Token (IdP Initiated).

+

2018-03-23

+

This release incorporates the following changes:

+ +

2018-02-28

+

This release incorporates the following changes:

+

Added section Obtaining a Temporary AK/SK.

+

2018-01-30

+

This release incorporates the following changes:

+
  • Added section Deleting a Project.
  • Provided an address for downloading the sample code in section Sample Code.
+

2017-10-16

+

This release incorporates the following changes:

+

Added the following sections:

+ +

2017-09-24

+

This release incorporates the following changes:

+

Deleted tenant_id in url of the response from section Querying Endpoints.

+

2017-08-28

+

This release incorporates the following changes:

+

Added section Setting the Status of a Specified Project.

+

2017-07-27

+

This release incorporates the following changes:

+

Added the following sections:

+ +

2017-05-26

+

This release incorporates the following changes:

+

Modified the following sections:

+ +

2017-04-27

+

This release incorporates the following changes:

+ +
  • Modified the content structure based on API types.
+

2017-03-30

+

This release incorporates the following changes:

+

Added section Querying Information About Keystone API Version 3.0.

+

2017-01-20

+

This release incorporates the following changes:

+

Added the following sections:

+ + +

2016-12-30

+

This release incorporates the following changes:

+
  • Description for the page field in the response of the GET /v3/projects API (page indicates the page to be queried.)
  • Description for the per_page field in the response of the GET /v3/projects API (per_page indicates the number of data records on each page.)
+

2016-10-29

+

This release incorporates the following changes:

+

Added the following sections:

+ +

2016-09-30

+

This release incorporates the following changes:

+ +

2016-08-25

+

This release incorporates the following changes:

+ +

2016-06-30

+

This release incorporates the following changes:

+
  • Description for the links field in the response of the GET /v3/services API (links indicates service links.)
  • Description for the links field in the response of the GET /v3/endpoints API (links indicates endpoint links.)
+

2016-03-14

+

This issue is the first official release.

+
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845565.html b/docs/iam/api-ref/en-us_topic_0057845565.html new file mode 100644 index 00000000..81acf37b --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845565.html @@ -0,0 +1,19 @@ + + +

Token

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845566.html b/docs/iam/api-ref/en-us_topic_0057845566.html new file mode 100644 index 00000000..800958d2 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845566.html @@ -0,0 +1,112 @@ + + +

Deleting a User Group

+

Function

This API is used to delete a user group.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The user group is deleted successfully.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845567.html b/docs/iam/api-ref/en-us_topic_0057845567.html new file mode 100644 index 00000000..75a64ebb --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845567.html @@ -0,0 +1,258 @@ + + +

Querying the Mapping List

+

Function

This API is used to query the mapping list.

+
+

URI

GET /v3/OS-FEDERATION/mappings

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Mapping
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845568.html b/docs/iam/api-ref/en-us_topic_0057845568.html new file mode 100644 index 00000000..5467f8fa --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845568.html @@ -0,0 +1,306 @@ + + +

Updating a Mapping

+

Function

This API is used to update the information about a mapping.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Mapping
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845569.html b/docs/iam/api-ref/en-us_topic_0057845569.html new file mode 100644 index 00000000..0af7e738 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845569.html @@ -0,0 +1,164 @@ + + +

Querying Keystone API Version Information

+

Function

This API is used to obtain the keystone API version information.

+
+

URI

GET /

+
+

Request Parameters

Example request

+
curl -i -k -X GET https://sample.domain.com/
+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + +

Status Code

+

Description

+

300

+

The request is successful.

+

400

+

The server failed to process the request.

+

404

+

The requested resource cannot be found.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Version Information Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845570.html b/docs/iam/api-ref/en-us_topic_0057845570.html new file mode 100644 index 00000000..2c84bda1 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845570.html @@ -0,0 +1,133 @@ + + +

Deleting an Identity Provider

+

Function

This API is used to delete a SAML or OpenID Connect identity provider.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Identity Provider
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845571.html b/docs/iam/api-ref/en-us_topic_0057845571.html new file mode 100644 index 00000000..41671ac9 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845571.html @@ -0,0 +1,296 @@ + + +

Querying Permissions of a User Group Under a Domain

+

Function

This API is used to query the permissions of a user group under a domain. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845572.html b/docs/iam/api-ref/en-us_topic_0057845572.html new file mode 100644 index 00000000..d918e102 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845572.html @@ -0,0 +1,121 @@ + + +

Deleting Permissions of a User Group Corresponding to a Project

+

Function

This API is used to delete permissions of a user group corresponding to a project. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845573.html b/docs/iam/api-ref/en-us_topic_0057845573.html new file mode 100644 index 00000000..ba416c2d --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845573.html @@ -0,0 +1,29 @@ + + +

Federated Identity Authentication Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845574.html b/docs/iam/api-ref/en-us_topic_0057845574.html new file mode 100644 index 00000000..8cb47cd6 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845574.html @@ -0,0 +1,203 @@ + + +

Querying the List of Domains Accessible to Users

+

Function

This API is used to query the list of domains accessible to users.

+
+

URI

GET /v3/auth/domains

+
+

Request Parameters

+ +
+

Response Parameters

+ + +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Tenant Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845575.html b/docs/iam/api-ref/en-us_topic_0057845575.html new file mode 100644 index 00000000..214c1da7 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845575.html @@ -0,0 +1,216 @@ + + +

Registering a Protocol

+

Function

This API is used to register a protocol, that is, associate a rule with an identity provider.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Protocol
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845577.html b/docs/iam/api-ref/en-us_topic_0057845577.html new file mode 100644 index 00000000..666412e0 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845577.html @@ -0,0 +1,112 @@ + + +

Querying the Metadata File of Keystone

+

Function

This API is used to query the metadata file of the keystone.

+

+
+

URI

GET /v3-ext/auth/OS-FEDERATION/SSO/metadata

+
+

Request Parameters

+
+

Response Parameters

Example response

+
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="43ebac773925f6849b196a3c803baba5" entityID="https://www.example.com">
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<ds:Reference URI="#43ebac773925f6849b196a3c803baba5">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestValue>yuQJc6OI3xilt6X4cOEUBnVV2Vs=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>...</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>...</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo>
+</ds:Signature>
+<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+<md:KeyDescriptor use="signing">
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509Data>
+<ds:X509Certificate>...</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo>
+</md:KeyDescriptor>
+<md:KeyDescriptor use="encryption">
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509Data>
+<ds:X509Certificate>...</ds:X509Certificate>
+</ds:X509Data>
+</ds:KeyInfo>
+</md:KeyDescriptor>
+<md:NameIDFormat xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
+urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+</md:NameIDFormat>
+<md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.example.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST" index="0" isDefault="true"/>
+<md:AssertionConsumerService xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="https://www.example.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP" index="1"/>
+</md:SPSSODescriptor>
+</md:EntityDescriptor>
+
+

Status Code

+
+ + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Metadata
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845579.html b/docs/iam/api-ref/en-us_topic_0057845579.html new file mode 100644 index 00000000..efb90ca8 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845579.html @@ -0,0 +1,41 @@ + + +

Permission Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845581.html b/docs/iam/api-ref/en-us_topic_0057845581.html new file mode 100644 index 00000000..b06073bf --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845581.html @@ -0,0 +1,229 @@ + + +

Querying the Identity Provider List

+

Function

This API is used to query the identity provider list.

+
+

URI

GET /v3/OS-FEDERATION/identity_providers

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Identity Provider
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845583.html b/docs/iam/api-ref/en-us_topic_0057845583.html new file mode 100644 index 00000000..d407012a --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845583.html @@ -0,0 +1,492 @@ + + +

Obtaining a User Token

+

Function

This API is used to obtain a token through username/password authentication. A token is a system object encapsulating the identity and permissions of a user. When calling the APIs of IAM or other cloud services, you can use this API to obtain a token for authentication.

+
The validity period of a token is 24 hours. Cache the token to prevent frequent API calling. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token. The following operations will invalidate the existing token. After these operations are performed, obtain a new token.
  • Changing the password or access key of your account or an IAM user: The token of your account or the user is invalidated.
  • Deleting or disabling an IAM user: The token of the user is invalidated.
  • Changing the permissions of an IAM user: The token of the user is invalidated. For example, when the user is added to or removed from a user group, or when permissions of the group to which the user belongs are modified.
+
+
+
+

URI

POST /v3/auth/tokens

+
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error. The format may be incorrect.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845585.html b/docs/iam/api-ref/en-us_topic_0057845585.html new file mode 100644 index 00000000..93c3f5e9 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845585.html @@ -0,0 +1,321 @@ + + +

Verifying a Token and Returning a Valid Token

+

Function

This API is used to check the validity of a specified token. If the token is valid, detailed information about the token will be returned.

+
+

URI

GET /v3/auth/tokens

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845586.html b/docs/iam/api-ref/en-us_topic_0057845586.html new file mode 100644 index 00000000..dd8bdd21 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845586.html @@ -0,0 +1,84 @@ + + +

Verifying a Token

+

Function

This API can be used by the administrator to verify the token of a user or used by a user to verify their token. The administrator can only verify the token of a user created using the account. If the verified token is valid, 200 is displayed.

+
+

URI

HEAD /v3/auth/tokens

+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 1 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+
  • To verify your own token, specify your token. There are no special requirements on the permissions that your token must have.
  • To verify the token of another user under the same domain, use a token that has permissions of the Security Administrator policy.
+

X-Subject-Token

+

Yes

+

String

+

Token to be verified.

+
+
+
+

Response Parameters

None

+
+

Example Request

curl -i -k -H "X-Auth-Token:$token" -H "X-Subject-Token:$token" -X HEAD https://sample.domain.com/v3/auth/tokens
+
+

Example Response

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

404

+

The requested resource cannot be found.

+

500

+

The system is abnormal.

+
+
+
+
+
+
+
Parent topic: Token Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845587.html b/docs/iam/api-ref/en-us_topic_0057845587.html new file mode 100644 index 00000000..3b3e1552 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845587.html @@ -0,0 +1,272 @@ + + +

Querying Services

+

Function

This API is used to query the service list.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Services and Endpoints
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845588.html b/docs/iam/api-ref/en-us_topic_0057845588.html new file mode 100644 index 00000000..9e5f92aa --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845588.html @@ -0,0 +1,23 @@ + + +

Mapping

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845590.html b/docs/iam/api-ref/en-us_topic_0057845590.html new file mode 100644 index 00000000..040e387d --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845590.html @@ -0,0 +1,306 @@ + + +

Creating a Mapping

+

Function

This API is used to create a mapping.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Mapping
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845591.html b/docs/iam/api-ref/en-us_topic_0057845591.html new file mode 100644 index 00000000..7eee7dbd --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845591.html @@ -0,0 +1,474 @@ + + +

Querying a Role List

+

Function

This API is used to query a role list, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.

+
+

URI

GET /v3/roles

+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 1 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

+
+ + + + + + + + + + + + + + + + + +
Table 2 Parameters in the response body

Parameter

+

Type

+

Description

+

links

+

Object

+

Resource link information.

+

roles

+

Array of objects

+

Permission information.

+

total_number

+

Integer

+

Total number of permissions.

+
+
+ +
+ + + + + + + + + + + + + + + + + +
Table 3 links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+

previous

+

String

+

Previous resource link.

+

next

+

String

+

Next resource link.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 roles

Parameter

+

Type

+

Description

+

domain_id

+

String

+

ID of the domain to which the permission belongs.

+

flag

+

String

+

If this parameter is set to fine_grained, the permission is a system-defined policy.

+

description_cn

+

String

+

Description of the permission in Chinese.

+

catalog

+

String

+

Service catalog of the permission.

+

name

+

String

+

Permission name. This parameter is carried in the token of a user. The cloud service determines whether the user has the access permission based on the role name.

+

description

+

String

+

Description of the permission.

+

links

+

Object

+

Permission resource link.

+

id

+

String

+

Permission ID.

+

display_name

+

String

+

Display name of the permission.

+

type

+

String

+

Display mode of the permission.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • AA: Both the account level and project level.
  • XX: Neither the account level nor project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

policy

+

Object

+

Content of the permission.

+

updated_time

+

String

+

Time when the permission was last updated.

+

created_time

+

String

+

Time when the permission was created.

+
+
+ +
+ + + + + + + + + + + + + + + + + +
Table 5 roles.links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+

previous

+

String

+

Previous resource link.

+

next

+

String

+

Next resource link.

+
+
+ +
+ + + + + + + + + + + + + + + + + +
Table 6 roles.policy

Parameter

+

Type

+

Description

+

Depends

+

Array of objects

+

Dependence permissions.

+

Statement

+

Array of objects

+

Statement of the permission.

+

Version

+

String

+

Permission version.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+
+
+ +
+ + + + + + + + + + + + + +
Table 7 roles.policy.Depends

Parameter

+

Type

+

Description

+

catalog

+

String

+

Service catalog of the permission.

+

display_name

+

String

+

Display name of the permission.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Table 8 roles.policy.Statement

Parameter

+

Type

+

Description

+

Action

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
  • For a custom agency policy, this parameter should be set to "Action": ["iam:agencies:assume"].
+
+

Effect

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+

Resource

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
  • In the case of a custom policy for agencies, the type of this parameter is object, and the value should be set to "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}.
+
+
+
+ +
+ + + + + + + + + +
Table 9 roles.policy.Statement.Condition.operator

Parameter

+

Type

+

Description

+

attribute

+

Array of strings

+

Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.

+

The parameter type is custom character string array.

+
+
+
+

Example Request

GET https://sample.domain.com/v3/roles
+
+

Example Response

Status code: 200

+

The request is successful.

+
{
+  "roles" : [ {
+    "domain_id" : null,
+    "description_cn" : "Description of the permission in Chinese", 
+    "catalog" : "VulnScan",
+    "name" : "wscn_adm",
+    "description" : "Vulnerability Scan Service administrator of tasks and reports.",
+    "links" : {
+      "next" : null,
+      "previous" : null,
+      "self" : "https://sample.domain.com/v3/roles/0af84c1502f447fa9c2fa18083fbb..."
+    },
+    "id" : "0af84c1502f447fa9c2fa18083fbb...",
+    "display_name" : "VSS Administrator",
+    "type" : "XA",
+    "policy" : {
+      "Version" : "1.0",
+      "Statement" : [ {
+        "Action" : [ "WebScan:*:*" ],
+        "Effect" : "Allow"
+      } ],
+      "Depends" : [ {
+        "catalog" : "BASE",
+        "display_name" : "Server Administrator"
+      }, {
+        "catalog" : "BASE",
+        "display_name" : "Tenant Guest"
+      } ]
+    }
+  }, {
+    "domain_id" : null,
+    "flag" : "fine_grained",
+    "description_cn" : "Description of the permission in Chinese", 
+    "catalog" : "CSE",
+    "name" : "system_all_34",
+    "description" : "All permissions of CSE service.",
+    "links" : {
+      "next" : null,
+      "previous" : null,
+      "self" : "https://sample.domain.com/v3/roles/0b5ea44ebdc64a24a9c372b2317f7..."
+    },
+    "id" : "0b5ea44ebdc64a24a9c372b2317f7...",
+    "display_name" : "CSE Admin",
+    "type" : "XA",
+    "policy" : {
+      "Version" : "1.1",
+      "Statement" : [ {
+        "Action" : [ "cse:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*" ],
+        "Effect" : "Allow"
+      } ]
+    }
+  } ],
+  "links" : {
+    "next" : null,
+    "previous" : null,
+    "self" : "https://sample.domain.com/v3/roles"
+  },
+  "total_number" : 300
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845593.html b/docs/iam/api-ref/en-us_topic_0057845593.html new file mode 100644 index 00000000..d72dc1ea --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845593.html @@ -0,0 +1,55 @@ + + +

User Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845595.html b/docs/iam/api-ref/en-us_topic_0057845595.html new file mode 100644 index 00000000..31d1d324 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845595.html @@ -0,0 +1,161 @@ + + +

Querying the List of Projects Accessible to Federated Users

+

Function

This API is used to query the list of projects accessible to federated users. The project list is used to obtain the scoped token in federated identity authentication mode.

+
+

URI

GET /v3/OS-FEDERATION/projects

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845596.html b/docs/iam/api-ref/en-us_topic_0057845596.html new file mode 100644 index 00000000..e192e2b7 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845596.html @@ -0,0 +1,147 @@ + + +

Querying the List of Domains Accessible to Federated Users

+

Function

This API is used to query the list of domains accessible to federated users.

+
+

URI

GET /v3/OS-FEDERATION/domains

+
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Domain
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845597.html b/docs/iam/api-ref/en-us_topic_0057845597.html new file mode 100644 index 00000000..e57b9853 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845597.html @@ -0,0 +1,126 @@ + + +

Granting Permissions to a User Group Corresponding to a Project

+

Function

This API is used to grant permissions to a user group corresponding to a project. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

409

+

A resource conflict occurs.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845599.html b/docs/iam/api-ref/en-us_topic_0057845599.html new file mode 100644 index 00000000..172dcac6 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845599.html @@ -0,0 +1,121 @@ + + +

Querying Whether a User Belongs to a User Group

+

Function

This API is used to query whether a user belongs to a user group.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The user belongs to this user group.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The server could not find the requested page, or the user does not belong to this user group.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845600.html b/docs/iam/api-ref/en-us_topic_0057845600.html new file mode 100644 index 00000000..0da2b10a --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845600.html @@ -0,0 +1,251 @@ + + +

Updating a User Group

+

Function

This API is used to update user group information.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

409

+

A resource conflict occurs.

+

501

+

The API is not implemented.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845601.html b/docs/iam/api-ref/en-us_topic_0057845601.html new file mode 100644 index 00000000..c037d7d8 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845601.html @@ -0,0 +1,120 @@ + + +

Deleting a User from a User Group

+

Function

This API is used to delete a user from a user group.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845602.html b/docs/iam/api-ref/en-us_topic_0057845602.html new file mode 100644 index 00000000..26a435c2 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845602.html @@ -0,0 +1,234 @@ + + +

Listing User Groups

+

Function

This API is used to query user group information.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845603.html b/docs/iam/api-ref/en-us_topic_0057845603.html new file mode 100644 index 00000000..8d7447d5 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845603.html @@ -0,0 +1,256 @@ + + +

Querying Role Details

+

Function

This API is used to query role details, including the permissions policies of a role. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

+ + +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845604.html b/docs/iam/api-ref/en-us_topic_0057845604.html new file mode 100644 index 00000000..a29b8cc5 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845604.html @@ -0,0 +1,23 @@ + + +

Services and Endpoints

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845605.html b/docs/iam/api-ref/en-us_topic_0057845605.html new file mode 100644 index 00000000..d96b7643 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845605.html @@ -0,0 +1,23 @@ + + +

Identity Provider

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845606.html b/docs/iam/api-ref/en-us_topic_0057845606.html new file mode 100644 index 00000000..448ede5e --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845606.html @@ -0,0 +1,253 @@ + + +

Creating a SAML Identity Provider

+

Function

This API is used to create a SAML identity provider.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

Duplicate identity provider ID.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Identity Provider
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845607.html b/docs/iam/api-ref/en-us_topic_0057845607.html new file mode 100644 index 00000000..736df770 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845607.html @@ -0,0 +1,19 @@ + + +

Metadata

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845609.html b/docs/iam/api-ref/en-us_topic_0057845609.html new file mode 100644 index 00000000..af001c85 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845609.html @@ -0,0 +1,221 @@ + + +

Updating a Protocol

+

Function

This API is used to update the information about a protocol.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Protocol
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845611.html b/docs/iam/api-ref/en-us_topic_0057845611.html new file mode 100644 index 00000000..286fca0d --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845611.html @@ -0,0 +1,342 @@ + + +

Modifying User Information

+

Function

This API is used to modify user information under a domain.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845612.html b/docs/iam/api-ref/en-us_topic_0057845612.html new file mode 100644 index 00000000..7f39fad3 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845612.html @@ -0,0 +1,253 @@ + + +

Updating a SAML Identity Provider

+

Function

This API is used to update the information about a SAML identity provider.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Identity Provider
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845613.html b/docs/iam/api-ref/en-us_topic_0057845613.html new file mode 100644 index 00000000..8cfcc840 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845613.html @@ -0,0 +1,151 @@ + + +

Querying Information About Keystone API Version 3.0

+

Function

This API is used to obtain the information about the keystone API version 3.0.

+
+

URI

GET /v3

+
+

Request Parameters

Example request
curl -i -k -X GET https://sample.domain.com/v3
+
+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

404

+

The requested resource cannot be found.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Version Information Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845615.html b/docs/iam/api-ref/en-us_topic_0057845615.html new file mode 100644 index 00000000..088bd80b --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845615.html @@ -0,0 +1,165 @@ + + +

Importing a Metadata File

+

Function

Before using the federated identity authentication function, a metadata file must be imported to the IAM system. This API is used to import a metadata file of a domain.

+
+

URI

+ +
+

Request Parameters

+ + +
+

Response Parameters

Example response

+
{ "message": "Import metadata successful"}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The import is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Metadata
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845616.html b/docs/iam/api-ref/en-us_topic_0057845616.html new file mode 100644 index 00000000..d779cb6d --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845616.html @@ -0,0 +1,192 @@ + + +

Querying a Protocol

+

Function

This API is used to query the information about a protocol.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Protocol
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845618.html b/docs/iam/api-ref/en-us_topic_0057845618.html new file mode 100644 index 00000000..3cd7ec3f --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845618.html @@ -0,0 +1,201 @@ + + +

Querying User Group Details

+

Function

This API is used to query detailed information about a user group.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845619.html b/docs/iam/api-ref/en-us_topic_0057845619.html new file mode 100644 index 00000000..0c8e2bdf --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845619.html @@ -0,0 +1,23 @@ + + +

Protocol

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845620.html b/docs/iam/api-ref/en-us_topic_0057845620.html new file mode 100644 index 00000000..fac8e300 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845620.html @@ -0,0 +1,121 @@ + + +

Querying Whether a User Group Corresponding to a Project Has Specific Permissions

+

Function

This API is used to query whether a user group corresponding to a project has specific permissions. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845621.html b/docs/iam/api-ref/en-us_topic_0057845621.html new file mode 100644 index 00000000..6c778efb --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845621.html @@ -0,0 +1,21 @@ + + +

Tenant Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845622.html b/docs/iam/api-ref/en-us_topic_0057845622.html new file mode 100644 index 00000000..27c51a68 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845622.html @@ -0,0 +1,284 @@ + + +

Querying a User Project List

+

Function

This API is used to query the project list of a specified user.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845623.html b/docs/iam/api-ref/en-us_topic_0057845623.html new file mode 100644 index 00000000..f9e519e1 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845623.html @@ -0,0 +1,126 @@ + + +

Granting Permissions to a User Group of a Domain

+

Function

This API is used to grant permissions to a user group of a domain. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

409

+

A resource conflict occurs.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845624.html b/docs/iam/api-ref/en-us_topic_0057845624.html new file mode 100644 index 00000000..56a78034 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845624.html @@ -0,0 +1,17 @@ + + +

Obtaining User, Account, User Group, Project, and Agency Information

+

Obtaining User, Account, and Project Information

Your username, user ID, account name, account ID, project name, and project ID need to be specified in the URL and request body for calling certain APIs. Obtain these parameters on the My Credentials page.

+
  1. Log in to management console.
  2. Click the username in the upper right corner, and choose My Credentials.
  3. On the My Credentials page, view the username, user ID, account name, account ID, project name, and project ID.
+
+

Obtaining User Group Information

  1. Log in to the IAM console, and choose User Groups in the navigation pane.
  2. Expand the details page of a user group and view the group name and ID.
+
+

Obtaining Agency Information

  1. Log in to the IAM console, and choose Agencies in the navigation pane.
  2. Hover the mouse pointer over the agency you want to view. The name and ID of this agency are displayed.
+
+
+
+
+
Parent topic: Appendix
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845625.html b/docs/iam/api-ref/en-us_topic_0057845625.html new file mode 100644 index 00000000..87644960 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845625.html @@ -0,0 +1,319 @@ + + +

Querying Project Information Based on the Specified Criteria

+

Function

This API is used to query project information based on the specified criteria.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845626.html b/docs/iam/api-ref/en-us_topic_0057845626.html new file mode 100644 index 00000000..bf57e852 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845626.html @@ -0,0 +1,24 @@ + + +

Token Management

+

When you call an API using a token, the system only checks whether the token is valid and has sufficient permissions, and does not distinguish between a domain token and project token.

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845629.html b/docs/iam/api-ref/en-us_topic_0057845629.html new file mode 100644 index 00000000..736a92f7 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845629.html @@ -0,0 +1,213 @@ + + +

Obtaining an Unscoped Token (SP Initiated)

+

Function

This API is used to obtain an unscoped token in SP-initiated federated identity authentication mode.

+

An unscoped token cannot be used for authentication. If a federated user needs to use a token for authentication, obtain the scoped token based on section Obtaining a Scoped Token.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+
+

Status Code

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful. You need to further obtain user information.

+

201

+

The request is successful, and a token is returned.

+

302

+

The system switches to the identity provider authentication page if the request does not carry user information of the identity provider.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845630.html b/docs/iam/api-ref/en-us_topic_0057845630.html new file mode 100644 index 00000000..26bf7524 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845630.html @@ -0,0 +1,131 @@ + + +

Deleting a User

+

Function

This API is used to delete a user.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The user is deleted successfully.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845631.html b/docs/iam/api-ref/en-us_topic_0057845631.html new file mode 100644 index 00000000..d129e887 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845631.html @@ -0,0 +1,17 @@ + + +

Version Information Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845632.html b/docs/iam/api-ref/en-us_topic_0057845632.html new file mode 100644 index 00000000..dcf61b62 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845632.html @@ -0,0 +1,121 @@ + + +

Querying Whether a User Group Under a Domain Has Specific Permissions

+

Function

This API is used to query whether a specified user group under a domain has specific permissions. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845633.html b/docs/iam/api-ref/en-us_topic_0057845633.html new file mode 100644 index 00000000..d4e11921 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845633.html @@ -0,0 +1,15 @@ + + +

Domain

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845637.html b/docs/iam/api-ref/en-us_topic_0057845637.html new file mode 100644 index 00000000..49bcb1ed --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845637.html @@ -0,0 +1,310 @@ + + +

Creating a User

+

Function

This API is used to create a user under a domain.

+
+

URI

POST /v3/users

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The user is successfully created.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

409

+

A resource conflict occurs.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845638.html b/docs/iam/api-ref/en-us_topic_0057845638.html new file mode 100644 index 00000000..c56525e5 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845638.html @@ -0,0 +1,340 @@ + + +

Querying a User List

+

Function

This API is used to query a user list.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845639.html b/docs/iam/api-ref/en-us_topic_0057845639.html new file mode 100644 index 00000000..d042e136 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845639.html @@ -0,0 +1,206 @@ + + +

Querying an Identity Provider

+

Function

This API is used to query the information about an identity provider.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Identity Provider
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845640.html b/docs/iam/api-ref/en-us_topic_0057845640.html new file mode 100644 index 00000000..ef869db1 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845640.html @@ -0,0 +1,309 @@ + + +

Querying Permissions of a User Group Corresponding to a Project

+

Function

This API is used to query the permissions of a specified user group corresponding to a project. A role is a set of permissions and represents a group of actions.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: Permission Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845641.html b/docs/iam/api-ref/en-us_topic_0057845641.html new file mode 100644 index 00000000..3e779afe --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845641.html @@ -0,0 +1,27 @@ + + +

User Group Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845642.html b/docs/iam/api-ref/en-us_topic_0057845642.html new file mode 100644 index 00000000..ab7e57af --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845642.html @@ -0,0 +1,33 @@ + + +

Project Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845643.html b/docs/iam/api-ref/en-us_topic_0057845643.html new file mode 100644 index 00000000..3830da92 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845643.html @@ -0,0 +1,15 @@ + + +

Project

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845644.html b/docs/iam/api-ref/en-us_topic_0057845644.html new file mode 100644 index 00000000..39261873 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845644.html @@ -0,0 +1,223 @@ + + +

Querying the Protocol List

+

Function

This API is used to query the protocol list.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Protocol
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845645.html b/docs/iam/api-ref/en-us_topic_0057845645.html new file mode 100644 index 00000000..d55b1cf6 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845645.html @@ -0,0 +1,244 @@ + + +

Querying a Mapping

+

Function

This API is used to query the information about a mapping.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Mapping
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845646.html b/docs/iam/api-ref/en-us_topic_0057845646.html new file mode 100644 index 00000000..cc379a84 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845646.html @@ -0,0 +1,17 @@ + + +

Obtaining a Token in Federated Identity Authentication Mode

+
+
+ + +
+
Parent topic: Federated Identity Authentication Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845648.html b/docs/iam/api-ref/en-us_topic_0057845648.html new file mode 100644 index 00000000..09f90121 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845648.html @@ -0,0 +1,133 @@ + + +

Deleting a Mapping

+

Function

This API is used to delete the information about a mapping.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Mapping
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845650.html b/docs/iam/api-ref/en-us_topic_0057845650.html new file mode 100644 index 00000000..7ee69f4b --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845650.html @@ -0,0 +1,200 @@ + + +

Creating a User Group

+

Function

This API is used to create a user group.

+
+

URI

POST /v3/groups

+
+

Request Parameters

+ +
+

Response Parameters

+

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The user group is successfully created.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

409

+

A resource conflict occurs.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845652.html b/docs/iam/api-ref/en-us_topic_0057845652.html new file mode 100644 index 00000000..7c9e9611 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845652.html @@ -0,0 +1,291 @@ + + +

Querying User Details

+

Function

This API is used to query detailed information about a specified user.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845653.html b/docs/iam/api-ref/en-us_topic_0057845653.html new file mode 100644 index 00000000..076842c1 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845653.html @@ -0,0 +1,174 @@ + + +

Changing a Password

+

Function

This API is used to change the password for a user.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The password is changed successfully.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: User Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0057845654.html b/docs/iam/api-ref/en-us_topic_0057845654.html new file mode 100644 index 00000000..18be3b38 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0057845654.html @@ -0,0 +1,121 @@ + + +

Adding a User to a User Group

+

Function

This API is used to add a user to a user group.

+
+

URI

+
+

Request Parameters

+ +
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+
+
+
+
+
+
+
Parent topic: User Group Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0064274720.html b/docs/iam/api-ref/en-us_topic_0064274720.html new file mode 100644 index 00000000..9d241673 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0064274720.html @@ -0,0 +1,419 @@ + + +

Obtaining an Agency Token

+

Function

This API is used to obtain an agency token. For example, after a trust relationship is established between A and B, A is the delegating party and B is the delegated party. Then B can use this API to obtain the agency token. The agency token can be used to manage only the resources that B is delegated to manage. To manage their resources, B needs to obtain a user token according to Obtaining a User Token.

+

The validity period of a token is 24 hours. Cache the token to prevent frequent API calling. Ensure that the token is valid while you use it. Using a token that will soon expire may cause API calling failures. Obtaining a new token does not affect the validity of the existing token.

+
+
+

URI

POST /v3/auth/tokens

+
+

Request Parameters

+
+ +

Response Parameters

+
+ +

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0066154565.html b/docs/iam/api-ref/en-us_topic_0066154565.html new file mode 100644 index 00000000..ca58b3b8 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0066154565.html @@ -0,0 +1,154 @@ + + +

Creating a Project

+

Function

This API is used to create a project.

+
+

URI

POST /v3/projects

+
+

Request Parameters

+ + +
+

Response Parameters

Example response

+
{
+    "project": {
+        "is_domain": false,
+        "description": "",
+        "links": {
+            "self": "https://sample.domain.com/v3/projects/3de1461665f045ef91ba1efe8121b979"
+        },
+        "enabled": true,
+        "id": "3de1461665f045ef91ba1efe8121b979",
+        "parent_id": "d1294857fdf64251994892b344f53e88",
+        "domain_id": "d1294857fdf64251994892b344f53e88",
+        "name": "region_test1"
+    }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

409

+

Duplicate project name.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0066154566.html b/docs/iam/api-ref/en-us_topic_0066154566.html new file mode 100644 index 00000000..a34f2c80 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0066154566.html @@ -0,0 +1,162 @@ + + +

Modifying Project Data

+

Function

This API is used to modify project information.

+
+

URI

+ +
+

Request Parameters

+ + +
+

Response Parameters

Example Response

+
{
+    "project": {
+        "is_domain": false,
+        "description": "test_project_desc",
+        "links": {
+            "self": "https://sample.domain.com/v3/projects/23da5961c8214f5caf701c27d9703959"
+        },
+        "enabled": true,
+        "id": "23da5961c8214f5caf701c27d9703959",
+        "parent_id": "d1294857fdf64251994892b344f53e88",
+        "domain_id": "d1294857fdf64251994892b344f53e88",
+        "name": "region_test2"
+    }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

409

+

Duplicate project name.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0066154567.html b/docs/iam/api-ref/en-us_topic_0066154567.html new file mode 100644 index 00000000..e9dcc3b9 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0066154567.html @@ -0,0 +1,132 @@ + + +

Querying Information About a Specified Project

+

Function

This API is used to query detailed information about a project based on the project ID.

+
+

URI

+
+

Request Parameters

+
+ +

Response Parameters

+
{
+  "project": {
+    "is_domain": false,
+    "description": "",
+    "links": {
+      "self": "https://sample.domain.com/v3/projects/2e93d63d8d2249f5a4ac5e2c78586a6e"
+    },
+    "enabled": true,
+    "id": "2e93d63d8d2249f5a4ac5e2c78586a6e",
+    "parent_id": "44c0781c83484eb9a4a5d4d233522cea",
+    "domain_id": "44c0781c83484eb9a4a5d4d233522cea",
+    "name": "MOS"   //Default project name of OBS
+  }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0067148042.html b/docs/iam/api-ref/en-us_topic_0067148042.html new file mode 100644 index 00000000..8bfa8177 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0067148042.html @@ -0,0 +1,17 @@ + + +

Region Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0067148043.html b/docs/iam/api-ref/en-us_topic_0067148043.html new file mode 100644 index 00000000..8a3e30c2 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0067148043.html @@ -0,0 +1,267 @@ + + +

Querying a Region List

+

Function

This API is used to query a region list.

+
+

URI

GET /v3/regions

+
+

Request Parameters

+
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Region Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0067148044.html b/docs/iam/api-ref/en-us_topic_0067148044.html new file mode 100644 index 00000000..78d2b412 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0067148044.html @@ -0,0 +1,146 @@ + + +

Querying Region Details

+

Function

This API is used to query region details.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

Example response
{
+    "region": {
+        "parent_region_id": null,
+        "description": "",
+        "links": {
+            "self": "https://sample.domain.com/v3/regions/test-pusb999999991"
+        },
+        "type": "public",
+        "id": "test-pusb999999991",
+        "locales": {
+            "en-us": "region_name"
+        }
+    }
+}
+
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Region Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0067148045.html b/docs/iam/api-ref/en-us_topic_0067148045.html new file mode 100644 index 00000000..180c8dbe --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0067148045.html @@ -0,0 +1,143 @@ + + +

Querying Service Details

+

Function

This API is used to query service details.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

Example response (successful response)
{
+    "service": {
+        "enabled": true,
+        "type": "compute",
+        "name": "nova",
+        "links": {
+            "self": "sample.domain.com/v3/services/5a4ed456d228428c800ed2b67b4363a7"
+        },
+        "id": "5a4ed456d228428c800ed2b67b4363a7"
+    }
+}
+
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Services and Endpoints
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0067148046.html b/docs/iam/api-ref/en-us_topic_0067148046.html new file mode 100644 index 00000000..a07d4b50 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0067148046.html @@ -0,0 +1,146 @@ + + +

Querying Endpoint Details

+

Function

This API is used to query endpoint details.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

Example response (successful request)
{
+    "endpoint": {
+        "region_id": "region_id",
+        "links": {
+            "self": "https://sample.domain.com/v3/endpoints/62ea3602f8ee42b1825956473f5295a8"
+        },
+        "url": "https://sample.domain.com/v2/",
+        "region": "region_name",
+        "enabled": true,
+        "interface": "public",
+        "service_id": "5a4ed456d228428c800ed2b67b4363a7",
+        "id": "62ea3602f8ee42b1825956473f5295a8"
+    }
+}
+
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Services and Endpoints
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0074171149.html b/docs/iam/api-ref/en-us_topic_0074171149.html new file mode 100644 index 00000000..789d0092 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0074171149.html @@ -0,0 +1,147 @@ + + +

Setting the Status of a Specified Project

+

Function

This API is used to set the status of a specified project. The project statuses include Normal and Suspended.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079466135.html b/docs/iam/api-ref/en-us_topic_0079466135.html new file mode 100644 index 00000000..92449d3b --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079466135.html @@ -0,0 +1,254 @@ + + +

Querying Information and Status of a Specified Project

+

Function

This API is used to query details about a specified project, including the project status.

+
+

URI

+ +
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467612.html b/docs/iam/api-ref/en-us_topic_0079467612.html new file mode 100644 index 00000000..9f49ea23 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467612.html @@ -0,0 +1,39 @@ + + +

Agency Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467614.html b/docs/iam/api-ref/en-us_topic_0079467614.html new file mode 100644 index 00000000..b75952fc --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467614.html @@ -0,0 +1,273 @@ + + +

Querying an Agency List Based on the Specified Conditions

+

Function

This API is used to query an agency list based on the specified conditions.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+ + +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467615.html b/docs/iam/api-ref/en-us_topic_0079467615.html new file mode 100644 index 00000000..6f95923d --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467615.html @@ -0,0 +1,253 @@ + + +

Obtaining Details of a Specified Agency

+

Function

This API is used to obtain the details of a specified agency.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+ + +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The agency does not exist.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467617.html b/docs/iam/api-ref/en-us_topic_0079467617.html new file mode 100644 index 00000000..47ac8db3 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467617.html @@ -0,0 +1,296 @@ + + +

Creating an Agency

+

Function

This API is used to create an agency.

+
+

URI

POST /v3.0/OS-AGENCY/agencies

+
+

Request Parameters

+ + +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

409

+

The agency already exists.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467620.html b/docs/iam/api-ref/en-us_topic_0079467620.html new file mode 100644 index 00000000..74b6b8f4 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467620.html @@ -0,0 +1,141 @@ + + +

Granting Permissions to an Agency for a Project

+

Function

This API is used to grant permissions to an agency for a project.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467622.html b/docs/iam/api-ref/en-us_topic_0079467622.html new file mode 100644 index 00000000..68b2ca88 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467622.html @@ -0,0 +1,138 @@ + + +

Deleting Permissions of an Agency on a Domain

+

Function

This API is used to delete permissions of an agency on a domain.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467623.html b/docs/iam/api-ref/en-us_topic_0079467623.html new file mode 100644 index 00000000..9b343f3c --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467623.html @@ -0,0 +1,292 @@ + + +

Modifying an Agency

+

Function

This API is used to modify agency information, including the trust_domain_id, description, and trust_domain_name parameters.

+
+

URI

+ +
+

Request Parameters

+ + +
+

Response Parameters

+ + +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467624.html b/docs/iam/api-ref/en-us_topic_0079467624.html new file mode 100644 index 00000000..7dea0f03 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467624.html @@ -0,0 +1,140 @@ + + +

Granting Permissions to an Agency on a Domain

+

Function

This API is used to grant permissions to an agency on a domain.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467625.html b/docs/iam/api-ref/en-us_topic_0079467625.html new file mode 100644 index 00000000..fb20cfe6 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467625.html @@ -0,0 +1,122 @@ + + +

Deleting an Agency

+

Function

This API is used to delete an agency.

+

After this operation, the delegated party can no longer access the relevant resources. Exercise caution when performing this operation.

+
+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079467627.html b/docs/iam/api-ref/en-us_topic_0079467627.html new file mode 100644 index 00000000..4ca498e5 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079467627.html @@ -0,0 +1,138 @@ + + +

Deleting Permissions of an Agency on a Project

+

Function

This API is used to delete permissions of an agency on a project.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079578163.html b/docs/iam/api-ref/en-us_topic_0079578163.html new file mode 100644 index 00000000..1a6ce194 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079578163.html @@ -0,0 +1,138 @@ + + +

Checking Whether an Agency Has the Specified Permissions on a Project

+

Function

This API is used to check whether an agency has the specified permissions on a project.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful. The agency has the specified permissions on the project.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079578164.html b/docs/iam/api-ref/en-us_topic_0079578164.html new file mode 100644 index 00000000..1861681f --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079578164.html @@ -0,0 +1,271 @@ + + +

Querying the List of Permissions of an Agency on a Project

+

Function

This API is used to query the list of permissions of an agency on a project.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079578165.html b/docs/iam/api-ref/en-us_topic_0079578165.html new file mode 100644 index 00000000..74db030e --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079578165.html @@ -0,0 +1,138 @@ + + +

Checking Whether an Agency Has the Specified Permissions on a Domain

+

Function

This API is used to check whether an agency has the specified permissions on a domain.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful. The agency has the specified permissions on the domain.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0079578166.html b/docs/iam/api-ref/en-us_topic_0079578166.html new file mode 100644 index 00000000..5afa0655 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0079578166.html @@ -0,0 +1,271 @@ + + +

Querying the List of Permissions of an Agency on a Domain

+

Function

This API is used to query the list of permissions of an agency on a domain.

+
+

URI

+ +
+

Request Parameters

+ +
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Agency Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0094012960.html b/docs/iam/api-ref/en-us_topic_0094012960.html new file mode 100644 index 00000000..d1363dfd --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0094012960.html @@ -0,0 +1,123 @@ + + +

Deleting a Project

+

Function

This API is used to delete a project.

+
+

URI

+ +
+

Request Parameters

+
+ +

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0097942776.html b/docs/iam/api-ref/en-us_topic_0097942776.html new file mode 100644 index 00000000..aabe59d2 --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0097942776.html @@ -0,0 +1,25 @@ + + +

Access Key Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/en-us_topic_0097949518.html b/docs/iam/api-ref/en-us_topic_0097949518.html new file mode 100644 index 00000000..3278f10b --- /dev/null +++ b/docs/iam/api-ref/en-us_topic_0097949518.html @@ -0,0 +1,343 @@ + + +

Obtaining a Temporary AK/SK

+

Function

You can obtain a temporary AK/SK and security token (offline AK/SK) by using a user token, agency token, and federated token. A temporary AK/SK is a token with temporary permissions issued to users. It conforms to the principle of least privilege and can be used to temporarily access OBS.

+
+

URI

POST /v3.0/OS-CREDENTIAL/securitytokens

+
+

Request Parameters

+ +
+

Response Parameters

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

The system is abnormal.

+
+
+
+
+
+
+
Parent topic: Access Key Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0000.html b/docs/iam/api-ref/iam_02_0000.html new file mode 100644 index 00000000..1be81594 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0000.html @@ -0,0 +1,15 @@ + + +

Calling APIs

+
+
+ +
+ diff --git a/docs/iam/api-ref/iam_02_0001.html b/docs/iam/api-ref/iam_02_0001.html new file mode 100644 index 00000000..2e40710b --- /dev/null +++ b/docs/iam/api-ref/iam_02_0001.html @@ -0,0 +1,141 @@ + + +

SP Initiated

+

OpenStack and Shibboleth are widely used open-source federated identity authentication solutions. They provide powerful SSO capabilities and connect users to various applications both inside and outside enterprises. This section describes how to use OpenStackClient and Shibboleth ECP Client to obtain the federated authentication token.

+

Flowchart

The following figure shows the SP-initiated federation authentication process.

+
Figure 1 Flowchart (SP-initiated)
+
+

Description

  1. The client calls the API (federated token obtained in the SP-initiated mode) provided by the public cloud system.
  2. The public cloud system searches for the metadata file based on the user and IdP information in the URL and sends the SAML request to the client.
  3. The client encapsulates the SAML request and forwards the SAML request to the IdP.
  4. A user enters a username and password on the IdP server for identity authentication.
  5. After the user passes the authentication, IdP constructs an assertion carrying the user identity information and sends the SAML response. The response passes through the client.
  6. The client encapsulates the SAML response and forwards the SAML response to the public cloud.
  7. The public cloud verifies and authenticates the assertion, and generates a temporary access credential according to the identity conversion rule configured by users in the identity provider.
  8. Users can access public cloud resources according to their permissions.
+
+

OpenStackClient

You must have permissions of user root to install the unified command-line client. To perform the following operations, you only need to have the permissions of a common user.

+

The API calling operation must be performed in a secure network environment (in a VPN or a cloud server of a domain). Otherwise, this operation may be under the man-in-the-middle (MITM) attack.

+
+
+
  1. Create an environment variable file under the installation directory of OpenStackClient. Modify the environment variable file in a text editor. Add parameters, such as the username, password, region, SAML protocol version, and the IP address and port number of IAM, to the file. Table 1 describes the parameters.

    For example:

    +

    export OS_IDENTITY_API_VERSION=3

    +

    export OS_AUTH_TYPE=v3samlpassword

    +

    export OS_AUTH_URL=https://iam.eu-de.otc.t-systems.com:443/v3

    +

    export OS_IDENTITY_PROVIDER=idpid

    +

    export OS_PROTOCOL=saml

    +

    export OS_IDENTITY_PROVIDER_URL=https://idp.example.com/idp/profile/SAML2/SOAP/ECP

    +

    export OS_USERNAME=username

    +

    export OS_PASSWORD=userpassword

    +

    export OS_DOMAIN_NAME=example-domain-name

    + +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Table 1 Parameter description

    Parameter

    +

    Description

    +

    OS_IDENTITY_API_VERSION

    +

    Indicates the authentication API version. The value is fixed at 3.

    +

    OS_AUTH_TYPE

    +

    Indicates the authentication type. The value is fixed at v3samlpassword.

    +

    OS_AUTH_URL

    +

    Indicates the authentication URL. The value format is https://IAM IP address:Port number/API version.

    +
    • Port number is fixed at 443.
    • API version is fixed at v3.
    +

    OS_IDENTITY_PROVIDER

    +

    Indicates the name of an identity provider created by a user in the cloud system. For example: Publiccloud-Shibboleth.

    +

    OS_DOMAIN_NAME

    +

    Indicates the domain name to be authenticated.

    +

    OS_PROTOCOL

    +

    Indicates the SAML protocol version. The value is fixed at saml.

    +

    OS_IDENTITY_PROVIDER_URL

    +

    Indicates the URL of the identity provider used to handle the authentication request initialized by the ECP.

    +

    OS_USERNAME

    +

    Indicates the name of a user who is authenticated in the identity provider.

    +

    OS_PASSWORD

    +

    Indicates the password of a user who is authenticated in the identity provider.

    +
    +
    +

  2. Run the following command to set environment variables:

    source keystonerc

    +

  3. Run the following command to obtain a token:

    openstack token issue

    +
    >>openstack token issue 
+command: token issue -> openstackclient.identity.v3.token.IssueToken (auth=True)
+Using auth plugin: v3samlpassword
++-----------------------------------------------------------------------------------------------------------
+| Field   | Value
+| expires | 2018-04-16T03:46:51+0000                              
+| id      | MIIDbQYJKoZIhvcNAQcCoIIDXjXXX...
+| user_id | 9B7CJy5ME14f0fQKhb6HJVQdpXXX...
    +

    In the command output, id is the obtained federated authentication token.

    +

+

Shibboleth ECP Client

  1. Configure the metadata-providers.xml file in Shibboleth IdP v3 and save the metadata.xml file in the corresponding path.

    <MetadataProvider id="LocalMetadata1"xsi:type="FilesystemMetadataProvider" metadataFile="C:\Program Files (x86)\Shibboleth\IdP\metadata\web_metadata.xml"/>
+<MetadataProvider id="LocalMetadata2"xsi:type="FilesystemMetadataProvider" metadataFile="C:\Program Files (x86)\Shibboleth\IdP\metadata\api_metadata.xml"/>
    +
    • MetadataProvider id indicates the name of the downloaded metadata file of the SP system.
    • metadataFile indicates the path for storing the metadata file of the SP system in the enterprise IdP.
    +
    +

  2. Configure the attribute-filter.xml file in Shibboleth IdP v3.

    <afp:AttributeFilterPolicy id="example1">
+    <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://auth.example.com/" />
+    <afp:AttributeRule attributeID="eduPersonPrincipalName">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+    <afp:AttributeRule attributeID="uid">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+    <afp:AttributeRule attributeID="mail">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+</afp:AttributeFilterPolicy>
+
+<afp:AttributeFilterPolicy id="example2">
+    <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://iam.{region_id}.example.com" />
+    <afp:AttributeRule attributeID="eduPersonPrincipalName">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+    <afp:AttributeRule attributeID="uid">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+    <afp:AttributeRule attributeID="mail">
+        <afp:PermitValueRule xsi:type="basic:ANY" />
+    </afp:AttributeRule>
+</afp:AttributeFilterPolicy>
    +

    AttributeFilterPolicy id indicates the name of the downloaded metadata file of the SP system.

    +

    value indicates the EntityID in the metadata file of the SP system.

    +
    +

  3. Configure the endpoint address of the enterprise IdP in the ecp.py script.

    # mapping from user friendly names or tags to IdP ECP enpoints
+IDP_ENDPOINTS = {
+    "idp1": "https://idp.example.com/idp/profile/SAML2/SOAP/ECP"
+}
    +

  4. Run the ecp.py script to obtain the federated authentication token.

    >>python ecp.py
+Usage: ecp.py [options] IdP_tag target_url login
+>>python ecp.py -d idp1 https://iam.{region_id}.example.com/v3/OS-FEDERATION/identity_providers/idp_example/protocols/saml/auth {username}
+X-Subject-Token: MIIDbQYJKoZIhvcNAQcCoIIDXXX...
    +

    X-Subject-Token is the obtained federated authentication token.

    +

+
+
+
+
+
Parent topic: Obtaining a Token in Federated Identity Authentication Mode
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0002.html b/docs/iam/api-ref/iam_02_0002.html new file mode 100644 index 00000000..341db763 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0002.html @@ -0,0 +1,241 @@ + + +

IdP Initiated

+

This section uses the Client4ShibbolethIdP script as an example to describe how to obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script simulates a user who logs in to the enterprise IdP using a browser. Therefore, by comparing the form data submitted by the browser and the client implementation data, this section helps users develop the client scripts of their enterprise IdP.

+

Prerequisites

+
+

Flowchart

The following figure shows the IdP-initiated federation authentication process.

+
Figure 1 Flowchart (IdP-initiated)
+
+

Description

  1. The client calls the login link provided by IdP based on the IdP-initiated mode and sets the public cloud address in the login link, that is, entityID in the metadata file of the public cloud.
  2. The client obtains the login page of the IdP. Users submit identity information to IdP for authentication through the client.
  3. After users pass the authentication, IdP constructs an assertion carrying the user identity information and sends the SAML response. The response passes through the client.
  4. The client encapsulates the SAML response, forwards the SAML response, and calls the API (federated token obtained in the IdP-initiated mode) provided by the public cloud system.
  5. The public cloud verifies and authenticates the assertion, and generates a temporary access credential according to the identity conversion rule configured by users in the identity provider.
  6. Users can access public cloud resources according to their permissions.
+
+

Implementation on the Client

Download the Client4ShibbolethIdP.py script (for reference only) from the following website to implement the federated identity authentication script from the enterprise IdP to the API/CLI side of the cloud system:

+

https://obs-iam-download.obs.eu-de.otc.t-systems.com/non-ecp-script/Client4ShibblethIdP.py

+
  1. Configure the login URL of enterprise IdP.

    +

    + + + + + + + + + + + + + + + + + +
    Table 1 Login URLs of common IdP products

    IdP

    +

    SP Identification Parameter in URL

    +

    Login URL Example

    +

    ADFS

    +

    logintorp

    +

    https://adfs-server.contoso.com/adfs/ls/IdpInitiatedSignon.aspx?logintorp=https://iam.example.com

    +

    Shibboleth

    +

    providerId

    +

    https://idp.example.org/idp/profile/SAML2/Unsolicited/SSO?providerId=iam.example.com

    +

    SimpleSAMLphp

    +

    spentityid

    +

    https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=iam.example.com

    +
    +
    +

    After the configuration, enter the login URL in the browser address box. The following page is displayed.

    +
    Figure 2 Login Page
    +
    Client4ShibbolethIdP script implementation:
    import sys
+import requests
+import getpass
+import re
+from bs4 import BeautifulSoup
+from urlparse import urlparse
+
+# SSL certificate verification: Whether or not strict certificate
+# verification is done, False should only be used for dev/test
+sslverification = True
+
+# Get the federated credentials from the user
+print "Username:",
+username = raw_input()
+password = getpass.getpass()
+print ''
+
+session = requests.Session()
+
+# The initial url that starts the authentication process.
+idp_entry_url = 'https://idp.example.com/idp/profile/SAML2/Unsolicited/SSO?providerId=https://iam.example.com'
+
+# Programmatically get the SAML assertion,open the initial IdP url# and follows all of the HTTP302 redirects, and gets the resulting# login page
+formresponse = session.get(idp_entry_url, verify=sslverification)
+# Capture the idp_authform_submit_url,which is the final url after# all the 302s
+idp_authform_submit_url = formresponse.url
    +
    +

  1. The client submits authentication information. The client parses the login page using the beautifulsoup4 module, captures the user information input box and requested action, constructs the request parameters, and initiates identity authentication to the IdP.

    Obtain all form data submitted for the login page from the browser.

    +
    Figure 3 Authentication information (1)
    +

    +

    Client4ShibbolethIdP script implementation:

    +
    # Parse the response and extract all the necessary values in order to build a dictionary of all of the form values the IdP expects
+formsoup = BeautifulSoup(formresponse.text.decode('utf8'), "lxml")
+payload = {}
+
+for inputtag in formsoup.find_all(re.compile('(INPUT|input)')):
+    name = inputtag.get('name', '')
+    value = inputtag.get('value', '')
+    if "username" in name.lower():
+        payload[name] = username
+    elif "password" in name.lower():
+        payload[name] = password
+    else:
+        payload[name] = value
+
+for inputtag in formsoup.find_all(re.compile('(FORM|form)')):
+    action = inputtag.get('action')
+    if action:
+        parsedurl = urlparse(idp_entry_url)
+        idp_authform_submit_url = parsedurl.scheme + "://" + parsedurl.netloc + action
+
+# please test on browser first, add other parameters in payload
+payload["_eventId_proceed"] = ""
+
+formresponse = session.post(
+    idp_authform_submit_url, data=payload, verify=sslverification)
    +

  2. The client parses the next page. (Some enterprise IdPs provide pages containing user attributes.)

    Obtain all form data submitted for the login page from the browser.

    +
    Figure 4 Authentication information (2)
    +

    Client4ShibbolethIdP script implementation:

    +
    # In shebbleth IdP v3, browser will show attributes page for user,# so we need parse the page
+formsoup = BeautifulSoup(formresponse.text.decode('utf8'), "lxml")
+payload = {}
+
+# Add other form data required from browser to payload
+_shib_idp_consentIds = []
+for inputtag in formsoup.find_all(re.compile('input')):
+    name = inputtag.get("name")
+    value = inputtag.get("value")
+    if name == "_shib_idp_consentIds":
+        _shib_idp_consentIds.append(value)
+payload["_shib_idp_consentIds"] = _shib_idp_consentIds
+payload["_shib_idp_consentOptions"] = "_shib_idp_rememberConsent"
+payload["_eventId_proceed"] = "Accept"
+
+# user can get the action url from the html file
+nexturl = "https://idp.example.com/idp/profile/SAML2/Unsolicited/SSO?execution=e1s2"
+
+for inputtag in formsoup.find_all(re.compile('(FORM|form)')):
+    action = inputtag.get('action')
+    if action:
+        parsedurl = urlparse(idp_entry_url)
+        nexturl = parsedurl.scheme + "://" + parsedurl.netloc + action
+
+response = session.post(
+    nexturl, data=payload, verify=sslverification)
    +

  3. The client parses the response message sent from the IdP. The client submits user information to the enterprise IdP for authentication. After authenticating the user information, the IdP sends a response message to the client. The client parses the SAMLResponse parameter in the response message.

    Client4ShibbolethIdP script implementation:

    +
    # Decode the response and extract the SAML assertion
+soup = BeautifulSoup(response.text.decode('utf8'), "lxml")
+SAMLResponse = ''
+
+# Look for the SAMLResponse attribute of the input tag
+for inputtag in soup.find_all('input'):
+    if (inputtag.get('name') == 'SAMLResponse'):
+        SAMLResponse = inputtag.get('value')
+
+# Better error handling is required for production use.
+if (SAMLResponse == ''):
+    print 'Response did not contain a valid SAML assertion, please troubleshooting in Idp side.'
+    sys.exit(0)
    +

  4. Obtain an unscoped token. For details, see Obtaining an Unscoped Token (IdP Initiated).

    Client4ShibbolethIdP script implementation:

    +
    # Set headers
+headers = {}
+headers["X-Idp-Id"] = "test_local_idp"
+
+# IAM API url: get unscoped token on IDP initiated mode
+sp_unscoped_token_url = "https://iam.example.com/v3.0/OS-FEDERATION/tokens"
+
+# Set form data
+payload = {}
+payload["SAMLResponse"] = SAMLResponse
+response = session.post(
+    sp_unscoped_token_url, data=payload, headers=headers, verify=sslverification)
+
+# Debug only
+print(response.text)
+print "Status Code: " + str(response.status_code)
+if response.status_code != 201:
+    sys.exit(1)
+
+unscoped_token = response.headers.get("X-Subject-Token") if "X-Subject-Token" in response.headers.keys() else None
+if unscoped_token:
+    print ">>>>>>X-Subject-Token: " + unscoped_token
    +

  5. Obtain a scoped token. For details, see Obtaining a Scoped Token.

    Client4ShibbolethIdP script implementation:

    +
    payload = {
+    "auth": {
+        "identity": {
+            "methods": ["token"],
+            "token": {
+                "id": unscoped_token
+            }
+        },
+        "scope": {
+            "project": {
+                "name": "{region_id}_test1"
+            }
+        }
+    }
+}
+
+sp_scoped_token_url = "https://iam.example.com/v3/auth/tokens"
+
+response = session.post(
+    sp_scoped_token_url, json=payload, verify=sslverification)
+
+# Debug only
+print "Status Code: " + str(response.status_code)
+if response.status_code != 201:
+    print response.text
+    sys.exit(1)
+
+scoped_token = response.text if response.status_code == 201 else None
+if scoped_token:
+    print ">>>>>>Scoped Token:" + scoped_token
    +

  6. Obtain a temporary AK/SK. For details, see Obtaining a Temporary AK/SK.

    Client4ShibbolethIdP script implementation:

    +
    # Set form data
+payload = {
+    "auth": {
+        "identity": {
+            "methods": ["token"],
+            "token": {
+                "duration_seconds": "900"
+            }
+        }
+    }
+}
+
+# Set headers
+headers = {}
+headers["X-Auth-Token"] = unscoped_token
+
+sp_STS_token_url = "https://iam.example.com/v3.0/OS-CREDENTIAL/securitytokens"
+
+response = session.post(
+    sp_STS_token_url, json=payload, headers=headers, verify=sslverification)
+
+# Debug only
+print "Status Code: " + str(response.status_code)
+if response.status_code != 201:
+    print response.text
+    sys.exit(1)
+
+sts_token = response.text if response.status_code == 201 else None
+if sts_token:
+    print ">>>>>>STS Token:" + sts_token
    +

+
+
+
+
+
Parent topic: Obtaining a Token in Federated Identity Authentication Mode
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0003.html b/docs/iam/api-ref/iam_02_0003.html new file mode 100644 index 00000000..fb6733e2 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0003.html @@ -0,0 +1,188 @@ + + +

Obtaining an Unscoped Token (IdP Initiated)

+

Function

This API is used to obtain an unscoped token in IdP-initiated federated identity authentication mode.

+

An unscoped token cannot be used for authentication. If a federated user needs to use a token for authentication, obtain the scoped token based on section Obtaining a Scoped Token.

+
+

URI

POST /v3.0/OS-FEDERATION/tokens

+
+

Request Parameters

+
+

Response Parameters

+
+

Status Code

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful, and a token is returned.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0004.html b/docs/iam/api-ref/iam_02_0004.html new file mode 100644 index 00000000..1a3a6be3 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0004.html @@ -0,0 +1,119 @@ + + +

Querying the Service Catalog

+

Function

This API is used to query the service catalog corresponding to X-Auth-Token contained in the request.

+
+

URI

GET /v3/auth/catalog

+
+

Request Parameters

+
+

Response Parameters

Example response (successful request)
{
+  "catalog": [
+    {
+      "endpoints": [
+        {
+          "region_id": null,
+          "url": "https://sample.domain.com/v2/c972a59e958e407e89b0c6d8e522df3b",
+          "region": null,
+          "interface": "public",
+          "id": "04f0ee42038447f0a9c7b407028fd7b9"
+        }
+      ],
+      "type": "compute",
+      "id": "eb884e9f64b44dd0ac73cdc55d817286",
+      "name": "nova"
+    }
+  ],
+  "links": {
+    "self": "https://sample.domain.com/v3/auth/catalog"
+  }
+}
+
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Services and Endpoints
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0005.html b/docs/iam/api-ref/iam_02_0005.html new file mode 100644 index 00000000..6f099b05 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0005.html @@ -0,0 +1,320 @@ + + +

Status Codes

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 1 Status codes

Status Code

+

Message Title

+

Description

+

100

+

Continue

+

The client should continue with its request.

+

This interim response is used to inform the client that the initial part of the request has been received and has not yet been rejected by the server.

+

101

+

Switching Protocols

+

The requester has asked the server to switch protocols and the server has agreed to do so. The protocol should be switched only when it is advantageous to do so.

+

For example, switching to a newer version of HTTP is advantageous over older versions.

+

201

+

Created

+

The request has been fulfilled and resulted in a new resource being created.

+

202

+

Accepted

+

The request has been accepted for processing, but the processing has not been completed.

+

203

+

Non-Authoritative Information

+

The server successfully processed the request, but is returning information that may be from another source.

+

204

+

NoContent

+

The server successfully processed the request and is not returning any content.

+

The status code is returned in response to an HTTP OPTIONS request.

+

205

+

Reset Content

+

The server successfully processed the request, but is not returning any content.

+

206

+

Partial Content

+

The server has fulfilled the partial GET request for the resource.

+

300

+

Multiple Choices

+

There are multiple options for the resource from which the client may choose. For example, this code could be used to present a list of resource characteristics and addresses from which the client such as a browser may choose.

+

301

+

Moved Permanently

+

The requested resource has been assigned a new permanent URI and any future references to this resource should use one of the returned URIs.

+

302

+

Found

+

The requested resource resides temporarily under a different URI.

+

303

+

See Other

+

The response to the request can be found under a different URI and should be retrieved using a GET or POST method.

+

304

+

Not Modified

+

The requested resource has not been modified. When the server returns this status code, it does not return any resources.

+

305

+

Use Proxy

+

The requested resource must be accessed through a proxy.

+

306

+

Unused

+

This HTTP status code is no longer used.

+

400

+

BadRequest

+

The request could not be understood by the server due to malformed syntax.

+

The client should not repeat the request without modifications.

+

401

+

Unauthorized

+

The authorization information provided by the client is incorrect or invalid. Check the username and password.

+

402

+

Payment Required

+

This status code is reserved for future use.

+

403

+

Forbidden

+

The server understood the request, but is refusing to fulfill it.

+

The client should not repeat the request without modifications.

+

404

+

NotFound

+

The requested resource cannot be found.

+

The client should not repeat the request without modifications.

+

405

+

MethodNotAllowed

+

The method specified in the request is not allowed for the requested resource.

+

The client should not repeat the request without modifications.

+

406

+

Not Acceptable

+

The server cannot fulfill the request based on the content characteristics of the request.

+

407

+

Proxy Authentication Required

+

This code is similar to 401, but indicates that the client must first authenticate itself with the proxy.

+

408

+

Request Time-out

+

The client does not produce a request within the time that the server was prepared to wait.

+

The client may repeat the request without modifications at any later time.

+

409

+

Conflict

+

The request could not be completed due to a conflict with the current state of the resource.

+

This status code indicates that the resource that the client attempts to create already exists, or the request fails to be processed because of the update of the conflict request.

+

410

+

Gone

+

The requested resource is no longer available.

+

The requested resource has been deleted permanently.

+

411

+

Length Required

+

The server refuses to process the request without a defined Content-Length.

+

412

+

Precondition Failed

+

The server does not meet one of the preconditions that the requester puts on the request.

+

413

+

Request Entity Too Large

+

The server is refusing to process a request because the request entity is larger than the server is willing or able to process. The server may close the connection to prevent the client from continuing the request. If the condition is temporary, the server should include a Retry-After header field to indicate that it is temporary and after what time the client may try again.

+

414

+

Request-URI Too Large

+

The server is refusing to service the request because the request URI is longer than the server is willing to interpret.

+

415

+

Unsupported Media Type

+

The server is refusing to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.

+

416

+

Requested range not satisfiable

+

The requested range is invalid.

+

417

+

Expectation Failed

+

The server fails to meet the requirements of the Expect request header field.

+

422

+

UnprocessableEntity

+

The request was well-formed but was unable to be followed due to semantic errors.

+

429

+

TooManyRequests

+

The client has sent more requests than its rate limit is allowed within a given amount of time, or the server has received more requests than it is able to process within a given amount of time. In this case, the client should repeat requests after the time specified in the Retry-After header of the response expires.

+

500

+

InternalServerError

+

The server encountered an unexpected condition which prevented it from fulfilling the request.

+

501

+

Not Implemented

+

The server does not support the functionality required to fulfill the request.

+

502

+

Bad Gateway

+

The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

+

503

+

ServiceUnavailable

+

The requested service is unavailable.

+

The client should not repeat the request without modifications.

+

504

+

ServerTimeout

+

The request cannot be fulfilled within a given amount of time. The response will reach the client only if the request carries a timeout parameter.

+

505

+

HTTP Version not supported

+

The server does not support the HTTP protocol version used in the request.

+
+
+
+
+
+
Parent topic: Appendix
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0006.html b/docs/iam/api-ref/iam_02_0006.html new file mode 100644 index 00000000..b08d9ec5 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0006.html @@ -0,0 +1,1280 @@ + + +

Error Codes

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Error Code

+

Error Message

+

Description

+

Measure

+

400

+

1100

+

Mandatory parameters are not specified.

+

Mandatory parameters are not specified.

+

Check the request parameters.

+

400

+

1101

+

Invalid username.

+

Invalid username.

+

Check the username.

+

400

+

1102

+

Invalid email address.

+

Invalid email address.

+

Check the email address.

+

400

+

1103

+

Incorrect password.

+

Incorrect password.

+

Check the password.

+

400

+

1104

+

Invalid mobile number.

+

Invalid mobile number.

+

Check the mobile number.

+

400

+

1105

+

The value of xuser_type must be the same as that of xdomain_type.

+

The value of xuser_type must be the same as that of xdomain_type.

+

Check whether the value of xuser_type is the same as that of xdomain_type.

+

400

+

1106

+

The country code and mobile number must be set at the same time.

+

The country code and mobile number must be set at the same time.

+

Check whether the country code and mobile number have been both specified.

+

400

+

1107

+

The account administrator cannot be deleted.

+

The account administrator cannot be deleted.

+

This operation is not allowed.

+

400

+

1108

+

The new password must be different from the old password.

+

The new password must be different from the old password.

+

Enter another password.

+

400

+

1109

+

The username already exists.

+

The username already exists.

+

Modify the username.

+

400

+

1110

+

The email address has already been used.

+

The email address has already been used.

+

Enter another email address.

+

400

+

1111

+

The mobile number has already been used.

+

The mobile number has already been used.

+

Enter another mobile number.

+

400

+

1113

+

The values of xuser_id and xuser_type already exist.

+

The values of xuser_id and xuser_type already exist.

+

Modify the values of xuser_id and xuser_type.

+

400

+

1115

+

The number of IAM users has reached the maximum allowed limit.

+

The number of IAM users has reached the maximum allowed limit.

+

Modify the user quota or contact technical support.

+

400

+

1117

+

Invalid user description.

+

Invalid user description.

+

Modify the user description.

+

400

+

1118

+

The password is weak.

+

The password is weak.

+

Enter another password.

+

400

+

IAM.0007

+

Request parameter %(key)s is invalid.

+

The request parameter is invalid.

+

Check the request parameter.

+

400

+

IAM.0008

+

Please scan the QR code first.

+

Scan the QR code first.

+

Scan the QR code first.

+

400

+

IAM.0009

+

X-Subject-Token is invalid in the request.

+

X-Subject-Token in the request is invalid.

+

Check the request parameter.

+

400

+

IAM.0010

+

The QR code has already been scanned by another user.

+

The QR code has already been scanned by someone else.

+

No action is required.

+

400

+

IAM.0011

+

Request body is invalid.

+

The request body is invalid.

+

Check the request body.

+

400

+

IAM.0072

+

'%(key)s' is a required property.

+

The request is invalid. For example, %(key)s is required.

+

Contact technical support.

+

400

+

IAM.0073

+

Invalid input for field '%(key)s'. The value is '%(value)s'.

+

The input is invalid.

+

Contact technical support.

+

400

+

IAM.0077

+

Invalid policy type.

+

The policy type is invalid.

+

Contact technical support.

+

400

+

IAM.1000

+

The role must be a JSONObject.

+

The role object is missing.

+

Check whether the request body contains the role object.

+

400

+

IAM.1001

+

The display_name must be a string and cannot be left blank or contain spaces.

+

The value of display_name is empty or contains spaces.

+

Check whether the value of display_name is correct.

+

400

+

IAM.1002

+

The length [input length] of the display name exceeds 64 characters.

+

The display_name field cannot exceed 64 characters.

+

Check the length of the display_name field.

+

400

+

IAM.1003

+

The display_name contains invalid characters.

+

The display_name field contains invalid characters.

+

Check whether the value of display_name is correct.

+

400

+

IAM.1004

+

The type must be a string and cannot be left blank or contain spaces.

+

The type field is empty.

+

Check whether the value of type is correct.

+

400

+

IAM.1005

+

Invalid type [input type].

+

The type field is invalid.

+

Check whether the value of type is correct.

+

400

+

IAM.1006

+

The custom policy does not need a catalog.

+

Custom policies cannot contain the catalog field.

+

Delete the catalog field.

+

400

+

IAM.1007

+

The custom policy does not need a flag.

+

Custom policies cannot contain the flag field.

+

Delete the flag field.

+

400

+

IAM.1008

+

The custom policy does not need a name.

+

Custom policies cannot contain the name field.

+

Delete the name field.

+

400

+

IAM.1009

+

The type of a custom policy must be 'AX' or 'XA'.

+

The type of a custom policy can only be AX or XA.

+

Change the value of the type field to AX or XA.

+

400

+

IAM.1010

+

The catalog must be a string.

+

The value of the catalog field must be a character string.

+

Check whether the value of catalog is correct.

+

400

+

IAM.1011

+

The length [input length] of the catalog exceeds 64 characters.

+

The catalog field cannot exceed 64 characters.

+

Check the length of the catalog field.

+

400

+

IAM.1012

+

Invalid catalog.

+

The catalog field is invalid.

+

Check whether the value of catalog is correct.

+

400

+

IAM.1013

+

The flag must be a string.

+

The value of the flag field must be a character string.

+

Check whether the value of flag is correct.

+

400

+

IAM.1014

+

The value of the flag must be 'fine_grained'.

+

The value of flag is not fine_grained.

+

Change the value of flag to fine_grained.

+

400

+

IAM.1015

+

The name must be a string and cannot be left blank or contain spaces.

+

The name field is empty.

+

Specify the name field for system-defined roles.

+

400

+

IAM.1016

+

The length of the name [input name] cannot exceed 64 characters.

+

The value of name cannot exceed 64 characters.

+

Check whether the value of name is correct.

+

400

+

IAM.1017

+

Invalid name.

+

The name field is invalid.

+

Check whether the value of name is correct.

+

400

+

IAM.1018

+

Invalid description.

+

The description field is invalid.

+

Check whether the value of description is correct.

+

400

+

IAM.1019

+

Invalid description_cn.

+

The description_cn field is invalid.

+

Check whether the value of description_cn is correct.

+

400

+

IAM.1020

+

The policy must be a JSONObject.

+

The policy object is missing.

+

Check whether the request body contains the policy object.

+

400

+

IAM.1021

+

The size [input policySize] of the policy exceeds 6,144 characters.

+

The policy object contains more than 6144 characters.

+

Check the length of the policy object.

+

400

+

IAM.1022

+

The length [input id length] of the ID exceeds 128 characters.

+

The id field contains more than 128 characters.

+

Check the length of the id field.

+

400

+

IAM.1023

+

Invalid ID '[input id]'.

+

The id field of the policy is invalid.

+

Check whether the value of id is correct.

+

400

+

IAM.1024

+

The version of a fine-grained policy must be '1.1'.

+

The version of the fine-grained policy is not 1.1.

+

Change the value of version to 1.1.

+

400

+

IAM.1025

+

Fine-grained policies do not need depends.

+

The fine-grained policy contains the depends field.

+

Delete the depends field.

+

400

+

IAM.1026

+

The version of an RBAC policy must be '1.0' or '1.1'.

+

The version of an RBAC policy can only be 1.0 or 1.1.

+

Change the value of version to 1.0 or 1.1.

+

400

+

IAM.1027

+

The Statement/Rules must be a JSONArray.

+

The statement field is not a JSON array.

+

Check whether a JSON array statement exists.

+

400

+

IAM.1028

+

The number of statements [input statement size] must be greater than 0 and less than or equal to 8.

+

The policy does not contain any statements or contains more than 8 statements.

+

Ensure that the policy contains 1 to 8 statements.

+

400

+

IAM.1029

+

The value of Effect must be 'allow' or 'deny'.

+

The value of effect can only be allow or deny.

+

Set the effect field to allow or deny.

+

400

+

IAM.1030

+

The Action or NotAction must be a JSONArray.

+

The action or notAction field is invalid.

+

Check whether the value of action is correct.

+

400

+

IAM.1031

+

The Action and NotAction cannot be set at the same time in a statement.

+

The action and notAction fields cannot exist at the same time.

+

Delete the action or notAction field.

+

400

+

IAM.1032

+

The OCP NotAction cannot be 'allow'.

+

The notAction field cannot be allow for organization control policies (OCPs).

+

Specify the notAction field as deny for OCP policies.

+

400

+

IAM.1033

+

The number of actions [input action size] exceeds 100.

+

The number of actions exceeds 100.

+

Ensure that the number of actions does not exceed 100.

+

400

+

IAM.1034

+

The length [input urn length] of an action URN exceeds 128 characters.

+

An action contains more than 128 characters.

+

Ensure that each action does not exceed 128 characters.

+

400

+

IAM.1035

+

Action URN '[input urn]' contains invalid characters.

+

The action contains invalid characters.

+

Check whether the value of action is correct.

+

400

+

IAM.1036

+

Action '[input action]' has not been registered.

+

The action has not been registered.

+

Register the action using APIs of the registration center.

+

400

+

IAM.1037

+

The number of resource URIs [input Resource uri size ] must be greater than 0 and less than or equal to 20.

+

Only 1 to 20 resources are allowed.

+

Check the number of resources.

+

400

+

IAM.1038

+

Resource URI '[input resource uri]' is invalid. Old resources only support agencies.

+

The resource URI is invalid.

+

Check whether each resource URI is correct.

+

400

+

IAM.1039

+

Old policies do not support conditions.

+

Old policies cannot contain the condition field.

+

Delete the condition field or use the new policy format.

+

400

+

IAM.1040

+

The number of resources [input Resource size] must be greater than 0 and less than or equal to 10.

+

Only 1 to 10 resource URIs are allowed.

+

Check the number of URIs of each resource object.

+

400

+

IAM.1041

+

The resource URI cannot be left blank or contain spaces.

+

A resource URI is empty.

+

Check whether each resource URI is correct.

+

400

+

IAM.1042

+

The length [input uri length] of a resource URI exceeds 1,500 characters.

+

A resource URI contains more than 1500 characters.

+

Check the length of each resource URI.

+

400

+

IAM.1043

+

A region must be specified.

+

A region must be specified.

+

Specify a region in the resource URI.

+

400

+

IAM.1044

+

Region '[input resource region ]' of resource '[input resource]' is invalid.

+

The region field is invalid.

+

Check whether the value of region is correct.

+

400

+

IAM.1045

+

Resource URI '[input resource uri]' or service '[input resource split]' is invalid.

+

The service name in the resource URI is invalid.

+

Check whether the service name is correct or register the service first.

+

400

+

IAM.1046

+

Resource URI '[input resource]' or resource type '[input resource split]' is invalid.

+

The resource type in the resource URI is invalid.

+

Check whether the resource type is correct or register the resource type first.

+

400

+

IAM.1047

+

Resource URI '[input resource uri]' contains invalid characters.

+

The resource URI is invalid.

+

Check whether the resource URI is correct.

+

400

+

IAM.1048

+

Resource URI '[input resource uri]' is too long or contains invalid characters.

+

The resource URI contains invalid characters.

+

Check whether the id field contains invalid characters.

+

400

+

IAM.1049

+

The Resource must be a JSONObject or JSONArray.

+

The resource object is missing.

+

Check whether the resource object is a JSON array.

+

400

+

IAM.1050

+

The number of conditions [input condition size] must be greater than 0 and less than or equal to 10.

+

Only 1 to 10 conditions are allowed.

+

Specify at least one condition or delete unused conditions.

+

400

+

IAM.1051

+

The values of Operator '[input operator]' cannot be null.

+

No operator is specified.

+

Enter a correct operator.

+

400

+

IAM.1052

+

Invalid Attribute '[input attribute ]'.

+

The attribute is invalid.

+

Check the attribute value.

+

400

+

IAM.1053

+

Attribute '[input attribute]' must be a JSONArray.

+

The attribute is not a JSON array.

+

Check whether the attribute object is a JSON array.

+

400

+

IAM.1054

+

The number [input attribute size ] of attributes '[input attribute]' for operator '[input operator]' must be greater than 0 and less than or equal to 10.

+

Each operator can only be used together with 1 to 10 attributes.

+

Check whether the number of attributes for each operator is correct.

+

400

+

IAM.1055

+

Attribute '[input attribute ]' does not match operator '[input operator]'.

+

The attribute does not match the operator.

+

Check whether the attribute and operator match.

+

400

+

IAM.1056

+

The length [condition length] of attribute '[input attribute]' for operator '[input operator]' must be greater than 0 and less than or equal to 1024 characters.

+

Each condition can contain only 1 to 1024 characters.

+

Check the total length of the condition object.

+

400

+

IAM.1057

+

Value [input condition] of attribute [input attributes] for operator [input operator] contains invalid characters.

+

The condition field contains invalid characters.

+

Check whether the condition field contains invalid characters.

+

400

+

IAM.1058

+

The number of depends [input policyDepends size] exceeds 20.

+

The number of dependent permissions exceeds 20.

+

Delete excessive dependent permissions.

+

400

+

IAM.1059

+

Invalid key '{}'.

+

The policy contains an invalid key.

+

Modify or delete the invalid key in the policy request body.

+

400

+

IAM.1060

+

The value of key '{}' must be a string.

+

The value of this field must be a character string.

+

Change the values of display_name and name to character strings.

+

400

+

IAM.1061

+

Invalid TOTP passcode.

+

The authentication key is invalid.

+

Check the request or contact technical support.

+

400

+

IAM.1062

+

Login protection has been bound to mfa, the unbinding operation cannot be performed.

+

Login protection has been enabled and requires virtual MFA device based verification. You cannot unbind the virtual MFA device.

+

Check the request or contact technical support.

+

400

+

IAM.1101

+

The request body size %s is invalid.

+

The size of the request body does not meet the requirements.

+

Check whether the request body is empty or larger than 32 KB.

+

400

+

IAM.1102

+

The %s in the request body is invalid.

+

The value in the request body is incorrect.

+

Check the attribute value in the request body by referring to the API Reference.

+

400

+

IAM.1103

+

The %s is required in the request body.

+

The parameter is required but not specified in the request body.

+

Check the request body by referring to the API Reference.

+

400

+

IAM.1104

+

The access key %s is in the blacklist.

+

The AK in the request has been blacklisted.

+

Check whether the AK exists.

+

400

+

IAM.1105

+

The access key %s has expired.

+

The AK in the request has expired.

+

Create a new access key.

+

400

+

IAM.1106

+

The user %s with access key %s cannot be found.

+

The AK does not have matching user information.

+

Check whether the user or agency corresponding to the AK exists.

+

400

+

IAM.1107

+

The access key %s is inactive.

+

The AK in the request has been disabled.

+

Enable the AK.

+

400

+

IAM.1108

+

The securitytoken has expired.

+

The temporary access key has expired.

+

Obtain a new temporary access key.

+

400

+

IAM.1109

+

The project information cannot be found.

+

No project information can be found.

+

Check whether the project specified in the request body or token exists. If the fault persists, contact technical support.

+

401

+

IAM.0001

+

The request you have made requires authentication.

+

Authentication failed.

+

Complete or check the authentication information.

+

401

+

IAM.0061

+

Account locked.

+

The user has been locked.

+

Wait until the user is unlocked.

+

401

+

IAM.0062

+

Incorrect password.

+

Incorrect password.

+

Enter the correct password.

+

401

+

IAM.0063

+

Access token authentication failed.

+

Access token authentication failed.

+

Contact technical support.

+

401

+

IAM.0064

+

The access token does not have permissions for the request.

+

The IAM user does not have the required permissions.

+

Check the permissions of the IAM user.

+

401

+

IAM.0066

+

The token has expired.

+

The token has expired.

+

Use a valid token.

+

401

+

IAM.0067

+

Invalid token.

+

Invalid token.

+

Enter a valid token.

+

403

+

IAM.0002

+

You are not authorized to perform the requested action.

+

You do not have permission to perform this action.

+

Check whether you have been granted the permissions required to perform this action.

+

403

+

IAM.0003

+

Policy doesn't allow %(actions)s to be performed.

+

The action is not allowed in the policy.

+

Check whether the action is allowed in the policy.

+

403

+

IAM.0080

+

The user %s with access key %s is disabled.

+

The user corresponding to the AK has been disabled.

+

Contact the security administrator of the user.

+

403

+

IAM.0081

+

This user only supports console access, not programmatic access.

+

The user only has access to the management console.

+

Contact the security administrator of the user to change the user's access type.

+

403

+

IAM.0082

+

The user %s is disabled.

+

The user is disabled.

+

Contact the security administrator of the user.

+

403

+

IAM.0083

+

You do not have permission to access the private region %s.

+

You do not have permission to access private regions.

+

Select another region or contact the private region administrator.

+

404

+

IAM.0004

+

Could not find %(target)s: %(target_id)s.

+

The requested resource cannot be found.

+

Check the request or contact technical support.

+

409

+

IAM.0005

+

Conflict occurred when attempting to store %(type)s - %(details)s.

+

A conflict occurs when the requested resource is saved.

+

Check the request or contact technical support.

+

410

+

IAM.0020

+

Original auth failover to other regions, please auth downgrade

+

The Auth service in the original region is faulty and has switched to another region.

+

The system will automatically downgrade the authentication. No action is required.

+

429

+

IAM.0012

+

The throttling threshold has been reached. Threshold: %d times per %d seconds

+

The throttling threshold has been reached.

+

Check the request or contact technical support.

+

500

+

IAM.0006

+

An unexpected error prevented the server from fulfilling your request.

+

A system error occurred.

+

Contact technical support.

+
+
+
+
+
+
Parent topic: Appendix
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0007.html b/docs/iam/api-ref/iam_02_0007.html new file mode 100644 index 00000000..fbfb4442 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0007.html @@ -0,0 +1,181 @@ + + +

Querying the Password Strength Policy

+

Function

This API is used to query the password strength policy, including its regular expression and description.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Tenant Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0008.html b/docs/iam/api-ref/iam_02_0008.html new file mode 100644 index 00000000..f2adf629 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0008.html @@ -0,0 +1,93 @@ + + +

Making an API Request

+

This section describes the structure of a REST API request, and uses the IAM API for obtaining a user token (see Obtaining a User Token) as an example to demonstrate how to call an API. The obtained token can then be used to authenticate the calling of other APIs.

+

Request URI

A request URI is in the following format:

+

{URI-scheme} :// {Endpoint} / {resource-path} ? {query-string}

+ +
+ + + + + + + + + + + + + + + + +
Table 1 Parameter description

Parameter

+

Description

+

URI-scheme

+

Protocol used to transmit requests. All APIs use HTTPS.

+

Endpoint

+

Domain name or IP address of the server bearing the REST service. The endpoint varies between services in different regions.

+

resource-path

+

Access path of an API for performing a specified operation. Obtain the path from the URI of an API. For example, the resource-path of the API used to obtain a user token is /v3/auth/tokens.

+

query-string

+

Query parameter, which is optional. Ensure that a question mark (?) is included before each query parameter that is in the format of "Parameter name=Parameter value". For example, ?limit=10 indicates that a maximum of 10 data records will be displayed.

+
+
+
+

To simplify the URI display in this document, each API is provided only with a resource-path and a request method. The URI-scheme of all APIs is HTTPS, and the endpoints of all APIs in the same region are identical.

+
+
+

Request Methods

The HTTP protocol defines the following request methods that can be used to send a request to the server:

+ +

For example, in the case of the API used to obtain a user token (Obtaining a User Token), the request method is POST. The request is as follows:

+
+
+

Request Header

You can also add additional header fields to a request, such as the fields required by a specified URI or HTTP method. For example, to request for the authentication information, add Content-Type, which specifies the request body type.

+

Common request header fields are as follows:

+ +

The API used to obtain a user token (Obtaining a User Token) does not require authentication. Therefore, only the Content-Type field needs to be added to requests for calling the API. An example of such requests is as follows:

+
Content-Type: application/json
+
+

(Optional) Request Body

The body of a request is often sent in a structured format as specified in the Content-Type header field. The request body transfers content except the request header.

+

The request body varies between APIs. Some APIs do not require the request body, such as the APIs requested using the GET and DELETE methods.

+

In the case of the API used to obtain a user token (Obtaining a User Token), the request parameters and parameter description can be obtained from the API request. The following provides an example request with a body included. Replace username, domianname, ******** (login password), and xxxxxxxxxxxxxxxxxx (project ID) with the actual values. If you obtain a token using an account, ensure that you set username and domianname to the same value.

+

The scope parameter specifies where a token takes effect. You can set scope to an account or a project under the account. In the following example, the token takes effect only for the resources in a specified project. For more information about this API, see Obtaining a User Token.

+
+
Content-Type: application/json
+
+{
+    "auth": {
+        "identity": {
+            "methods": [
+                "password"
+            ],
+            "password": {
+                "user": {
+                    "name": "username",
+                    "password": "********",
+                    "domain": {
+                        "name": "domianname"
+                    }
+                }
+            }
+        },
+        "scope": {
+            "project": {
+                "id": "xxxxxxxxxxxxxxxxxx"
+            }
+        }
+    }
+}
+

If all data required for the API request is available, you can send the request to call the API through curl, Postman, or coding. In the response to the API used to obtain a user token (Obtaining a User Token), x-subject-token is the desired user token. This token can then be used to authenticate the calling of other APIs.

+
+
+
+
+
Parent topic: Calling APIs
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0010.html b/docs/iam/api-ref/iam_02_0010.html new file mode 100644 index 00000000..ef2e446a --- /dev/null +++ b/docs/iam/api-ref/iam_02_0010.html @@ -0,0 +1,27 @@ + + +

Custom Policy Management

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0011.html b/docs/iam/api-ref/iam_02_0011.html new file mode 100644 index 00000000..5e5d0c85 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0011.html @@ -0,0 +1,486 @@ + + +

Listing Custom Policies

+

Function

This API is provided for the administrator to list all custom policies.

+

The API can be called using both the global endpoint and region-specific endpoints.

+
+

URI

GET /v3.0/OS-ROLE/roles

+
+ +
+ + + + + + + + + + + + + + + + +
Table 1 Query parameters

Parameter

+

Mandatory

+

Type

+

Description

+

page

+

No

+

Integer

+

Page number for pagination query. The minimum value is 1. This parameter must be used together with per_page.

+

per_page

+

No

+

Integer

+

Number of data records to be displayed on each page. The value ranges from 1 to 300. This parameter must be used together with page.

+
+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

+
+ + + + + + + + + + + + + + + + + +
Table 3 Parameters in the response body

Parameter

+

Type

+

Description

+

links

+

Object

+

Resource link information.

+

roles

+

Array of objects

+

Custom policy information.

+

total_number

+

Integer

+

Total number of custom policies returned.

+
+
+ +
+ + + + + + + + + + + + + + + + + +
Table 4 links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+

previous

+

String

+

Previous resource link.

+

next

+

String

+

Next resource link.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 5 roles

Parameter

+

Type

+

Description

+

domain_id

+

String

+

ID of the domain to which the custom policy belongs.

+

references

+

Integer

+

Number of references.

+

updated_time

+

String

+

Time when the custom policy was last updated.

+

created_time

+

String

+

Time when the custom policy was created.

+

description_cn

+

String

+

Description of the custom policy.

+

catalog

+

String

+

Service catalog.

+

name

+

String

+

Name of the custom policy.

+

description

+

String

+

Description of the custom policy.

+

links

+

Object

+

Resource link of the custom policy.

+

id

+

String

+

Policy ID.

+

display_name

+

String

+

Display name of the custom policy.

+

type

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

policy

+

Object

+

Content of custom policy.

+
+
+ +
+ + + + + + + + + +
Table 6 roles.links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+
+
+ +
+ + + + + + + + + + + + + +
Table 7 roles.policy

Parameter

+

Type

+

Description

+

Version

+

String

+

Policy version.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Table 8 roles.policy.Statement

Parameter

+

Type

+

Description

+

Action

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].
+
+

Effect

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Condition

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+

Resource

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
  • In the case of a custom policy for agencies, the type of this parameter is Object, and the value should be set to "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}.
+
+
+
+ +
+ + + + + + + + + +
Table 9 roles.policy.Statement.Condition

Parameter

+

Type

+

Description

+

operator

+

Object

+

Operator, for example, Bool and StringEquals.

+

The parameter type is custom object.

+
+
+ +
+ + + + + + + + + +
Table 10 roles.policy.Statement.Condition.operator

Parameter

+

Type

+

Description

+

attribute

+

Array of strings

+

Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.

+

The parameter type is custom character string array.

+
+
+
+

Example Request

GET https://sample.domain.com/v3.0/OS-ROLE/roles
+
+

Example Response

Status code: 200

+

The request is successful.

+
{
+  "roles" : [ {
+    "domain_id" : "d78cbac186b744899480f25bd022f...",
+    "updated_time" : "1579229246886",
+    "created_time" : "1579229246886",
+    "description_cn" : "Description in Chinese",
+    "catalog" : "CUSTOMED",
+    "name" : "custom_d78cbac186b744899480f25bd022f468_1",
+    "description" : "IAMDescription",
+    "links" : {
+      "self" : "https://sample.domain.com/v3/roles/93879fd90f1046f69e6e0b31c94d2..."
+    },
+    "id" : "93879fd90f1046f69e6e0b31c94d2...",
+    "display_name" : "IAMCloudServicePolicy",
+    "type" : "AX",
+    "policy" : {
+      "Version" : "1.1",
+      "Statement" : [ {
+        "Condition" : {
+          "StringStartWith" : {
+            "g:ProjectName" : [ "AZ-1" ]
+          }
+        },
+        "Action" : [ "obs:bucket:GetBucketAcl" ],
+        "Resource" : [ "obs:*:*:bucket:*" ],
+        "Effect" : "Allow"
+      } ]
+    }
+  }, {
+    "domain_id" : "d78cbac186b744899480f25bd022f...",
+    "updated_time" : "1579229242358",
+    "created_time" : "1579229242358",
+    "description_cn" : "Description in Chinese",
+    "catalog" : "CUSTOMED",
+    "name" : "custom_d78cbac186b744899480f25bd022f468_0",
+    "description" : "IAMDescription",
+    "links" : {
+      "self" : "https://sample.domain.com/v3/roles/f67224e84dc849ab954ce29fb4f47..."
+    },
+    "id" : "f67224e84dc849ab954ce29fb4f473...",
+    "display_name" : "IAMAgencyPolicy",
+    "type" : "AX",
+    "policy" : {
+      "Version" : "1.1",
+      "Statement" : [ {
+        "Action" : [ "iam:agencies:assume" ],
+        "Resource" : {
+          "uri" : [ "/iam/agencies/07805acaba800fdd4fbdc00b8f888..." ]
+        },
+        "Effect" : "Allow"
+      } ]
+    }
+  } ],
+  "links" : {
+    "next" : null,
+    "previous" : null,
+    "self" : "https://sample.domain.com/v3/roles?domain_id=d78cbac186b744899480f25bd022f..."
+  },
+  "total_number" : 300
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+

Error Codes

None

+
+
+
+
+
Parent topic: Custom Policy Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0012.html b/docs/iam/api-ref/iam_02_0012.html new file mode 100644 index 00000000..7fce0193 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0012.html @@ -0,0 +1,409 @@ + + +

Querying Custom Policy Details

+

Function

This API is provided for the administrator to query custom policy details.

+

The API can be called using both the global endpoint and region-specific endpoints.

+
+

URI

GET /v3.0/OS-ROLE/roles/{role_id}

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

role_id

+

Yes

+

String

+

Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 3 Parameters in the response body

Parameter

+

Type

+

Description

+

role

+

Object

+

Custom policy information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 role

Parameter

+

Type

+

Description

+

domain_id

+

String

+

Domain ID.

+

references

+

Integer

+

Number of references.

+

updated_time

+

String

+

Time when the custom policy was last updated.

+

created_time

+

String

+

Time when the custom policy was created.

+

description_cn

+

String

+

Description of the custom policy.

+

catalog

+

String

+

Service catalog.

+

name

+

String

+

Name of the custom policy.

+

description

+

String

+

Description of the custom policy.

+

links

+

Object

+

Resource link of the custom policy.

+

id

+

String

+

Policy ID.

+

display_name

+

String

+

Display name of the custom policy.

+

type

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

policy

+

Object

+

Content of custom policy.

+
+
+ +
+ + + + + + + + + +
Table 5 role.links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+
+
+ +
+ + + + + + + + + + + + + +
Table 6 role.policy

Parameter

+

Type

+

Description

+

Version

+

String

+

Policy version.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Table 7 role.policy.Statement

Parameter

+

Type

+

Description

+

Action

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].
+
+

Effect

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+

Resource

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
  • In the case of a custom policy for agencies, the type of this parameter is Object, and the value should be set to "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}.
+
+
+
+ +
+ + + + + + + + + +
Table 8 role.policy.Statement.Condition

Parameter

+

Type

+

Description

+

operator

+

Object

+

Operator, for example, Bool and StringEquals.

+
  • The parameter type is custom object.
+
+
+ +
+ + + + + + + + + +
Table 9 role.policy.Statement.Condition.operator

Parameter

+

Type

+

Description

+

attribute

+

Array of strings

+

Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.

+
  • The parameter type is custom character string array.
+
+
+
+

Example Request

GET https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles/{role_id}
+
+

Example Response

Status code: 200

+

The request is successful.

+
{
+    "role": {
+        "domain_id": "d78cbac186b744899480f25bd02...",
+        "references": 0,
+        "description_cn": "Policy description",
+        "catalog": "CUSTOMED",
+        "name": "custom_d78cbac186b744899480f25bd022f468_11",
+        "description": "IAMDescription",
+        "links": {
+            "self": "https://iam.eu-de.otc.t-systems.com/v3/roles/a24a71dcc41f4da989c2a1c900b52d1a"
+        },
+        "id": "a24a71dcc41f4da989c2a1c900b52d1a",
+        "display_name": "IAMCloudServicePolicy",
+        "type": "AX",
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Condition": {
+                        "StringStartWith": {
+                            "g:ProjectName": [
+                                "eu-de"
+                            ]
+                        }
+                    },
+                    "Action": [
+                        "obs:bucket:GetBucketAcl"
+                    ],
+                    "Resource": [
+                        "obs:*:*:bucket:*"
+                    ],
+                    "Effect": "Allow"
+                }
+            ]
+        }
+    }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+

Error Codes

None

+
+
+
+
+
Parent topic: Custom Policy Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0013.html b/docs/iam/api-ref/iam_02_0013.html new file mode 100644 index 00000000..4995cedc --- /dev/null +++ b/docs/iam/api-ref/iam_02_0013.html @@ -0,0 +1,563 @@ + + +

Creating a Custom Policy for Cloud Services

+

Function

This API is provided for the administrator to create a custom policy for cloud services.

+

The API can be called using both the global endpoint and region-specific endpoints.

+
+

URI

POST /v3.0/OS-ROLE/roles

+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 1 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+ +
+ + + + + + + + + + + +
Table 2 Parameters in the request body

Parameter

+

Mandatory

+

Type

+

Description

+

role

+

Yes

+

Object

+

Custom policy information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 3 role

Parameter

+

Mandatory

+

Type

+

Description

+

display_name

+

Yes

+

String

+

Display name of the custom policy.

+

type

+

Yes

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

description

+

Yes

+

String

+

Description of the custom policy.

+

description_cn

+

No

+

String

+

Description of the custom policy.

+

policy

+

Yes

+

Object

+

Content of custom policy.

+
+
+ +
+ + + + + + + + + + + + + + + + +
Table 4 role.policy

Parameter

+

Mandatory

+

Type

+

Description

+

Version

+

Yes

+

String

+

Policy version. When creating a custom policy, set this parameter to 1.1.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Yes

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 5 role.policy.Statement

Parameter

+

Mandatory

+

Type

+

Description

+

Action

+

Yes

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
+
+

Effect

+

Yes

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

No

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+
NOTE:

Take the condition in the sample request as an example, the condition key (obs:prefix) and the string (public) must be equal (StringEquals).

+
 "Condition": {
+              "StringEquals": {
+                "obs:prefix": [
+                  "public"
+                ]
+              }
+            }
+
+

Resource

+

No

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
+
+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 6 Parameters in the response body

Parameter

+

Type

+

Description

+

role

+

Object

+

Custom policy information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 7 role

Parameter

+

Type

+

Description

+

catalog

+

String

+

Service catalog.

+

display_name

+

String

+

Display name of the custom policy.

+

description

+

String

+

Description of the custom policy.

+

links

+

Object

+

Resource link of the custom policy.

+

policy

+

Object

+

Content of custom policy.

+

description_cn

+

String

+

Description of the custom policy.

+

domain_id

+

String

+

Domain ID.

+

type

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

id

+

String

+

Policy ID.

+

name

+

String

+

Name of the custom policy.

+

updated_time

+

String

+

Time when the custom policy was last updated.

+

created_time

+

String

+

Time when the custom policy was created.

+

references

+

String

+

Number of references.

+
+
+ +
+ + + + + + + + + +
Table 8 role.links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+
+
+ +
+ + + + + + + + + + + + + +
Table 9 role.policy

Parameter

+

Type

+

Description

+

Version

+

String

+

Policy version.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Table 10 role.policy.Statement

Parameter

+

Type

+

Description

+

Action

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
+
+

Effect

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

Map<String,Map<String,Array<String>>>

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+
NOTE:

Take the condition in the sample request as an example, the condition key (obs:prefix) and the string (public) must be equal (StringEquals).

+
 "Condition": {
+              "StringEquals": {
+                "obs:prefix": [
+                  "public"
+                ]
+              }
+            }
+
+

Resource

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
+
+
+
+
+

Example Request

POST https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles
+
{
+    "role": {
+        "display_name": "IAMCloudServicePolicy",
+        "type": "AX",
+        "description": "IAMDescription",
+        "description_cn": "Policy description",
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": [
+                        "obs:bucket:GetBucketAcl"
+                    ],
+                    "Condition": {
+                        "StringStartWith": {
+                            "g:ProjectName": [
+                                "eu-de"
+                            ]
+                        }
+                    },
+                }
+            ]
+        }
+    }
+}
+
+

Example Response

Status code: 201

+

The request is successful.

+
{
+    "role": {
+        "catalog": "CUSTOMED",
+        "display_name": "IAMCloudServicePolicy",
+        "description": "IAMDescription",
+        "links": {
+            "self": "https://iam.eu-de.otc.t-systems.com/v3/roles/93879fd90f1046f69e6e0b31c94d2..."
+        },
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Action": [
+                        "obs:bucket:GetBucketAcl"
+                    ],
+                    "Resource": [
+                        "obs:*:*:bucket:*"
+                    ],
+                    "Effect": "Allow",
+                    "Condition": {
+                        "StringStartWith": {
+                            "g:ProjectName": [
+                                "eu-de"
+                            ]
+                        }
+                    }
+                }
+            ]
+        },
+        "description_cn": "Policy description",
+        "domain_id": "d78cbac186b744899480f25bd...",
+        "type": "AX",
+        "id": "93879fd90f1046f69e6e0b31c9...",
+        "name": "custom_d78cbac186b744899480f25bd022f468_1"
+    }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

201

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+

Error Codes

None

+
+
+
+
+
Parent topic: Custom Policy Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0014.html b/docs/iam/api-ref/iam_02_0014.html new file mode 100644 index 00000000..29a26784 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0014.html @@ -0,0 +1,664 @@ + + +

Modifying a Custom Policy for Cloud Services

+

Function

This API is provided for the administrator to modify a custom policy for cloud services.

+

The API can be called using both the global endpoint and region-specific endpoints.

+
+

URI

PATCH /v3.0/OS-ROLE/roles/{role_id}

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

role_id

+

Yes

+

String

+

Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+ +
+ + + + + + + + + + + +
Table 3 Parameters in the request body

Parameter

+

Mandatory

+

Type

+

Description

+

role

+

Yes

+

Object

+

Custom policy information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 role

Parameter

+

Mandatory

+

Type

+

Description

+

display_name

+

Yes

+

String

+

Display name of the custom policy.

+

type

+

Yes

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

description

+

Yes

+

String

+

Description of the custom policy.

+

description_cn

+

No

+

String

+

Description of the custom policy.

+

policy

+

Yes

+

Object

+

Content of custom policy.

+
+
+ +
+ + + + + + + + + + + + + + + + +
Table 5 role.policy

Parameter

+

Mandatory

+

Type

+

Description

+

Version

+

Yes

+

String

+

Policy version. When creating a custom policy, set this parameter to 1.1.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Yes

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 6 role.policy.Statement

Parameter

+

Mandatory

+

Type

+

Description

+

Action

+

Yes

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
+
+

Effect

+

Yes

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

No

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+

Resource

+

No

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
+
+
+
+ +
+ + + + + + + + + + + +
Table 7 role.policy.Statement.Condition

Parameter

+

Mandatory

+

Type

+

Description

+

<operator>

+

No

+

Object

+

Operator, for example, Bool and StringEquals.

+
  • The parameter type is custom object.
+
+
+ +
+ + + + + + + + + + + +
Table 8 role.policy.Statement.Condition.<operator>

Parameter

+

Mandatory

+

Type

+

Description

+

<attribute>

+

No

+

Array of strings

+

Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.

+
  • The parameter type is custom character string array.
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 9 Parameters in the response body

Parameter

+

Type

+

Description

+

role

+

Object

+

Custom policy information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 10 role

Parameter

+

Type

+

Description

+

catalog

+

String

+

Service catalog.

+

display_name

+

String

+

Display name of the custom policy.

+

description

+

String

+

Description of the custom policy.

+

links

+

Object

+

Resource link of the custom policy.

+

policy

+

Object

+

Content of custom policy.

+

description_cn

+

String

+

Description of the custom policy.

+

domain_id

+

String

+

Domain ID.

+

type

+

String

+

Display mode.

+
NOTE:
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.
+
+

id

+

String

+

Policy ID.

+

name

+

String

+

Name of the custom policy.

+

updated_time

+

String

+

Time when the custom policy was last updated.

+

created_time

+

String

+

Time when the custom policy was created.

+

references

+

String

+

Number of references.

+
+
+ +
+ + + + + + + + + +
Table 11 role.links

Parameter

+

Type

+

Description

+

self

+

String

+

Resource link.

+
+
+ +
+ + + + + + + + + + + + + +
Table 12 role.policy

Parameter

+

Type

+

Description

+

Version

+

String

+

Policy version.

+
NOTE:
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.
+
+

Statement

+

Array of objects

+

Statement of the policy. A policy can contain a maximum of eight statements.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + +
Table 13 role.policy.Statement

Parameter

+

Type

+

Description

+

Action

+

Array of strings

+

Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
NOTE:
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
+
+

Effect

+

String

+

Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+

Options:

+
  • Allow
  • Deny
+

Condition

+

Object

+

Conditions for the permission to take effect. A maximum of 10 conditions are allowed.

+

Resource

+

Array of strings

+

Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
NOTE:
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
+
+
+
+ +
+ + + + + + + + + +
Table 14 role.policy.Statement.Condition

Parameter

+

Type

+

Description

+

operator

+

Object

+

Operator, for example, Bool and StringEquals.

+
  • The parameter type is custom object.
+
+
+ +
+ + + + + + + + + +
Table 15 role.policy.Statement.Condition.operator

Parameter

+

Type

+

Description

+

attribute

+

Array of strings

+

Condition key. The condition key must correspond to the specified operator. A maximum of 10 condition keys are allowed.

+
  • The parameter type is custom character string array.
+
+
+
+

Example Request

PATCH https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles/{role_id}
+
{
+    "role": {
+        "display_name": "IAMCloudServicePolicy",
+        "type": "AX",
+        "description": "IAMDescription",
+        "description_cn": "Policy description",
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": [
+                        "obs:bucket:GetBucketAcl"
+                    ],
+                    "Condition": {
+                        "StringStartWith": {
+                            "g:ProjectName": [
+                                "eu-de"
+                            ]
+                        }
+                    },
+                    "Resource": [
+                        "obs:*:*:bucket:*"
+                    ]
+                }
+            ]
+        }
+    }
+}
+
+

Example Response

Status code: 200

+

The request is successful.

+
{
+    "role": {
+        "catalog": "CUSTOMED",
+        "display_name": "IAMCloudServicePolicy",
+        "description": "IAMDescription",
+        "links": {
+            "self": "https://iam.eu-de.otc.t-systems.com/v3/roles/93879fd90f1046f69e6e0b31c94d2615"
+        },
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Action": [
+                        "obs:bucket:GetBucketAcl"
+                    ],
+                    "Resource": [
+                        "obs:*:*:bucket:*"
+                    ],
+                    "Effect": "Allow",
+                    "Condition": {
+                        "StringStartWith": {
+                            "g:ProjectName": [
+                                "eu-de"
+                            ]
+                        }
+                    }
+                }
+            ]
+        },
+        "description_cn": "Policy description",
+        "domain_id": "d78cbac186b744899480f25bd0...",
+        "type": "AX",
+        "id": "93879fd90f1046f69e6e0b31c94d2615",
+        "name": "custom_d78cbac186b744899480f25bd022f468_1"
+    }
+}
+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+

Error Codes

None

+
+
+
+
+
Parent topic: Custom Policy Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0015.html b/docs/iam/api-ref/iam_02_0015.html new file mode 100644 index 00000000..a14ff2ea --- /dev/null +++ b/docs/iam/api-ref/iam_02_0015.html @@ -0,0 +1,115 @@ + + +

Deleting a Custom Policy

+

Function

This API is provided for the administrator to delete a custom policy.

+

The API can be called using both the global endpoint and region-specific endpoints.

+
+

URI

DELETE /v3.0/OS-ROLE/roles/{role_id}

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

role_id

+

Yes

+

String

+

Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

Content-Type

+

Yes

+

String

+

Fill application/json;charset=utf8 in this field.

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

None

+
+

Example Request

DELETE https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles/{role_id}
+
+

Example Response

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The custom policy is deleted successfully.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+
+
+
+

Error Codes

None

+
+
+
+
+
Parent topic: Custom Policy Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0017.html b/docs/iam/api-ref/iam_02_0017.html new file mode 100644 index 00000000..42e68ac5 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0017.html @@ -0,0 +1,8 @@ + + +

API Usage Guidelines

+

Public cloud APIs comply with the RESTful API design principles. REST-based web services are organized into resources. Each resource is identified by one or more Uniform Resource Identifiers (URIs). An application accesses a resource based on the resource's Unified Resource Locator (URL). A URL is usually in the following format: https://Endpoint/uri. In the URL, uri indicates the resource path, that is, the API access path.

+

Public cloud APIs use HTTPS as the transmission protocol. Requests/Responses are transmitted by using JSON messages, with media type represented by Application/json.

+

For details about how to use APIs, see API Usage Guidelines.

+
+ diff --git a/docs/iam/api-ref/iam_02_0020.html b/docs/iam/api-ref/iam_02_0020.html new file mode 100644 index 00000000..997390df --- /dev/null +++ b/docs/iam/api-ref/iam_02_0020.html @@ -0,0 +1,21 @@ + + +

Security Settings

+
+
+ + +
+
Parent topic: APIs
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0023.html b/docs/iam/api-ref/iam_02_0023.html new file mode 100644 index 00000000..56073b76 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0023.html @@ -0,0 +1,334 @@ + + +

Modifying the Password Policy

+

Function

This API is provided for the administrator to modify the password policy.

+
+

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

domain_id

+

Yes

+

String

+

Domain ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+ +
+ + + + + + + + + + + +
Table 3 Parameters in the request body

Parameter

+

Mandatory

+

Type

+

Description

+

password_policy

+

Yes

+

object

+

Password policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 password_policy

Parameter

+

Mandatory

+

Type

+

Description

+

maximum_consecutive_identical_chars

+

No

+

Integer

+

Maximum number of times that a character is allowed to consecutively present in a password. Value range: 0–32.

+

minimum_password_age

+

No

+

Integer

+

Minimum period (minutes) after which users are allowed to make a password change. Value range: 0–1440.

+

minimum_password_length

+

No

+

Integer

+

Minimum number of characters that a password must contain. Value range: 6–32.

+

number_of_recent_passwords_disallowed

+

No

+

Integer

+

Number of previously used passwords that are not allowed. Value range: 0–10.

+

password_not_username_or_invert

+

No

+

Boolean

+

Indicates whether the password can be the username or the username spelled backwards.

+

password_validity_period

+

No

+

Integer

+

Password validity period (days). Value range: 0–180. Value 0 indicates that this requirement does not apply.

+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 5 Parameters in the response body

Parameter

+

Type

+

Description

+

password_policy

+

object

+

Password policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 6 password_policy

Parameter

+

Type

+

Description

+

maximum_consecutive_identical_chars

+

Integer

+

Maximum number of times that a character is allowed to consecutively present in a password.

+

maximum_password_length

+

Integer

+

Maximum number of characters that a password can contain.

+

minimum_password_age

+

Integer

+

Minimum period (minutes) after which users are allowed to make a password change.

+

minimum_password_length

+

Integer

+

Minimum number of characters that a password must contain.

+

number_of_recent_passwords_disallowed

+

Integer

+

Number of previously used passwords that are not allowed.

+

password_not_username_or_invert

+

Boolean

+

Indicates whether the password can be the username or the username spelled backwards.

+

password_requirements

+

String

+

Characters that a password must contain.

+

password_validity_period

+

Integer

+

Password validity period (days).

+
+
+
+

Example Request

PUT https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password_policy 
+ 
+{ 
+  "password_policy" : { 
+    "minimum_password_length" : 6, 
+    "number_of_recent_passwords_disallowed" : 2, 
+    "minimum_password_age" : 20, 
+    "password_validity_period" : 60, 
+    "maximum_consecutive_identical_chars" : 3, 
+    "password_not_username_or_invert" : false 
+  } 
+}
+
+

Example Response

Status code: 200

+

The request is successful.

+
{ 
+  "password_policy" : { 
+    "password_requirements" : "A password must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters.", 
+    "minimum_password_age" : 20, 
+    "minimum_password_length" : 8, 
+    "maximum_password_length" : 32, 
+    "number_of_recent_passwords_disallowed" : 2, 
+    "password_validity_period" : 60, 
+    "maximum_consecutive_identical_chars" : 3, 
+    "password_not_username_or_invert" : true 
+  } 
+}
+
+

Status code: 400

+

The request body is abnormal.

+ +
{ 
+   "error_msg" : "'%(key)s' is a required property.", 
+   "error_code" : "IAM.0072" 
+ }
+ +
{ 
+   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
+   "error_code" : "IAM.0073" 
+ }
+

Status code: 403

+

Access denied.

+ +
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }
+ +
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }
+

Status code: 500

+

The system is abnormal.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The request body is abnormal.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

The system is abnormal.

+
+
+
+
+
+
+
Parent topic: Security Settings
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0024.html b/docs/iam/api-ref/iam_02_0024.html new file mode 100644 index 00000000..a8fa76f8 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0024.html @@ -0,0 +1,226 @@ + + +

Querying the Password Policy

+

Function

This API is used to query the password policy.

+
+

URI

GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

domain_id

+

Yes

+

String

+

Domain ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 3 Parameters in the response body

Parameter

+

Type

+

Description

+

password_policy

+

object

+

Password policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 password_policy

Parameter

+

Type

+

Description

+

maximum_consecutive_identical_chars

+

Integer

+

Maximum number of times that a character is allowed to consecutively present in a password.

+

maximum_password_length

+

Integer

+

Maximum number of characters that a password can contain.

+

minimum_password_age

+

Integer

+

Minimum period (minutes) after which users are allowed to make a password change.

+

minimum_password_length

+

Integer

+

Minimum number of characters that a password must contain.

+

number_of_recent_passwords_disallowed

+

Integer

+

Number of previously used passwords that are not allowed.

+

password_not_username_or_invert

+

Boolean

+

Indicates whether the password can be the username or the username spelled backwards.

+

password_requirements

+

String

+

Characters that a password must contain.

+

password_validity_period

+

Integer

+

Password validity period (days).

+
+
+
+

Example Request

GET https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy
+
+

Example Response

Status code: 200

+

The request is successful.

+
{ 
+  "password_policy" : { 
+    "password_requirements" : "A password must contain at least two of the following: uppercase letters, lowercase letters, digits, and special characters.", 
+    "minimum_password_age" : 20, 
+    "minimum_password_length" : 8, 
+    "maximum_password_length" : 32, 
+    "number_of_recent_passwords_disallowed" : 2, 
+    "password_validity_period" : 60, 
+    "maximum_consecutive_identical_chars" : 3, 
+    "password_not_username_or_invert" : true 
+  } 
+}
+
+

Status code: 403

+

Access denied.

+ +
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }
+ +
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }
+

Status code: 404

+

The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}
+

Status code: 500

+

Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Security Settings
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0025.html b/docs/iam/api-ref/iam_02_0025.html new file mode 100644 index 00000000..019d1fd1 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0025.html @@ -0,0 +1,330 @@ + + +

Modifying the Login Authentication Policy

+

Function

This API is provided for the administrator to modify the login authentication policy.

+
+

URI

PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

domain_id

+

Yes

+

String

+

Domain ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+ +
+ + + + + + + + + + + +
Table 3 Parameters in the request body

Parameter

+

Mandatory

+

Type

+

Description

+

login_policy

+

Yes

+

object

+

Login authentication policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 login_policy

Parameter

+

Mandatory

+

Type

+

Description

+

account_validity_period

+

No

+

Integer

+

Validity period (days) to disable users if they have not logged in within the period. Value range: 0–240. If this parameter is set to 0, no users will be disabled.

+

custom_info_for_login

+

No

+

String

+

Custom information that will be displayed upon successful login.

+

lockout_duration

+

No

+

Integer

+

Duration (minutes) to lock users out. Value range: 15–30.

+

login_failed_times

+

No

+

Integer

+

Number of unsuccessful login attempts to lock users out. Value range: 3–10.

+

period_with_login_failures

+

No

+

Integer

+

Period (minutes) to count the number of unsuccessful login attempts. Value range: 15–60.

+

session_timeout

+

No

+

Integer

+

Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period. Value range: 15–1440.

+

show_recent_login_info

+

No

+

Boolean

+

Indicates whether to display last login information upon successful login. The value can be true or false.

+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 5 Parameters in the response body

Parameter

+

Type

+

Description

+

login_policy

+

object

+

Login authentication policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 6 login_policy

Parameter

+

Type

+

Description

+

account_validity_period

+

Integer

+

Validity period (days) to disable users if they have not logged in within the period.

+

custom_info_for_login

+

String

+

Custom information that will be displayed upon successful login.

+

lockout_duration

+

Integer

+

Duration (minutes) to lock users out.

+

login_failed_times

+

Integer

+

Number of unsuccessful login attempts to lock users out.

+

period_with_login_failures

+

Integer

+

Period (minutes) to count the number of unsuccessful login attempts.

+

session_timeout

+

Integer

+

Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period.

+

show_recent_login_info

+

Boolean

+

Indicates whether to display last login information upon successful login.

+
+
+
+

Example Request

PUT https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy 
+ 
+{ 
+  "login_policy" : { 
+    "custom_info_for_login" : "", 
+    "period_with_login_failures" : 15, 
+    "lockout_duration" : 15, 
+    "account_validity_period" : 99, 
+    "login_failed_times" : 3, 
+    "session_timeout" : 16, 
+    "show_recent_login_info" : true 
+  } 
+}
+
+

Example Response

Status code: 200

+

The request is successful.

+
{ 
+  "login_policy" : { 
+    "custom_info_for_login" : "", 
+    "period_with_login_failures" : 15, 
+    "lockout_duration" : 15, 
+    "account_validity_period" : 99, 
+    "login_failed_times" : 3, 
+    "session_timeout" : 16, 
+    "show_recent_login_info" : true 
+  } 
+}
+
+

Status code: 400

+

The request body is abnormal.

+ +
{ 
+   "error_msg" : "'%(key)s' is a required property.", 
+   "error_code" : "IAM.0072" 
+ }
+ +
{ 
+   "error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.", 
+   "error_code" : "IAM.0073" 
+ }
+

Status code: 403

+

Access denied.

+
{ 
+  "error_msg" : "You are not authorized to perform the requested action.", 
+  "error_code" : "IAM.0002" 
+}
+

Status code: 500

+

The system is abnormal.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The request body is abnormal.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

The system is abnormal.

+
+
+
+
+
+
+
Parent topic: Security Settings
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0026.html b/docs/iam/api-ref/iam_02_0026.html new file mode 100644 index 00000000..28202122 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0026.html @@ -0,0 +1,218 @@ + + +

Querying the Login Authentication Policy

+

Function

This API is used to query the login authentication policy.

+
+

URI

GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy

+ +
+ + + + + + + + + + + +
Table 1 URI parameters

Parameter

+

Mandatory

+

Type

+

Description

+

domain_id

+

Yes

+

String

+

Domain ID.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + +
Table 2 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+

Token with Security Administrator permissions.

+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 3 Parameters in the response body

Parameter

+

Type

+

Description

+

login_policy

+

object

+

Login authentication policy.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 login_policy

Parameter

+

Type

+

Description

+

account_validity_period

+

Integer

+

Validity period (days) to disable users if they have not logged in within the period. Value range: 0–240. Validity period (days) to disable users if they have not logged in within the period If this parameter is set to 0, no users will be disabled.

+

custom_info_for_login

+

String

+

Custom information that will be displayed upon successful login.

+

lockout_duration

+

Integer

+

Duration (minutes) to lock users out.

+

login_failed_times

+

Integer

+

Number of unsuccessful login attempts to lock users out.

+

period_with_login_failures

+

Integer

+

Period (minutes) to count the number of unsuccessful login attempts.

+

session_timeout

+

Integer

+

Session timeout (minutes) that will apply if you or users created using your account do not perform any operations within a specific period.

+

show_recent_login_info

+

Boolean

+

Indicates whether to display last login information upon successful login.

+
+
+
+

Example Request

GET https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy
+
+

Example Response

Status code: 200

+

The request is successful.

+
{ 
+  "login_policy" : { 
+    "custom_info_for_login" : "", 
+    "period_with_login_failures" : 15, 
+    "lockout_duration" : 15, 
+    "account_validity_period" : 99, 
+    "login_failed_times" : 3, 
+    "session_timeout" : 16, 
+    "show_recent_login_info" : true 
+  } 
+}
+
+

Status code: 403

+

Access denied.

+ +
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }
+ +
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }
+

Status code: 404

+

The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}
+

Status code: 500

+

Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Security Settings
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0037.html b/docs/iam/api-ref/iam_02_0037.html new file mode 100644 index 00000000..b7897778 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0037.html @@ -0,0 +1,227 @@ + + +

Querying the Quotas of a Project

+

Function

This API is used to query the quotas of a specified project.

+
+

URI

+ +
+ + + + + + + + + + + +

Parameter

+

Mandatory

+

Type

+

Description

+

project_id

+

Yes

+

String

+

ID of the project to query quotas.

+
+
+
+

Request Parameters

+
+ + + + + + + + + + + +
Table 1 Parameters in the request header

Parameter

+

Mandatory

+

Type

+

Description

+

X-Auth-Token

+

Yes

+

String

+

Provide either of the following tokens:

+
  • Token with Security Administrator permissions
  • IAM user token with the scope specified as the project you want to query
+
+
+
+

Response Parameters

+
+ + + + + + + + + +
Table 2 Parameters in the response body

Parameter

+

Type

+

Description

+

quotas

+

object

+

Quota information of the domain.

+
+
+ +
+ + + + + + + + + +
Table 3 quotas

Parameter

+

Type

+

Description

+

resources

+

Array of objects

+

Resource information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Table 4 resources

Parameter

+

Type

+

Description

+

max

+

Integer

+

Maximum quota.

+

min

+

Integer

+

Minimum quota.

+

quota

+

Integer

+

Current quota.

+

type

+

String

+

Quota type.

+

used

+

Integer

+

Used quota.

+
+
+
+

Example Request

GET https://sample.domain.com/v3.0/OS-QUOTA/projects/{project_id}
+
+

Example Response

Status code: 200

+

The request is successful.

+
{ 
+  "quotas" : { 
+                "resources" : [ 
+                      { 
+                           "max" : 50, 
+                           "min" : 0, 
+                           "quota" : 10, 
+                           "type" : "project", 
+                           "used" : 4 
+                         } 
+                     ] 
+               } 
+}
+
+

Status code: 403

+

Access denied.

+ +
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }
+ +
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }
+

Status code: 404

+

The requested resource cannot be found.

+
{
+  "error_msg" : "Could not find %(target)s: %(target_id)s.",
+  "error_code" : "IAM.0004"
+}
+

Status code: 500

+

Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

500

+

Internal server error.

+
+
+
+
+
+
+
Parent topic: Project Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0046.html b/docs/iam/api-ref/iam_02_0046.html new file mode 100644 index 00000000..e623e96f --- /dev/null +++ b/docs/iam/api-ref/iam_02_0046.html @@ -0,0 +1,805 @@ + + +

Action List

+

Token Management

+
+ + + + + + + + + +

Permission

+

API

+

Action

+

Obtaining an Agency Token

+

POST /v3/auth/tokens

+

iam:tokens:assume

+
+
+
+

Access Key Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Listing Permanent Access Keys

+

GET /v3.0/OS-CREDENTIAL/credentials

+

iam:credentials:listCredentials

+

Querying a Permanent Access Key

+

GET /v3.0/OS-CREDENTIAL/credentials/{access_key}

+

iam:credentials:getCredential

+

Creating a Permanent Access Key

+

POST /v3.0/OS-CREDENTIAL/credentials

+

iam:credentials:createCredential

+

Modifying a Permanent Access Key

+

PUT /v3.0/OS-CREDENTIAL/credentials/{access_key}

+

iam:credentials:updateCredential

+

Deleting a Permanent Access Key

+

DELETE /v3.0/OS-CREDENTIAL/credentials/{access_key}

+

iam:credentials:deleteCredential

+
+
+
+

Virtual MFA Device Management

+
+ + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Unbinding a Virtual MFA Device

+

PUT /v3.0/OS-MFA/mfa-devices/unbind

+

iam:mfa:unbindMFADevice

+

Binding a Virtual MFA Device

+

PUT /v3.0/OS-MFA/mfa-devices/bind

+

iam:mfa:bindMFADevice

+

Creating a Virtual MFA Device

+

POST /v3.0/OS-MFA/virtual-mfa-devices

+

iam:mfa:createVirtualMFADevice

+

Deleting a Virtual MFA Device

+

DELETE /v3.0/OS-MFA/virtual-mfa-devices

+

iam:mfa:deleteVirtualMFADevice

+
+
+
+

Project Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Creating a Project

+

POST /v3/projects

+

iam:projects:createProject

+

Modifying Project Data

+

PATCH /v3/projects/{project_id}

+

iam:projects:updateProject

+

Changing Project Status

+

PUT /v3-ext/projects/{project_id}

+

iam:projects:updateProject

+

Querying the List of Projects Accessible to Users

+

GET /v3/users/{user_id}/projects

+

iam:projects:listProjectsForUser

+

Deleting a Project

+

DELETE /v3/projects/{project_id}

+

iam:projects:deleteProject

+

Querying the Quotas of a Project

+

GET /v3.0/OS-QUOTA/projects/{project_id}

+

iam:quotas:listQuotasForProject

+
+
+
+

User Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Listing Users

+

GET /v3/users

+

iam:users:listUsers

+

Querying User Details

+

GET /v3/users/{user_id}

+

iam:users:getUser

+

Querying User Details (Recommended)

+

GET /v3.0/OS-USER/users/{user_id}

+

iam:users:getUser

+

Querying the User Group to Which a User Belongs

+

GET /v3/users/{user_id}/groups

+

iam:groups:listGroupsForUser

+

Querying Users in a User Group

+

GET /v3/groups/{group_id}/users

+

iam:users:listUsersForGroup

+

Creating a User

+

POST /v3/users

+

iam:users:createUser

+

Modifying User Information

+

PATCH /v3/users/{user_id}

+

iam:users:updateUser

+

Deleting a User

+

DELETE /v3/users/{user_id}

+

iam:users:deleteUser

+

Resetting a User's Password

+

×

+

iam:users:resetUserPassword

+

Configuring Login Protection

+

×

+

iam:users:setUserLoginProtect

+

Listing Users Who Have Access to a Specified Project

+

×

+

iam:users:listUsersForProject

+

Deleting a User from a User Group

+

DELETE /v3/groups/{group_id}/users/{user_id}

+

iam:permissions:removeUserFromGroup

+

Querying MFA Device Information of Users

+

GET /v3.0/OS-MFA/virtual-mfa-devices

+

iam:mfa:listVirtualMFADevices

+

Querying the MFA Device Information of a User

+

GET /v3.0/OS-MFA/users/{user_id}/virtual-mfa-device

+

iam:mfa:getVirtualMFADevice

+

Querying Login Protection Configurations of Users

+

GET /v3.0/OS-USER/login-protects

+

iam:users:listUserLoginProtects

+

Querying the Login Protection Configuration of a User

+

GET /v3.0/OS-USER/users/{user_id}/login-protect

+

iam:users:getUserLoginProtect

+
+
+
+

User Group Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Querying Users in a User Group

+

GET /v3/groups/{group_id}/users

+

iam:users:listUsersForGroup

+

Listing User Groups

+

GET /v3/groups{?domain_id,name}

+

iam:groups:listGroups

+

Querying User Group Details

+

GET /v3/groups/{group_id}

+

iam:groups:getGroup

+

Creating a User Group

+

POST /v3/groups

+

iam:groups:createGroup

+

Adding a User to a User Group

+

PUT /v3/groups/{group_id}/users/{user_id}

+

iam:permissions:addUserToGroup

+

Updating User Group Information

+

PATCH /v3/groups/{group_id}

+

iam:groups:updateGroup

+

Deleting a User Group

+

DELETE /v3/groups/{group_id}

+
  • iam:groups:deleteGroup
  • iam:permissions:removeUserFromGroup
  • iam:permissions:revokeRoleFromGroup
  • iam:permissions:revokeRoleFromGroupOnProject
  • iam:permissions:revokeRoleFromGroupOnDomain
+

Checking Whether a User Belongs to a Specified User Group

+

HEAD /v3/groups/{group_id}/users/{user_id}

+

iam:permissions:checkUserInGroup

+
+
+
+

Permissions Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Querying a Role List

+

GET /v3/roles

+

iam:roles:listRoles

+

Querying Role Details

+

GET /v3/roles/{role_id}

+

iam:roles:getRole

+

Querying Permissions of a User Group Under a Domain

+

GET /v3/domains/{domain_id}/groups/{group_id}/roles

+

iam:permissions:listRolesForGroupOnDomain

+

Querying Permissions of a User Group Corresponding to a Project

+

GET /v3/projects/{project_id}/groups/{group_id}/roles

+

iam:permissions:listRolesForGroupOnProject

+

Granting Permissions to a User Group of a Domain

+

PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:grantRoleToGroupOnDomain

+

Granting Permissions to a User Group Corresponding to a Project

+

PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:grantRoleToGroupOnProject

+

Removing Permissions of a User Group Corresponding to a Project

+

DELETE /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:revokeRoleFromGroupOnProject

+

Removing Permissions of a User Group of a Domain

+

DELETE /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:revokeRoleFromGroupOnDomain

+

Querying Whether a User Group Under a Domain Has Specific Permissions

+

HEAD /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:checkRoleForGroupOnDomain

+

Querying Whether a User Group Corresponding to a Project Has Specific Permissions

+

HEAD /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:checkRoleForGroupOnProject

+

Granting Permissions to a User Group

+

PUT /v3/domains/{domain_id}/groups/{group_id}/roles/{role_id}

+

PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id}

+

iam:permissions:grantRoleToGroup

+

Querying the Permissions Granted to a User for a Specified Project

+

×

+

iam:permissions:listRolesForUserOnProject

+

Querying All Permissions of a User Group

+

×

+

iam:permissions:listRolesForGroup

+

Checking Whether a User Group Has Specified Permissions

+		 +

iam:permissions:checkRoleForGroup

+

Removing Permissions of a User Group

+		 +

iam:permissions:revokeRoleFromGroup

+

Querying a Resource Quota

+

GET /v3.0/OS-QUOTA/domains/{domain_id}?type={user, group, idp, agency, policy}

+

iam:quotas:listQuotas

+
+
+
+

Custom Policy Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Listing Custom Policies

+

GET /v3.0/OS-ROLE/roles

+

iam:roles:listRoles

+

Querying Custom Policy Details

+

GET /v3.0/OS-ROLE/roles/{role_id}

+

iam:roles:getRole

+

Creating a Custom Policy

+

POST /v3.0/OS-ROLE/roles

+

iam:roles:createRole

+

Modifying a Custom Policy

+

PATCH /v3.0/OS-ROLE/roles/{role_id}

+

iam:roles:updateRole

+

Deleting a Custom Policy

+

DELETE /v3.0/OS-ROLE/roles/{role_id}

+

iam:roles:deleteRole

+
+
+
+

Agency Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Creating an Agency

+

POST /v3.0/OS-AGENCY/agencies

+

iam:agencies:createAgency

+

Listing Agencies

+

GET /v3.0/OS-AGENCY/agencies

+

iam:agencies:listAgencies

+

Querying Agency Details

+

GET /v3.0/OS-AGENCY/agencies/{agency_id}

+

iam:agencies:getAgency

+

Modifying an Agency

+

PUT /v3.0/OS-AGENCY/agencies/{agency_id}

+

iam:agencies:updateAgency

+

Deleting an Agency

+

DELETE /v3.0/OS-AGENCY/agencies/{agency_id}

+

iam:agencies:deleteAgency

+

Granting Permissions to an Agency for a Project

+

PUT /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:grantRoleToAgencyOnProject

+

Checking Whether an Agency Has the Specified Permissions on a Project

+

HEAD /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:checkRoleForAgencyOnProject

+

Querying Permissions of an Agency for a Project

+

GET /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles

+

iam:permissions:listRolesForAgencyOnProject

+

Removing Permissions of an Agency on a Project

+

DELETE /v3.0/OS-AGENCY/projects/{project_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:revokeRoleFromAgencyOnProject

+

Granting Permissions to an Agency on a Domain

+

PUT /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:grantRoleToAgencyOnDomain

+

Checking Whether an Agency Has the Specified Permissions on a Domain

+

HEAD /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:checkRoleForAgencyOnDomain

+

Querying the List of Permissions of an Agency on a Domain

+

GET /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles

+

iam:permissions:listRolesForAgencyOnDomain

+

Removing Permissions of an Agency on a Domain

+

DELETE /v3.0/OS-AGENCY/domains/{domain_id}/agencies/{agency_id}/roles/{role_id}

+

iam:permissions:revokeRoleFromAgencyOnDomain

+
+
+
+

Security Settings

+
+ + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Querying the Password Policy

+

GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/password-policy

+

iam:securitypolicies:getPasswordPolicy

+

Querying the Login Authentication Policy

+

GET v3.0/OS-SECURITYPOLICY/domains/{domain_id}/login-policy

+

iam:securitypolicies:getLoginPolicy

+
+
+
+

Federated Identity Authentication Management

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Permission

+

API

+

Action

+

Querying the Identity Provider List

+

GET /v3/OS-FEDERATION/identity_providers

+

iam:identityProviders:listIdentityProviders

+

Querying an Identity Provider

+

GET /v3/OS-FEDERATION/identity_providers/{id}

+

iam:identityProviders:getIdentityProvider

+

Creating an Identity Provider

+

PUT /v3/OS-FEDERATION/identity_providers/{id}

+

iam:identityProviders:createIdentityProvider

+

Updating an Identity Provider

+

PATCH /v3/OS-FEDERATION/identity_providers/{id}

+

iam:identityProviders:updateIdentityProvider

+

Deleting an Identity Provider

+

DELETE /v3/OS-FEDERATION/identity_providers/{id}

+

iam:identityProviders:deleteIdentityProvider

+

Querying the Mapping List

+

GET /v3/OS-FEDERATION/mappings

+

iam:identityProviders:listMappings

+

Querying Mapping Details

+

GET /v3/OS-FEDERATION/mappings/{id}

+

iam:identityProviders:getMapping

+

Creating a Mapping

+

PUT /v3/OS-FEDERATION/mappings/{id}

+

iam:identityProviders:createMapping

+

Updating a Mapping

+

PATCH /v3/OS-FEDERATION/mappings/{id}

+

iam:identityProviders:updateMapping

+

Deleting a Mapping

+

DELETE /v3/OS-FEDERATION/mappings/{id}

+

iam:identityProviders:deleteMapping

+

Querying the Protocol List

+

GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols

+

iam:identityProviders:listProtocols

+

Querying a Protocol

+

GET /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

+

iam:identityProviders:getProtocol

+

Registering a Protocol

+

PUT /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

+

iam:identityProviders:createProtocol

+

Updating a Protocol

+

PATCH /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

+

iam:identityProviders:updateProtocol

+

Deleting a Protocol

+

DELETE /v3/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}

+

iam:identityProviders:deleteProtocol

+

Querying a Metadata File

+

GET /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata

+

iam:identityProviders:getIDPMetadata

+

Importing a Metadata File

+

POST /v3-ext/OS-FEDERATION/identity_providers/{idp_id}/protocols/{protocol_id}/metadata

+

iam:identityProviders:createIDPMetadata

+
+
+
+
+
+
+
Parent topic: Permissions Policies and Supported Actions
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0063.html b/docs/iam/api-ref/iam_02_0063.html new file mode 100644 index 00000000..1606d10d --- /dev/null +++ b/docs/iam/api-ref/iam_02_0063.html @@ -0,0 +1,93 @@ + + +

Deleting a User Token

+

Function

This API is used to delete a token no matter whether the token has expired or not.

+
+

URI

DELETE /v3/auth/tokens

+
+

Request Parameters

+
+

Response Parameters

None

+
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

204

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Token Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0113.html b/docs/iam/api-ref/iam_02_0113.html new file mode 100644 index 00000000..2e29addb --- /dev/null +++ b/docs/iam/api-ref/iam_02_0113.html @@ -0,0 +1,208 @@ + + +

Querying the Password Strength Policy by Option

+

Function

This API is used to query the password strength policy by option. The option can be the regular expression and description of the password strength policy.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

404

+

The requested resource cannot be found.

+

405

+

The method specified in the request is not allowed for the requested resource.

+

413

+

The request entity is too large.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Tenant Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0114.html b/docs/iam/api-ref/iam_02_0114.html new file mode 100644 index 00000000..4fce13c8 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0114.html @@ -0,0 +1,224 @@ + + +

Querying a Resource Quota

+

Function

This API is used to query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies.

+
+

URI

+
+

Request Parameters

+
+

Response Parameters

+
+ + + + + + + + + +
Table 1 Parameters in the response body

Parameter

+

Type

+

Description

+

quotas

+

Object

+

Quota information of the domain.

+
+
+ +
+ + + + + + + + + +
Table 2 quotas

Parameter

+

Type

+

Description

+

resources

+

Array of objects

+

Resource information.

+
+
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Table 3 resources

Parameter

+

Type

+

Description

+

max

+

Integer

+

Maximum quota.

+

min

+

Integer

+

Minimum quota.

+

quota

+

Integer

+

Current quota.

+

type

+

String

+

Quota type.

+

used

+

Integer

+

Used quota.

+
+
+ +
+

Status Codes

+
+ + + + + + + + + + + + + + + + + + + + + + +

Status Code

+

Description

+

200

+

The request is successful.

+

400

+

The server failed to process the request.

+

401

+

Authentication failed.

+

403

+

Access denied.

+

500

+

Internal server error.

+

503

+

Service unavailable.

+
+
+
+
+
+
+
Parent topic: Tenant Management
+
+
+ diff --git a/docs/iam/api-ref/iam_02_0510.html b/docs/iam/api-ref/iam_02_0510.html new file mode 100644 index 00000000..41727205 --- /dev/null +++ b/docs/iam/api-ref/iam_02_0510.html @@ -0,0 +1,50 @@ + + +

Authentication

+

Requests for calling an API can be authenticated using either of the following methods:

+ +

Token-based Authentication

The validity period of a token is 24 hours. When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token.

+
+

A token specifies temporary permissions in a computer system. During API authentication using a token, the token is added to request headers to get permissions for calling the API.

+

You can obtain a token by calling the API described in Obtaining a User Token. IAM APIs can be called only by using a global service token. To call the API described in Obtaining a User Token, set auth.scope to domain in the request body as follows:

+
{
+    "auth": {
+        "identity": {
+            "methods": [
+                "password"
+            ],
+            "password": {
+                "user": {
+                    "domain": {
+                        "name": "IAMDomain"
+                    },
+                    "name": "IAMUser",
+                    "password": "IAMPassword"
+                }
+            }
+        },
+        "scope": {
+            "domain": {
+                "name": "IAMDomain"
+            }
+        }
+    }
+}
+

After a token is obtained, the X-Auth-Token header field must be added to requests to specify the token when calling other APIs. For example, if the token is ABCDEFJ...., X-Auth-Token: ABCDEFJ.... can be added to a request as follows:

+

+

+
AK/SK-based Authentication
 
AK/SK-based authentication supports API requests with a body not larger than 12 MB. For API requests with a larger body, token-based authentication is recommended.

+

+
In AK/SK-based authentication, AK/SK is used to sign requests and the signature is then added to the requests for authentication.

+
+
In AK/SK-based authentication, you can use an AK/SK pair to sign requests based on the signature algorithm or use the signing SDK to sign requests. 
 
The signing SDK is only used for signing requests and is different from the SDKs provided by services.

+

+

+

+

+

+

+
Parent topic: Calling APIs

+

+

+
diff --git a/docs/iam/api-ref/iam_02_0511.html b/docs/iam/api-ref/iam_02_0511.html
new file mode 100644
index 00000000..6d1f098c
--- /dev/null
+++ b/docs/iam/api-ref/iam_02_0511.html
@@ -0,0 +1,39 @@
+
+
+
Response

+
Status Code
After sending a request, you will receive a response, including the status code, response header, and response body.

+
A status code is a group of digits, ranging from 1xx to 5xx. It indicates the status of a request. For more information, see Status Codes.

+
For example, if status code 201 is returned for calling the API used to obtain a user token (Obtaining a User Token), the request is successful.

+

+
Response Header
Similar to a request, a response also has a header, for example, Content-Type.

+
Obtaining a User Token shows the response header fields for the API used to obtain a user token (Figure 1). The x-subject-token header field is the desired user token. This token can then be used to authenticate the calling of other APIs.

+
Figure 1 Header fields of the response to the request for obtaining a user token

+

+
Response Body
The body of a response is often returned in structured format as specified in the Content-Type header field. The response body transfers content except the response header.

+
The following is part of the response body for the API used to obtain a user token (Obtaining a User Token).

+
{
+    "token": {
+        "expires_at": "2019-02-13T06:52:13.855000Z",
+        "methods": [
+            "password"
+        ],
+        "catalog": [
+            {
+                "endpoints": [
+                    {
+                        "region_id": "az-01",
+......

+
If an error occurs during API calling, an error code and error description will be displayed. The following shows an error response body:

+
{
+    "error_msg": "The format of message is error",
+    "error_code": "AS.0001"
+}

+
In the response body, error_code is an error code, and error_msg provides information about the error.

+

+

+

+

+
Parent topic: Calling APIs

+

+

+
diff --git a/docs/iam/api-ref/iam_02_0512.html b/docs/iam/api-ref/iam_02_0512.html
new file mode 100644
index 00000000..d0354202
--- /dev/null
+++ b/docs/iam/api-ref/iam_02_0512.html
@@ -0,0 +1,15 @@
+
+
+
Appendix

+

+

+
+

+
diff --git a/docs/iam/api-ref/iam_03_0001.html b/docs/iam/api-ref/iam_03_0001.html
new file mode 100644
index 00000000..d2463c99
--- /dev/null
+++ b/docs/iam/api-ref/iam_03_0001.html
@@ -0,0 +1,247 @@
+
+
+
Creating a Permanent Access Key

+
Function
This API can be used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key for itself.

+
Access keys are identity credentials for using development tools (APIs, CLI, and SDKs) to access the cloud system. Access keys cannot be used to log in to the console. AK is used in conjunction with an SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
POST /v3.0/OS-CREDENTIAL/credentials

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to create a permanent access key for an IAM user.

+
The user token (no special permission requirements) of an IAM user is required if the user is requesting to create a permanent access key for itself.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
credential

+
Yes

+
Object

+
Authentication information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 credential
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
IAM user ID.

+
description

+
No

+
String

+
Description of the access key.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 4 Parameters in the response body
Parameter

+
Type

+
Description

+
credential

+
Object

+
Authentication result.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 credential
Parameter

+
Type

+
Description

+
create_time

+
String

+
Time when the access key was created.

+
access

+
String

+
AK.

+
secret

+
String

+
SK.

+
status

+
String

+
Status of the access key.

+
user_id

+
String

+
IAM user ID.

+
description

+
String

+
Description of the access key.

+

+

+

+
Example Request
POST https://sample.domain.com/v3.0/OS-CREDENTIAL/credentials

+
{
+    "credential": {
+        "description": "IAMDescription",
+        "user_id": "07609fb9358010e21f7bc003751c7c32"
+    }
+}

+

+
Example Response
Status code: 201

+
The request is successful.

+
{
+    "credential": {
+        "access": "P83EVBZJMXCYTMUII...",
+        "create_time": "2020-01-08T06:25:19.014028Z",
+        "user_id": "07609fb9358010e21f7bc003751...",
+        "description": "IAMDescription",
+        "secret": "TTqAHPbhWorg9ozx8Dv9MUyzYnOKDppxzHt...",
+        "status": "active"
+    }
+}

+
Status code: 400

+
The server failed to process the request. (The number of access keys has reached the maximum allowed limit.)

+
{
+    "error": {
+        "message": "akSkNumExceed",
+        "code": 400,
+        "title": "Bad Request"
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
201

+
The request is successful.

+
400

+
The server failed to process the request. (The number of access keys has reached the maximum allowed limit.)

+
401

+
Authentication failed.

+
403

+
Access denied.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Access Key Management

+

+

+
diff --git a/docs/iam/api-ref/iam_03_0002.html b/docs/iam/api-ref/iam_03_0002.html
new file mode 100644
index 00000000..56fb7341
--- /dev/null
+++ b/docs/iam/api-ref/iam_03_0002.html
@@ -0,0 +1,204 @@
+
+
+
Querying a Permanent Access Key

+
Function
This API can be used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their permanent access keys.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
GET /v3.0/OS-CREDENTIAL/credentials/{access_key}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
access_key

+
Yes

+
String

+
AK of the access key to be queried.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to query a specified permanent access key of an IAM user.

+
The user token (no special permission requirements) of an IAM user is required if the user is requesting to query one of their permanent access keys.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
credential

+
Object

+
Authentication result.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 credential
Parameter

+
Type

+
Description

+
user_id

+
String

+
IAM user ID.

+
access

+
String

+
AK.

+
status

+
String

+
Status of the access key.

+
create_time

+
String

+
Time when the access key was created.

+
last_use_time

+
String

+
Time when the access key was last used.

+
description

+
String

+
Description of the access key.

+

+

+

+
Example Request
 GET https://sample.domain.com/v3.0/OS-CREDENTIAL/credentials/{access_key}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+    "credential": {
+        "last_use_time": "2020-01-08T06:26:08.123059Z",
+        "access": "LOSZM4YRVLKOY9E8...",
+        "create_time": "2020-01-08T06:26:08.123059Z",
+        "user_id": "07609fb9358010e21f7bc003751...",
+        "description": "",
+        "status": "active"
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Access Key Management

+

+

+
diff --git a/docs/iam/api-ref/iam_03_0003.html b/docs/iam/api-ref/iam_03_0003.html
new file mode 100644
index 00000000..1cf78972
--- /dev/null
+++ b/docs/iam/api-ref/iam_03_0003.html
@@ -0,0 +1,207 @@
+
+
+
Listing Permanent Access Keys

+
Function
This API can be used by the administrator to list all permanent access key of an IAM user or used by an IAM user to list all of their permanent access keys.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
GET /v3.0/OS-CREDENTIAL/credentials

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Query parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
No

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to query all permanent access keys of an IAM user.

+
The user token (no special permission requirements) of an IAM user is required if the user is requesting to query their permanent access keys.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
credentials

+
Array of objects

+
Authentication result.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 credentials
Parameter

+
Type

+
Description

+
user_id

+
String

+
IAM user ID.

+
access

+
String

+
AK.

+
status

+
String

+
Status of the access key.

+
create_time

+
String

+
Time when the access key was created.

+
description

+
String

+
Description of the access key.

+

+

+

+
Example Request

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+    "credentials": [
+        {
+            "access": "LOSZM4YRVLKOY9E8X...",
+            "create_time": "2020-01-08T06:26:08.123059Z",
+            "user_id": "07609fb9358010e21f7bc0037...",
+            "description": "",
+            "status": "active"
+        },
+        {
+            "access": "P83EVBZJMXCYTMU...",
+            "create_time": "2020-01-08T06:25:19.014028Z",
+            "user_id": "07609fb9358010e21f7bc003751...",
+            "description": "",
+            "status": "active"
+        }
+    ]
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Access Key Management

+

+

+
diff --git a/docs/iam/api-ref/iam_03_0004.html b/docs/iam/api-ref/iam_03_0004.html
new file mode 100644
index 00000000..20516848
--- /dev/null
+++ b/docs/iam/api-ref/iam_03_0004.html
@@ -0,0 +1,258 @@
+
+
+
Modifying a Permanent Access Key

+
Function
This API can be used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their permanent access keys.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
PUT /v3.0/OS-CREDENTIAL/credentials/{access_key}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
access_key

+
Yes

+
String

+
AK of the access key to be modified.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to modify a specified permanent access key of an IAM user.

+
The user token (no special permission requirements) of an IAM user is required if the user is requesting to modify one of their permanent access keys.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
credential

+
Yes

+
Object

+
Authentication information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 credential
Parameter

+
Mandatory

+
Type

+
Description

+
status

+
No

+
String

+
Status of the access key to be changed to The value can be active or inactive.

+
Options:

+
  • active
  • inactive

+
description

+
No

+
String

+
Description of the access key

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 5 Parameters in the response body
Parameter

+
Type

+
Description

+
credential

+
Object

+
Authentication information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 credential
Parameter

+
Type

+
Description

+
user_id

+
String

+
IAM user ID.

+
access

+
String

+
AK.

+
status

+
String

+
Status of the access key.

+
create_time

+
String

+
Time when the access key was created.

+
description

+
String

+
Description of the access key.

+

+

+

+
Example Request
PUT https://sample.domain.com/v3.0/OS-CREDENTIAL/credentials/{access_key}

+
{
+    "credential": {
+        "status": "inactive",
+        "description": "IAMDescription"
+    }
+}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+    "credential": {
+        "status": "inactive",
+        "access": "LOSZM4YRVLKOY9...",
+        "create_time": "2020-01-08T06:26:08.123059Z",
+        "user_id": "07609fb9358010e21f7bc00375..."
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Access Key Management

+

+

+
diff --git a/docs/iam/api-ref/iam_03_0005.html b/docs/iam/api-ref/iam_03_0005.html
new file mode 100644
index 00000000..245329cd
--- /dev/null
+++ b/docs/iam/api-ref/iam_03_0005.html
@@ -0,0 +1,121 @@
+
+
+
Deleting a Permanent Access Key

+
Function
This API can be used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their permanent access keys.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
DELETE /v3.0/OS-CREDENTIAL/credentials/{access_key}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
access_key

+
Yes

+
String

+
AK to be deleted.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to delete a specified permanent access key of an IAM user.

+
The user token (no special permission requirements) of an IAM user is required if the user is requesting to delete one of their permanent access keys.

+

+

+

+
Response Parameters
None

+

+
Example Request
DELETE https://sample.domain.com/v3.0/OS-CREDENTIAL/credentials/{access_key}

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The access key is deleted successfully.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Access Key Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0004.html b/docs/iam/api-ref/iam_08_0004.html
new file mode 100644
index 00000000..00d4576b
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0004.html
@@ -0,0 +1,313 @@
+
+
+
Querying User Details (Recommended)

+
Function
This API can be used by the administrator to query the details about a specified user or used by a user to query their details.

+

+
URI
GET /v3.0/OS-USER/users/{user_id}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to query the details about a specified user.

+
If an IAM user is requesting to query their details, the user token (no special permission requirements) of the user is required.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
user

+
Object

+
User information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 user
Parameter

+
Type

+
Description

+
enabled

+
Boolean

+
Enabling status of the user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

+
id

+
String

+
User ID.

+
domain_id

+
String

+
ID of the account to which the user belongs.

+
name

+
String

+
Username.

+
links

+
Object

+
User resource link information.

+
xuser_id

+
String

+
ID of the user in the external system.

+
xuser_type

+
String

+
Type of the user in the external system.

+
areacode

+
String

+
Country code.

+
email

+
String

+
Email address.

+
phone

+
String

+
Mobile number.

+
pwd_status

+
Boolean

+
Password status. true means that the password needs to be changed, and false means that the password is normal.

+
update_time

+
String

+
Time when the user was last updated.

+
create_time

+
String

+
Time when the user was created.

+
last_login_time

+
String

+
Last login time of the user.

+
pwd_strength

+
String

+
Password strength. The value can be Low, Middle, High, or None.

+
is_domain_owner

+
Boolean

+
Indicates whether the user is the account administrator.

+
description

+
String

+
Description about the user.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 user.links
Parameter

+
Type

+
Description

+
self

+
String

+
Resource link.

+
previous

+
String

+
Previous resource link.

+
next

+
String

+
Next resource link.

+

+

+

+
Example Request
GET https://sample.domain.com/v3.0/OS-USER/users/{user_id}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+  "id" : "",
+  "xuser_type" : "",
+  "email" : "",
+  "user" : {
+    "pwd_strength" : "Strong",
+    "create_time" : "2020-07-08 02:19:03.0",
+    "last_login_time" : null,
+    "areacode" : "",
+    "enabled" : true,
+    "domain_id" : "086ba757f90089cf0fe5c000dbe7f...",
+    "xuser_id" : "",
+    "pwd_status" : false,
+    "update_time" : null,
+    "phone" : "-",
+    "name" : "autotest1",
+    "links" : {
+      "next" : null,
+      "previous" : null,
+      "self" : "https://sample.domain.com/v3.0/OS-USER/users/093f75808b8089ba1f6dc000c7cac..."
+    },
+    "id" : "093f75808b8089ba1f6dc000c7cac...",
+    "xuser_type" : "",
+    "email" : "",
+  }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
405

+
The method specified in the request is not allowed for the requested resource.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0011.html b/docs/iam/api-ref/iam_08_0011.html
new file mode 100644
index 00000000..4fdb19e1
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0011.html
@@ -0,0 +1,571 @@
+
+
+
Modifying User Information (Including Email Address and Mobile Number)

+
Function
This API is provided for the administrator to modify user information.

+

+
URI
PUT /v3.0/OS-USER/users/{user_id}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
user

+
Yes

+
Object

+
IAM user information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 user
Parameter

+
Mandatory

+
Type

+
Description

+
name

+
No

+
String

+
New username with 1 to 255 characters

+
password

+
No

+
String

+
Password of the user. The password must meet the following requirements:

+
  • Can contain 6 to 32 characters. The default minimum password length is 6 characters.
  • Must contain at least two of the following character types: uppercase letters, lowercase letters, digits, and special characters.
  • Must meet the requirements of the password policy configured on the account settings page.
  • Must be different from the old password.

+
email

+
No

+
String

+
Email address, which can contain not more than 255 characters.

+
areacode

+
No

+
String

+
Country code. The country code must be used together with a mobile number.

+
phone

+
No

+
String

+
New mobile number, which can contain a maximum of 32 digits. The mobile number must be used together with a country code.

+
enabled

+
No

+
Boolean

+
Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

+
pwd_status

+
No

+
Boolean

+
Indicates whether the user must change their password at the first login. true (default value) indicates that the user must change their password at the first login. false indicates that the user does not need to change their password at the first login.

+
xuser_type

+
No

+
String

+
Type of the user in the external system. The user type can contain a maximum of 64 characters. xuser_type must be used together with xuser_id and will be verified based on xaccount_type and xdomain_type of the same account.

+
 NOTE: 
An external system refers to an enterprise management system connected to cloud system. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud system. Please contact the enterprise administrator.

+

+
xuser_id

+
No

+
String

+
ID of the user in the external system. The user ID can contain a maximum of 128 characters, and must be used together with xuser_type.

+
 NOTE: 
An external system refers to an enterprise management system connected to cloud system. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud system. Please contact the enterprise administrator.

+

+
description

+
No

+
String

+
Description of the IAM user.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 5 Parameters in the response body
Parameter

+
Type

+
Description

+
user

+
Object

+
IAM user information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 user
Parameter

+
Type

+
Description

+
pwd_status

+
Boolean

+
Whether password reset is required at first login.

+
xuser_id

+
String

+
ID of the user in the external system.

+
 NOTE: 
An external system refers to an enterprise management system connected to cloud system. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud system. Please contact the enterprise administrator.

+

+
xuser_type

+
String

+
Type of the user in the external system.

+
 NOTE: 
An external system refers to an enterprise management system connected to cloud system. Parameters xaccount_type, xaccount_id, xdomain_type, xdomain_id, xuser_type, and xuser_id cannot be obtained from the cloud system. Please contact the enterprise administrator.

+

+
description

+
String

+
Description of the IAM user.

+
name

+
String

+
New IAM user name with 5 to 32 characters. The username can contain special characters, but only hyphens (-), underscores (_), and spaces are allowed. It cannot start with a digit.

+
phone

+
String

+
New mobile number, which can contain a maximum of 32 digits. The mobile number must be used together with a country code.

+
domain_id

+
String

+
ID of the account to which the user belongs.

+
enabled

+
Boolean

+
Enabling status of the IAM user. true (default value) indicates that the user is enabled. false indicates that the user is disabled.

+
pwd_status

+
Boolean

+
Indicates whether the user must change their password at the first login. true (default value) indicates that the user must change their password at the first login. false indicates that the user does not need to change their password at the first login.

+
areacode

+
String

+
Country code.

+
email

+
String

+
New email address.

+
id

+
String

+
IAM user ID.

+
links

+
Object

+
User resource link information.

+
password_expires_at

+
String

+
UTC time when the password will expire. null indicates that the password has unlimited validity.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 7 user.links
Parameter

+
Type

+
Description

+
self

+
String

+
Resource link.

+

+

+

+
Example Request
PUT https://sample.domain.com/v3.0/OS-USER/users/{user_id}

+
{
+    "user": {
+        "email": "IAMEmail@123.com",
+        "areacode": "0086",
+        "phone": "12345678910",
+        "enabled": true,
+        "name": "IAMUser",
+        "password": "IAMPassword@",
+        "pwd_status": false,
+        "xuser_type": "",
+        "xuser_id": "",
+        "description": "IAMDescription"
+    }
+}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+    "user": {
+        "description": "IAMDescription",
+        "areacode": "0086",
+        "enabled": true,
+        "pwd_status": false,
+        "xuser_id": "",
+        "domain_id": "d78cbac186b744899480f25bd0...",
+        "phone": "12345678910",
+        "name": "IAMUser",
+        "links": {
+            "self": "https://sample.domain.com/3.0/OS-USER/users/076934ff9f0010cd1f0bc003..."
+        },
+        "id": "076934ff9f0010cd1f0bc0031019...",
+        "xuser_type": "",
+        "email": "IAMEmail@123.com"
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
405

+
The method specified in the request is not allowed for the requested resource.

+
409

+
A resource conflict occurs.

+
413

+
The request entity is too large.

+
500

+
Internal server error.

+
503

+
Service unavailable.

+

+

+

+
Error Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Error Code

+
Error Message

+
400

+
1100

+
Mandatory parameters are missing.

+
400

+
1101

+
Invalid username.

+
400

+
1102

+
Invalid email address.

+
400

+
1103

+
Incorrect password.

+
400

+
1104

+
Invalid mobile number.

+
400

+
1105

+
The value of xuser_type must be the same as that of xdomain_type.

+
400

+
1106

+
The country code and mobile number must be set at the same time.

+
400

+
1107

+
The account administrator cannot be deleted.

+
400

+
1108

+
The new password must be different from the old password.

+
400

+
1109

+
The username already exists.

+
400

+
1110

+
The email address has already been used.

+
400

+
1111

+
The mobile number has already been used.

+
400

+
1113

+
The user ID or user type already exists.

+
400

+
1115

+
The number of IAM users has reached the maximum allowed limit.

+
400

+
1117

+
Invalid user description.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0012.html b/docs/iam/api-ref/iam_08_0012.html
new file mode 100644
index 00000000..e1755198
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0012.html
@@ -0,0 +1,161 @@
+
+
+
Querying MFA Device Information of Users

+
Function
This API is provided for the administrator to query the MFA device information of users.

+

+
URI
GET /v3.0/OS-MFA/virtual-mfa-devices

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the response body
Parameter

+
Type

+
Description

+
virtual_mfa_devices

+
Array of objects

+
Virtual MFA device information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 virtual_mfa_devices
Parameter

+
Type

+
Description

+
serial_number

+
String

+
Virtual MFA device serial number.

+
user_id

+
String

+
User ID.

+

+

+

+
Example Request
GET https://sample.domain.com/v3.0/OS-MFA/virtual-mfa-devices

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "virtual_mfa_devices" : [ 
+          { 
+              "user_id" : "16b26081f43d4c628c4bb88cf32e9...", 
+              "serial_number" : "iam/mfa/16b26081f43d4c628c4bb88cf32e9..." 
+            }, 
+           { 
+              "user_id" : "47026081f43d4c628c4bb88cf32e9...", 
+              "serial_number" : "iam/mfa/75226081f43d4c628c4bb88cf32e9..." 
+             } 
+          ] 
+}

+

+
Status code: 403

+
Access denied.

+
+
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }

+
+
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }

+
Status code: 404

+
The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}

+
Status code: 500

+
Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0013.html b/docs/iam/api-ref/iam_08_0013.html
new file mode 100644
index 00000000..226322b5
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0013.html
@@ -0,0 +1,180 @@
+
+
+
Querying the MFA Device Information of a User

+
Function
This API can be used by the administrator to query the MFA device information of a specified user or used by a user to query their MFA device information.

+

+
URI
GET /v3.0/OS-MFA/users/{user_id}/virtual-mfa-device

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to query the MFA device information of a specified user.

+
If a user is requesting to query their MFA device information, the user token (no special permission requirements) of the user is required.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
virtual_mfa_device

+
object

+
Virtual MFA device information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 virtual_mfa_device
Parameter

+
Type

+
Description

+
serial_number

+
String

+
Virtual MFA device serial number.

+
user_id

+
String

+
User ID.

+

+

+

+
Example Request
GET https://sample.domain.com/v3.0/OS-MFA/users/{user_id}/virtual-mfa-device

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "virtual_mfa_device" :
+    { 
+      "user_id" : "16b26081f43d4c628c4bb88cf32e9...", 
+      "serial_number" : "iam/mfa/16b26081f43d4c628c4bb88cf32e9..." 
+     } 
+}

+

+
Status code: 403

+
Access denied.

+
+
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }

+
+
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }

+
Status code: 404

+
The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}

+
Status code: 500

+
Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0014.html b/docs/iam/api-ref/iam_08_0014.html
new file mode 100644
index 00000000..9dba5e38
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0014.html
@@ -0,0 +1,185 @@
+
+
+
Querying Login Protection Configurations of Users

+
Function
This API is provided for the administrator to query the login protection configurations of users.

+

+
URI
GET /v3.0/OS-USER/login-protects

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the response body
Parameter

+
Type

+
Description

+
login_protects

+
Array of objects

+
Login protection configurations.

+
 NOTE: 
The response only includes the login protection configurations of users for whom login protection has been configured.

+

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 login_protects
Parameter

+
Type

+
Description

+
enabled

+
Boolean

+
Indicates whether login protection has been enabled for a user. The value can be true or false.

+
user_id

+
String

+
User ID.

+
verification_method

+
String

+
Login authentication method of the user.

+
  • email: email verification code
  • vmfa: virtual MFA verification code
  • SMS: SMS verification code

+

+

+

+
Example Request
GET https://sample.domain.com/v3.0/OS-USER/login-protects

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "login_protects" : [
+          { 
+            "user_id" : "75226081f43d4c628c4bb88cf32e9...", 
+            "enabled" : true, 
+            "verification_method" : "email" 
+            }, 
+          { 
+            "user_id" : "16b26081f43d4c628c4bb88cf32e9...", 
+            "enabled" : true, 
+            "verification_method" : "vmfa" 
+            },
+          { 
+            "user_id" : "56b26081f43d4c628c4bb88cf32e9...", 
+            "enabled" : true, 
+            "verification_method" : "sms" 
+            }
+          { 
+            "user_id" : "08c16cb6c58010691f81c0028dd94...", 
+            "enabled" : false, 
+            "verification_method" : "none" 
+            }
+       ] 
+}

+

+
 
If login protection has never been configured for a user, you cannot use this API to obtain the login protection configuration of the user.

+

+
Status code: 403

+
Access denied.

+
+
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }

+
+
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }

+
Status code: 404

+
The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}

+
Status code: 500

+
Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0016.html b/docs/iam/api-ref/iam_08_0016.html
new file mode 100644
index 00000000..a6fa013f
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0016.html
@@ -0,0 +1,190 @@
+
+
+
Querying the Login Protection Configuration of a User

+
Function
This API can be used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration.

+

+
URI
GET /v3.0/OS-USER/users/{user_id}/login-protect

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
A token with Security Administrator permissions is required if the administrator is requesting to query the login protection configuration of a specified user.

+
If a user is requesting to query their login protection configuration, the user token (no special permission requirements) of the user is required.

+

+

+

+
Response Parameters
Status code: 200

+
+

+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
login_protect

+
object

+
Login protection configuration.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 login_protect
Parameter

+
Type

+
Description

+
enabled

+
Boolean

+
Indicates whether login protection has been enabled for a user. The value can be true or false.

+
user_id

+
String

+
User ID.

+
verification_method

+
String

+
Login authentication method of the user.

+

+

+

+
Example Request
GET https://sample.domain.com/v3.0/OS-USER/users/{user_id}/login-protect

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "login_protect" : { 
+    "user_id" : "16b26081f43d4c628c4bb88cf32e9...", 
+    "enabled" : true, 
+    "verification_method" : "vmfa" 
+  } 
+}

+

+
Status code: 403

+
Access denied.

+
+
{ 
+   "error_msg" : "You are not authorized to perform the requested action.", 
+   "error_code" : "IAM.0002" 
+ }

+
+
{ 
+   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
+   "error_code" : "IAM.0003" 
+ }

+
Status code: 404

+
The requested resource cannot be found.

+
{ 
+  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
+  "error_code" : "IAM.0004" 
+}

+
 
If login protection has never been configured for a user, you cannot use this API to obtain the login protection configuration of the user. Otherwise, the error code IAM.0004 will be returned.

+

+
Status code: 500

+
Internal server error.

+
{ 
+  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
+  "error_code" : "IAM.0006" 
+}

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0017.html b/docs/iam/api-ref/iam_08_0017.html
new file mode 100644
index 00000000..0ac1a617
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0017.html
@@ -0,0 +1,147 @@
+
+
+
Binding a Virtual MFA Device

+
Function
This API is provided for IAM users to bind a virtual MFA device.

+

+
URI
PUT /v3.0/OS-MFA/mfa-devices/bind

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-token

+
Yes

+
String

+
Token (no special permission requirements) of the IAM user corresponding to the user_id specified in the request body.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
ID of the user to whom you will bind the virtual MFA device.

+
serial_number

+
Yes

+
String

+
Serial number of the virtual MFA device.

+
authentication_code_first

+
Yes

+
String

+
Verification code 1.

+
authentication_code_second

+
Yes

+
String

+
Verification code 2.

+

+

+

+
Response Parameters
None

+

+
Example Request
PUT https://sample.domain.com/v3.0/OS-MFA/mfa-devices/bind 
+ 
+{ 
+  "user_id" : "09f99d8f6a001d4f1f01c00c31968...", 
+  "authentication_code_first" : "977931", 
+  "authentication_code_second" : "527347", 
+  "serial_number" : "iam:09f6bd6a96801de40f01c00c85691...:mfa/{device_name}" 
+}

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The request is successful.

+
400

+
The request is invalid.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
404

+
The requested resource cannot be found.

+
409

+
A conflict occurs when the requested resource is saved.

+
500

+
A system error occurred.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0018.html b/docs/iam/api-ref/iam_08_0018.html
new file mode 100644
index 00000000..dd6e96e1
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0018.html
@@ -0,0 +1,137 @@
+
+
+
Unbinding a Virtual MFA Device

+
Function
This API is used by the administrator to unbind a virtual MFA device from an IAM user, or used by an IAM user to unbind their own virtual MFA device.

+

+
URI
PUT /v3.0/OS-MFA/mfa-devices/unbind

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
  • Administrator: Provide a token with Security Administrator permissions.
  • User: Provide the token (no special permission requirements) of the user specified in user_id of the request body.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
ID of the user from whom you will unbind the MFA device.

+
authentication_code

+
Yes

+
String

+
  • Administrator: Set this parameter to any value, because verification is not required.
  • IAM user: Enter the MFA verification code.

+
serial_number

+
Yes

+
String

+
Serial number of the MFA device.

+

+

+

+
Response Parameters
None

+

+
Example Request
PUT  https://sample.domain.com/v3.0/OS-MFA/mfa-devices/unbind 
+
+{ 
+  "user_id" : "09f99d8f6a001d4f1f01c00c31968...", 
+  "authentication_code" : "373658", 
+  "serial_number" : "iam:09f6bd6a96801de40f01c00c85691...:mfa/{device_name}" 
+}

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The request is successful.

+
400

+
The request is invalid.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
404

+
The requested resource cannot be found.

+
409

+
A conflict occurs when the requested resource is saved.

+
500

+
A system error occurred.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0019.html b/docs/iam/api-ref/iam_08_0019.html
new file mode 100644
index 00000000..e199b5cf
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0019.html
@@ -0,0 +1,201 @@
+
+
+
Creating a Virtual MFA Device

+
Function
This API is provided for IAM users to create a virtual MFA device.

+

+
URI
POST /v3.0/OS-MFA/virtual-mfa-devices

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
Token (no special permission requirements) of the IAM user corresponding to the user_id specified in the request body.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
virtual_mfa_device

+
Yes

+
object

+
MFA device information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 virtual_mfa_device
Parameter

+
Mandatory

+
Type

+
Description

+
name

+
Yes

+
String

+
Device name.

+
Minimum length: 1 character

+
Maximum length: 64 characters

+
user_id

+
Yes

+
String

+
ID of the user for whom you will create the MFA device.

+

+

+

+
Response Parameters
Status code: 201

+
+

+
+
+
+
+
+
+
+
+
+
Table 4 Parameters in the response body
Parameter

+
Type

+
Description

+
virtual_mfa_device

+
object

+
MFA device information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 virtual_mfa_device
Parameter

+
Type

+
Description

+
serial_number

+
String

+
Serial number of the MFA device.

+
base32_string_seed

+
String

+
Base32 seed, which a third-party system can use to generate a CAPTCHA code.

+

+

+

+
Example Request
POST https://sample.domain.com/v3.0/OS-MFA/virtual-mfa-devices 
+ 
+{ 
+  "virtual_mfa_device" : { 
+    "name" : "{device_name}", 
+    "user_id" : "09f99d8f6a001d4f1f01c00c31968..." 
+  } 
+}

+

+
Example Response
Status code: 201

+
The request is successful.

+
{
+  "virtual_mfa_device": {
+    "serial_number": "iam:09f6bd6a96801de40f01c00c85691...:mfa/{device_name}",
+    "base32_string_seed": "{string}"
+  }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
201

+
The request is successful.

+
400

+
The request is invalid.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
409

+
A conflict occurs when the requested resource is saved.

+
500

+
A system error occurred.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0020.html b/docs/iam/api-ref/iam_08_0020.html
new file mode 100644
index 00000000..dcc58f7b
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0020.html
@@ -0,0 +1,107 @@
+
+
+
Deleting a Virtual MFA Device

+
Function
This API is provided for the administrator to delete their own virtual MFA device.

+

+
URI
DELETE /v3.0/OS-MFA/virtual-mfa-devices

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Query parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
ID of the user whose virtual MFA device is to be deleted, that is, the administrator's user ID.

+
serial_number

+
Yes

+
String

+
Serial number of the virtual MFA device.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters
None

+

+
Example Request
DELETE https://sample.domain.com/v3.0/OS-MFA/virtual-mfa-devices?user_id=09f6bd85fc801de41f0cc00ce9172...&serial_number=iam:09f6bd6a96801de40f01c00c85691...:mfa/{device_name}

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
500

+
A system error occurred.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0021.html b/docs/iam/api-ref/iam_08_0021.html
new file mode 100644
index 00000000..174b50e8
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0021.html
@@ -0,0 +1,229 @@
+
+
+
Modifying the Login Protection Configuration of a User

+
Function
This API is provided for the administrator to modify the login protection configuration of a user.

+

+
URI
PUT /v3.0/OS-USER/users/{user_id}/login-protect

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
ID of the user whose login protection configuration is to be modified.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
login_protect

+
Yes

+
object

+
Login protection configuration.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 Login_project
Parameter

+
Mandatory

+
Type

+
Description

+
enabled

+
Yes

+
Boolean

+
Indicates whether login protection has been enabled for the user. The value can be true or false.

+
verification_method

+
Yes

+
String

+
Login authentication method of the user. Options: sms, email, and vmfa.

+

+

+

+
Response Parameters
Status code: 200

+
+

+
+
+
+
+
+
+
+
+
+
Table 5 Parameters in the response body
Parameter

+
Type

+
Description

+
login_protect

+
object

+
Login protection configuration.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 login_protect
Parameter

+
Type

+
Description

+
user_id

+
String

+
User ID.

+
enabled

+
Boolean

+
Indicates whether login protection has been enabled for the user. The value can be true or false.

+
verification_method

+
String

+
Login authentication method of the user. Options: sms, email, and vmfa.

+

+

+

+
Example Request
PUT https://sample.domain.com/v3.0/OS-USER/users/{user_id}/login-protect
+{ 
+  "login_protect" : { 
+    "enabled" : true, 
+    "verification_method" : "vmfa" 
+  } 
+}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "login_protect" : { 
+    "user_id": "16b26081f43d4c628c4bb88cf32e9...", 
+    "enabled" : true, 
+    "verification_method" : "vmfa" 
+  } 
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The request is invalid.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
404

+
The requested resource cannot be found.

+
500

+
A system error occurred.

+

+

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_08_0025.html b/docs/iam/api-ref/iam_08_0025.html
new file mode 100644
index 00000000..11336236
--- /dev/null
+++ b/docs/iam/api-ref/iam_08_0025.html
@@ -0,0 +1,115 @@
+
+
+
Sending a Welcome Email to a User

+
Function
This API is used by the administrator to send a welcome email to a user.

+
 
The welcome email contains a one-time password-free login link, which can be used by the user to set a password. This API is recommended when you create a new user or reset the password of an existing user.

+

+

+
URI
POST /v3.0/OS-USER/users/{user_id}/welcome

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
user_id

+
Yes

+
String

+
User ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Conent-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters
None

+

+
Example Request
POST https://sample.domain.com/v3.0/OS-USER/users/{user_id}/welcome

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+   "success" 
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The email is sent to the user successfully.

+
400

+
The email address does not exist.

+
403

+
Access denied.

+
500

+
Internal system error.

+

+

+

+
Error Codes
For details, see Error Codes.

+

+

+

+

+
Parent topic: User Management

+

+

+
diff --git a/docs/iam/api-ref/iam_10_0011.html b/docs/iam/api-ref/iam_10_0011.html
new file mode 100644
index 00000000..27ea13ff
--- /dev/null
+++ b/docs/iam/api-ref/iam_10_0011.html
@@ -0,0 +1,450 @@
+
+
+
Querying All Permissions of a User Group

+
Function
This API is provided for the administrator to query all permissions that have been assigned to a user group.

+

+
URI
GET /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
domain_id

+
Yes

+
String

+
Domain ID. For details about how to obtain the ID, see Obtaining User, Account, User Group, Project, and Agency Information.

+
group_id

+
Yes

+
String

+
User group ID. For details about how to obtain a user group ID, see Obtaining User, Account, User Group, Project, and Agency Information.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters
Status code: 200

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the response body
Parameter

+
Type

+
Description

+
links

+
object

+
Resource link information.

+
roles

+
Array of objects

+
Permission information.

+
total_number

+
Integer

+
Total number of custom policies. This parameter is returned only when domain_id is specified in the request.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 RoleResult
Parameter

+
Type

+
Description

+
domain_id

+
String

+
ID of the domain to which the permission belongs.

+
flag

+
String

+
If this parameter is set to fine_grained, the permission is a system-defined policy.

+
description_cn

+
String

+
Description of the permission in Chinese.

+
catalog

+
String

+
Service catalog of the permission.

+
name

+
String

+
Permission name. This parameter is carried in the token of a user, allowing the system to determine whether the user has permissions to access a specific cloud service.

+
description

+
String

+
Description of the permission.

+
links

+
object

+
Permission resource link.

+
id

+
String

+
Permission ID.

+
display_name

+
String

+
Display name of the permission.

+
type

+
String

+
Display mode of the permission.

+
 NOTE: 
  • AX: Account level.
  • XA: Project level.
  • AA: Both the account level and project level.
  • XX: Neither the account level nor project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.

+

+
policy

+
object

+
Content of the permission.

+
updated_time

+
String

+
Time when the permission was last updated.

+
created_time

+
String

+
Time when the permission was created.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 Links
Parameter

+
Type

+
Description

+
self

+
String

+
Resource link.

+
previous

+
String

+
Previous resource link.

+
next

+
String

+
Next resource link.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 RolePolicy
Parameter

+
Type

+
Description

+
Depends

+
Array of objects

+
Dependent permissions.

+
Statement

+
Array of objects

+
Statement of the permission.

+
Version

+
String

+
Policy version.

+
 NOTE: 
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.

+

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 7 PolicyDepends
Parameter

+
Type

+
Description

+
catalog

+
String

+
Service catalog of the permission.

+
display_name

+
String

+
Display name of the permission.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 8 PolicyStatement
Parameter

+
Type

+
Description

+
Action

+
Array of strings

+
Specific operation permission on a resource. A maximum of 100 actions are allowed.

+
 NOTE: 
  • The value format is Service name:Resource type:Operation, for example, vpc:ports:create.
  • Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
  • In the case of a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].

+

+
Effect

+
String

+
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+
Enumerated values:

+
  • Allow
  • Deny

+
Condition

+
Object

+
Conditions for the permission to take effect. A maximum of 10 conditions are allowed. For details about the condition parameters, see .

+
 NOTE: 
Take the condition in the sample request as an example, the values of the condition key (obs:prefix) and string (public) must be equal (StringEquals).

+
 "Condition": {
+              "StringEquals": {
+                "obs:prefix": [
+                  "public"
+                ]
+              }
+            }

+

+
Resource

+
Array of strings

+
Cloud resource. The array can contain a maximum of 10 resource strings, and each string cannot exceed 128 characters.

+
 NOTE: 
  • Format: ::::. For example, obs:::bucket:*. Asterisks are allowed.
  • The region segment can be * or a region accessible to the user. The specified resource must belong to the corresponding service that actually exists.
  • In the case of a custom policy for agencies, the type of this parameter is Object, and the value should be set to "Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}.

+

+

+

+

+
Example Request
GET https://sample.domain.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/inherited_to_projects

+

+
Example Response
Status code: 200

+
The request is successful.

+
{ 
+  "roles" : [ { 
+    "domain_id" : null, 
+    "description_cn" : "Description of the permission in Chinese", 
+    "catalog" : "VulnScan", 
+    "name" : "wscn_adm", 
+    "description" : "Vulnerability Scan Service administrator of tasks and reports.", 
+    "links" : { 
+      "next" : null, 
+      "previous" : null, 
+      "self" : "https://sample.domain.com/v3/roles/0af84c1502f447fa9c2fa18083fbb..." 
+    }, 
+    "id" : "0af84c1502f447fa9c2fa18083fbb...", 
+    "display_name" : "VSS Administrator", 
+    "type" : "XA", 
+    "policy" : { 
+      "Version" : "1.0", 
+      "Statement" : [ { 
+        "Action" : [ "WebScan:*:*" ], 
+        "Effect" : "Allow" 
+      } ], 
+      "Depends" : [ { 
+        "catalog" : "BASE", 
+        "display_name" : "Server Administrator" 
+      }, { 
+        "catalog" : "BASE", 
+        "display_name" : "Tenant Guest" 
+      } ] 
+    } 
+  }, { 
+    "domain_id" : null, 
+    "flag" : "fine_grained", 
+    "description_cn" : "Description of the permission in Chinese", 
+    "catalog" : "CSE", 
+    "name" : "system_all_34", 
+    "description" : "All permissions of CSE service.", 
+    "links" : { 
+      "next" : null, 
+      "previous" : null, 
+      "self" : "https://sample.domain.com/v3/roles/0b5ea44ebdc64a24a9c372b2317f7..." 
+    }, 
+    "id" : "0b5ea44ebdc64a24a9c372b2317f7...", 
+    "display_name" : "CSE Admin", 
+    "type" : "XA", 
+    "policy" : { 
+      "Version" : "1.1", 
+      "Statement" : [ { 
+        "Action" : [ "cse:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*" ], 
+        "Effect" : "Allow" 
+      } ] 
+    } 
+  } ], 
+  "links" : { 
+    "next" : null, 
+    "previous" : null, 
+    "self" : "https://sample.domain.com/v3/roles" 
+  } 
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+

+

+

+
Error Codes
For details, see Error Codes.

+

+

+

+

+
Parent topic: Permission Management

+

+

+
diff --git a/docs/iam/api-ref/iam_10_0012.html b/docs/iam/api-ref/iam_10_0012.html
new file mode 100644
index 00000000..9611a8a4
--- /dev/null
+++ b/docs/iam/api-ref/iam_10_0012.html
@@ -0,0 +1,118 @@
+
+
+
Checking Whether a User Group Has Specified Permissions for All Projects

+
Function
This API is provided for the administrator to check whether a user group has specified permissions for all projects.

+

+
URI
HEAD /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
domain_id

+
Yes

+
String

+
Domain ID. For details about how to obtain the ID, see Obtaining User, Account, User Group, Project, and Agency Information.

+
group_id

+
Yes

+
String

+
User group ID. For details about how to obtain a user group ID, see Obtaining User, Account, User Group, Project, and Agency Information.

+
role_id

+
Yes

+
String

+
Permission ID. For details about how to obtain a permission ID, see Querying a Role List.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
Response Parameters
None

+

+
Example Request
HEAD https://sample.domain.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The server could not find the requested page.

+

+

+

+
Error Codes
For details, see Error Codes.

+

+

+

+

+
Parent topic: Permission Management

+

+

+
diff --git a/docs/iam/api-ref/iam_10_0013.html b/docs/iam/api-ref/iam_10_0013.html
new file mode 100644
index 00000000..d775ba2b
--- /dev/null
+++ b/docs/iam/api-ref/iam_10_0013.html
@@ -0,0 +1,121 @@
+
+
+
Removing Specified Permissions of a User Group in All Projects

+
Function
This API is provided for the administrator to remove the specified permissions of a user group in all projects.

+

+
URI
DELETE /v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
domain_id

+
Yes

+
String

+
ID of the domain to which the user group belongs.

+
group_id

+
Yes

+
String

+
User group ID.

+
role_id

+
Yes

+
String

+
Permission ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
X-Auth-token

+
Yes

+
String

+
Token with Security Administrator or op_auth permissions.

+

+

+

+
Response Parameters
None

+

+
Example Request
DELETE https://sample.domain.com/v3/OS-INHERIT/domains/{domain_id}/groups/{group_id}/roles/{role_id}/inherited_to_projects

+

+
Example Response
None

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
204

+
The request is successful.

+
401

+
Authentication failed.

+
403

+
You do not have permission to perform this action.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+

+

+

+

+

+

+
Parent topic: Permission Management

+

+

+
diff --git a/docs/iam/api-ref/iam_11_0003.html b/docs/iam/api-ref/iam_11_0003.html
new file mode 100644
index 00000000..b981dead
--- /dev/null
+++ b/docs/iam/api-ref/iam_11_0003.html
@@ -0,0 +1,378 @@
+
+
+
Querying Role Assignments

+
Function
This API is used to query the user groups to which a specified role has been assigned.

+

+
URI

+

+
Request Parameters

+

+
Response Parameters

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
405

+
The method specified in the request is not allowed for the requested resource.

+
413

+
The request entity is too large.

+
503

+
Service unavailable.

+

+

+

+

+

+

+
Parent topic: Permission Management

+

+

+
diff --git a/docs/iam/api-ref/iam_11_0016.html b/docs/iam/api-ref/iam_11_0016.html
new file mode 100644
index 00000000..af7fc73c
--- /dev/null
+++ b/docs/iam/api-ref/iam_11_0016.html
@@ -0,0 +1,566 @@
+
+
+
Creating a Custom Policy

+
Function
This API is provided for the administrator to create a custom policy.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
POST /v3.0/OS-ROLE/roles

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
role

+
Yes

+
Object

+
Custom policy information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 role
Parameter

+
Mandatory

+
Type

+
Description

+
display_name

+
Yes

+
String

+
Display name of the custom policy.

+
type

+
Yes

+
String

+
Display mode.

+
 NOTE: 
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.

+

+
description

+
Yes

+
String

+
Description of the custom policy.

+
description_cn

+
No

+
String

+
Description of the custom policy.

+
policy

+
Yes

+
Object

+
Content of custom policy.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 role.policy
Parameter

+
Mandatory

+
Type

+
Description

+
Version

+
Yes

+
String

+
Policy version. When creating a custom policy, set this parameter to 1.1.

+
 NOTE: 
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.

+

+
Statement

+
Yes

+
Array of objects

+
Statement of the policy. A policy can contain a maximum of eight statements.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 role.policy.Statement
Parameter

+
Mandatory

+
Type

+
Description

+
Action

+
Yes

+
Array of strings

+
An action item is a specific operation permission on a resource.

+
 NOTE: 
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].

+

+
Options:

+
  • iam:agencies:assume

+
Effect

+
Yes

+
String

+
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+
Options:

+
  • Allow
  • Deny

+
Resource

+
No

+
Object

+
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example:

+
"Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 6 role.policy.Statement.Resource
Parameter

+
Mandatory

+
Type

+
Description

+
uri

+
Yes

+
Array of strings

+
URI of a delegated resource, which can contain a maximum of 128 characters. Format: /iam/agencies/delegation ID. For example:

+
"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 7 Parameters in the response body
Parameter

+
Type

+
Description

+
role

+
Object

+
Custom policy information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 8 role
Parameter

+
Type

+
Description

+
catalog

+
String

+
Service catalog.

+
display_name

+
String

+
Display name of the custom policy.

+
description

+
String

+
Description of the custom policy.

+
links

+
Object

+
Resource link of the custom policy.

+
policy

+
Object

+
Content of custom policy.

+
description_cn

+
String

+
Description of the custom policy.

+
domain_id

+
String

+
Domain ID.

+
type

+
String

+
Display mode.

+
 NOTE: 
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.

+

+
id

+
String

+
Policy ID.

+
name

+
String

+
Name of the custom policy.

+
updated_time

+
String

+
Time when the custom policy was last updated.

+
created_time

+
String

+
Time when the custom policy was created.

+
references

+
String

+
Number of references.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 9 role.links
Parameter

+
Type

+
Description

+
self

+
String

+
Resource link.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 10 role.policy
Parameter

+
Type

+
Description

+
Version

+
String

+
Policy version.

+
 NOTE: 
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.

+

+
Statement

+
Array of objects

+
Statement of the policy. A policy can contain a maximum of eight statements.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 11 role.policy.Statement
Parameter

+
Type

+
Description

+
Action

+
Array of strings

+
An action item is a specific operation permission on a resource.

+
 NOTE: 
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].

+

+
Effect

+
String

+
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+
Options:

+
  • Allow
  • Deny

+
Resource

+
Object

+
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example:

+
"Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 12 role.policy.Statement.Resource
Parameter

+
Type

+
Description

+
uri

+
Array of strings

+
URI of a delegated resource, which can contain a maximum of 128 characters. Format: /iam/agencies/delegation ID. For example:

+
"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]

+

+

+

+
Example Request
POST https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles

+
{
+    "role": {
+        "display_name": "IAMAgencyPolicy",
+        "type": "AX",
+        "description": "IAMDescription",
+        "description_cn": "Policy description",
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": [
+                        "iam:agencies:assume"
+                    ],
+                    "Resource": {
+                        "uri": [
+                            "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"
+                        ]
+                    }
+                }
+            ]
+        }
+    }
+}

+

+
Example Response
Status code: 201

+
The request is successful.

+
{
+    "role": {
+        "catalog": "CUSTOMED",
+        "display_name": "IAMAgencyPolicy",
+        "description": "IAMDescription",
+        "links": {
+            "self": "https://iam.eu-de.otc.t-systems.com/v3/roles/f67224e84dc849ab954ce29fb4f47f8e"
+        },
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Action": [
+                        "iam:agencies:assume"
+                    ],
+                    "Resource": {
+                        "uri": [
+                            "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"
+                        ]
+                    },
+                    "Effect": "Allow"
+                }
+            ]
+        },
+        "description_cn": "Policy description",
+        "domain_id": "d78cbac186b744899480f25bd02...",
+        "type": "AX",
+        "id": "f67224e84dc849ab954ce29fb4f47f8e",
+        "name": "custom_d78cbac186b744899480f25bd022f468_0"
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
201

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Custom Policy Management

+

+

+
diff --git a/docs/iam/api-ref/iam_11_0017.html b/docs/iam/api-ref/iam_11_0017.html
new file mode 100644
index 00000000..355a0568
--- /dev/null
+++ b/docs/iam/api-ref/iam_11_0017.html
@@ -0,0 +1,589 @@
+
+
+
Modifying a Custom Policy

+
Function
This API is provided for the administrator to modify a custom policy.

+
The API can be called using both the global endpoint and region-specific endpoints.

+

+
URI
PATCH /v3.0/OS-ROLE/roles/{role_id}

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 URI parameters
Parameter

+
Mandatory

+
Type

+
Description

+
role_id

+
Yes

+
String

+
Custom policy ID. For details about how to obtain a custom policy ID, see Custom Policy ID.

+

+

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
Yes

+
String

+
Fill application/json;charset=utf8 in this field.

+
X-Auth-Token

+
Yes

+
String

+
Token with Security Administrator permissions.

+

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 3 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
role

+
Yes

+
Object

+
Custom policy information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 role
Parameter

+
Mandatory

+
Type

+
Description

+
display_name

+
Yes

+
String

+
Display name of the custom policy.

+
type

+
Yes

+
String

+
Display mode.

+
 NOTE: 
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.

+

+
description

+
Yes

+
String

+
Description of the custom policy.

+
description_cn

+
No

+
String

+
Description of the custom policy.

+
policy

+
Yes

+
Object

+
Content of custom policy.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 5 role.policy
Parameter

+
Mandatory

+
Type

+
Description

+
Version

+
Yes

+
String

+
Policy version. When creating a custom policy, set this parameter to 1.1.

+
 NOTE: 
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.

+

+
Statement

+
Yes

+
Array of objects

+
Statement of the policy. A policy can contain a maximum of eight statements.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 role.policy.Statement
Parameter

+
Mandatory

+
Type

+
Description

+
Action

+
Yes

+
Array of strings

+
An action item is a specific operation permission on a resource.

+
 NOTE: 
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].

+

+
Options:

+
  • iam:agencies:assume

+
Effect

+
Yes

+
String

+
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+
Options:

+
  • Allow
  • Deny

+
Resource

+
No

+
Object

+
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example:

+
"Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 7 role.policy.Statement.Resource
Parameter

+
Mandatory

+
Type

+
Description

+
uri

+
Yes

+
Array of strings

+
URI of a delegated resource, which can contain a maximum of 128 characters. Format: /iam/agencies/delegation ID. For example:

+
"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 8 Parameters in the response body
Parameter

+
Type

+
Description

+
role

+
Object

+
Custom policy information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 9 role
Parameter

+
Type

+
Description

+
catalog

+
String

+
Service catalog.

+
display_name

+
String

+
Display name of the custom policy.

+
description

+
String

+
Description of the custom policy.

+
links

+
Object

+
Resource link of the custom policy.

+
policy

+
Object

+
Content of custom policy.

+
description_cn

+
String

+
Description of the custom policy.

+
domain_id

+
String

+
Domain ID.

+
type

+
String

+
Display mode.

+
 NOTE: 
  • AX: Account level.
  • XA: Project level.
  • The display mode of a custom policy can only be AX or XA. A custom policy must be displayed at either of the two levels.

+

+
id

+
String

+
Policy ID.

+
name

+
String

+
Name of the custom policy.

+
updated_time

+
String

+
Time when the custom policy was last updated.

+
created_time

+
String

+
Time when the custom policy was created.

+
references

+
String

+
Number of references.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 10 role.links
Parameter

+
Type

+
Description

+
self

+
String

+
Resource link.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 11 role.policy
Parameter

+
Type

+
Description

+
Version

+
String

+
Policy version.

+
 NOTE: 
  • 1.0: System-defined role. Only a limited number of service-level roles are provided for authorization.
  • 1.1: Policy. A policy defines the permissions required to perform operations on a specific cloud resource under certain conditions.

+

+
Statement

+
Array of objects

+
Statement of the policy. A policy can contain a maximum of eight statements.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 12 role.policy.Statement
Parameter

+
Type

+
Description

+
Action

+
Array of strings

+
An action item is a specific operation permission on a resource.

+
 NOTE: 
  • For a custom policy for agencies, this parameter should be set to "Action": ["iam:agencies:assume"].

+

+
Effect

+
String

+
Effect of the permission. The value can be Allow or Deny. If both Allow and Deny statements are found in a policy, the authentication starts from the Deny statements.

+
Options:

+
  • Allow
  • Deny

+
Resource

+
Object

+
Resources to be managed. After an account establishes multiple trust relationships between itself and your account, you can authorize IAM users in different user groups to manage resources of the delegating party. Each IAM user can only switch to the delegated agencies. For example:

+
"Resource": {"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]}

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 13 role.policy.Statement.Resource
Parameter

+
Type

+
Description

+
uri

+
Array of strings

+
URI of a delegated resource, which can contain a maximum of 128 characters. Format: /iam/agencies/delegation ID. For example:

+
"uri": ["/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"]

+

+

+

+
Example Request
PATCH https://iam.eu-de.otc.t-systems.com/v3.0/OS-ROLE/roles/{role_id}

+
{
+    "role": {
+        "display_name": "IAMAgencyPolicy",
+        "type": "AX",
+        "description": "IAMDescription",
+        "description_cn": "Policy description",
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Action": [
+                        "iam:agencies:assume"
+                    ],
+                    "Resource": {
+                        "uri": [
+                            "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"
+                        ]
+                    }
+                }
+            ]
+        }
+    }
+}

+

+
Example Response
Status code: 200

+
The request is successful.

+
{
+    "role": {
+        "catalog": "CUSTOMED",
+        "display_name": "IAMAgencyPolicy",
+        "description": "IAMDescription",
+        "links": {
+            "self": "https://iam.eu-de.otc.t-systems.com/v3/roles/f67224e84dc849ab954ce29fb4f47f8e"
+        },
+        "policy": {
+            "Version": "1.1",
+            "Statement": [
+                {
+                    "Action": [
+                        "iam:agencies:assume"
+                    ],
+                    "Resource": {
+                        "uri": [
+                            "/iam/agencies/07805acaba800fdd4fbdc00b8f888c7c"
+                        ]
+                    },
+                    "Effect": "Allow"
+                }
+            ]
+        },
+        "description_cn": "Policy description",
+        "domain_id": "d78cbac186b744899480f25b...",
+        "type": "AX",
+        "id": "f67224e84dc849ab954ce29fb4f47f8e",
+        "name": "custom_d78cbac186b744899480f25bd022f468_0"
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
200

+
The request is successful.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
500

+
Internal server error.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Custom Policy Management

+

+

+
diff --git a/docs/iam/api-ref/iam_13_0604.html b/docs/iam/api-ref/iam_13_0604.html
new file mode 100644
index 00000000..1765df9b
--- /dev/null
+++ b/docs/iam/api-ref/iam_13_0604.html
@@ -0,0 +1,895 @@
+
+
+
Obtaining a Scoped Token

+
Function
This API is used to obtain a scoped token through federated identity authentication.

+

+
URI
POST /v3/auth/tokens

+

+
Request Parameters

+

+
+
+
+
+
+
+
+
+
+
+
+
Table 1 Parameters in the request header
Parameter

+
Mandatory

+
Type

+
Description

+
Content-Type

+
No

+
String

+
Fill application/json;charset=utf8 in this field.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 2 Parameters in the request body
Parameter

+
Mandatory

+
Type

+
Description

+
auth

+
Yes

+
Object

+
Authentication information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 3 auth
Parameter

+
Mandatory

+
Type

+
Description

+
identity

+
Yes

+
Object

+
Authentication parameters.

+
scope

+
Yes

+
Object

+
Application scope of the token. The value can be project or domain.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 4 auth.identity
Parameter

+
Mandatory

+
Type

+
Description

+
methods

+
Yes

+
Array of strings

+
Authentication method. The value of this field is token.

+
token

+
Yes

+
Object

+
Unscoped token information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
Table 5 auth.identity.token
Parameter

+
Mandatory

+
Type

+
Description

+
id

+
Yes

+
String

+
Unscoped token ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 6 auth.scope
Parameter

+
Mandatory

+
Type

+
Description

+
domain

+
No

+
Object

+
If this field is set to domain, the token can be used to access resources in all projects under the account of a specified ID or name.

+
project

+
No

+
Object

+
If this field is set to project, the token can only be used to access resources in the project of a specified ID or name.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 7 auth.scope.domain
Parameter

+
Mandatory

+
Type

+
Description

+
id

+
No

+
String

+
Domain ID. Either id or name must be specified.

+
name

+
No

+
String

+
Domain name. Either id or name must be specified.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 8 auth.scope.project
Parameter

+
Mandatory

+
Type

+
Description

+
domain

+
No

+
Object

+
Domain information. This parameter is mandatory if the name parameter is set.

+
id

+
No

+
String

+
Project ID. Either id or name must be specified.

+
name

+
No

+
String

+
Project name. Either id or name must be specified.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 9 auth.scope.project.domain
Parameter

+
Mandatory

+
Type

+
Description

+
id

+
No

+
string

+
Domain ID. Either id or name must be specified.

+
name

+
No

+
string

+
Domain name. Either id or name must be specified.

+

+

+

+
Response Parameters

+

+
+
+
+
+
+
+
+
+
+
Table 10 Parameters in the response header
Parameter

+
Type

+
Description

+
X-Subject-Token

+
string

+
Signed scoped token.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 11 Parameters in the response body
Parameter

+
Type

+
Description

+
token

+
Object

+
Details of the scoped token.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 12 token
Parameter

+
Type

+
Description

+
methods

+
Array of strings

+
Method for obtaining the token.

+
expires_at

+
String

+
Time when the token will expire.

+
catalog

+
Array of objects

+
Catalog information.

+
domain

+
Object

+
Domain information of the IAM user who requests for the token. This parameter is returned only when the scope parameter in the request body has been set to domain.

+
project

+
Object

+
Project information of the user. This parameter is returned only when the scope parameter in the request body has been set to project.

+
roles

+
Array of objects

+
Permissions information of the token.

+
user

+
Object

+
Information about the user who requests for the token.

+
issued_at

+
String

+
Time when the token was issued.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 13 token.catalog
Parameter

+
Type

+
Description

+
type

+
String

+
Type of the service to which the API belongs.

+
id

+
String

+
Service ID.

+
name

+
String

+
Service name.

+
endpoints

+
Array of objects

+
Endpoint information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 14 token.catalog.endpoints
Parameter

+
Type

+
Description

+
url

+
String

+
Endpoint URL.

+
region

+
String

+
Region to which the endpoint belongs.

+
region_id

+
String

+
Region ID.

+
interface

+
String

+
Visibility of the API. public indicates that the API is available for public access.

+
id

+
String

+
Endpoint ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 15 token.domain
Parameter

+
Type

+
Description

+
name

+
String

+
Domain name.

+
id

+
String

+
Domain ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 16 token.project
Parameter

+
Type

+
Description

+
name

+
String

+
Project name.

+
id

+
String

+
Project ID.

+
domain

+
Object

+
Domain information of the project.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 17 token.project.domain
Parameter

+
Type

+
Description

+
name

+
String

+
Domain name.

+
id

+
String

+
Domain ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 18 token.roles
Parameter

+
Type

+
Description

+
name

+
String

+
Permission name.

+
id

+
String

+
Permission ID. The default value is 0, which does not correspond to any permission.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 19 token.user
Parameter

+
Type

+
Description

+
domain

+
Object

+
Information about the domain used to create the user.

+
OS-FEDERATION

+
Object

+
Federated identity authentication information.

+
id

+
String

+
User ID.

+
name

+
String

+
Username.

+
password_expires_at

+
String

+
UTC time when the password will expire. If this parameter is empty, it indicates that the password has unlimited validity.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 20 token.user.domain
Parameter

+
Type

+
Description

+
name

+
String

+
Domain name.

+
id

+
String

+
Domain ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 21 token.user.OS-FEDERATION
Parameter

+
Type

+
Description

+
groups

+
Array of objects

+
User group information.

+
identity_provider

+
Object

+
Identity provider information.

+
protocol

+
Object

+
Protocol information.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
Table 22 token.user.OS-FEDERATION.groups
Parameter

+
Type

+
Description

+
id

+
String

+
User group ID.

+
name

+
String

+
User group name.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 23 token.user.OS-FEDERATION.identity_provider
Parameter

+
Type

+
Description

+
id

+
String

+
Identity provider ID.

+

+

+
+

+
+
+
+
+
+
+
+
+
+
Table 24 token.user.OS-FEDERATION.protocol
Parameter

+
Type

+
Description

+
id

+
String

+
Protocol ID.

+

+

+

+
Example Request
POST https://sample.domain.com/v3/auth/tokens

+
{
+    "auth": {
+        "identity": {
+            "methods": [
+                "token"
+            ],
+            "token": {
+                "id": "MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB..."
+            }
+        },
+        "scope": {
+            "domain": {
+                "id": "063bb260a480cecc0f36c0086bb6c..."
+            }
+        }
+    }
+}

+

+
Example Response
Status code: 201

+
The scoped token is obtained successfully.

+
Parameters in the response header
+X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...

+
Parameters in the response body
+{
+    "token": {
+        "expires_at": "2020-02-13T14:21:34.042000Z",
+        "methods": [
+            "token"
+        ],
+        "catalog": [
+            {
+                "endpoints": [
+                    {
+                        "id": "d2983f677ce14f1e81cbb6a9345a1...",
+                        "interface": "public",
+                        "region": "*",
+                        "region_id": "*",
+                        "url": "https://sample.domain.com/v3"
+                    }
+                ],
+                "id": "fd631b3426cb40f0919091d5861d8...",
+                "name": "keystone",
+                "type": "identity"
+            }
+        ],
+        "domain": {
+            "id": "06aa2260a480cecc0f36c0086bb6cfe0",
+            "name": "IAMDomain"
+        },
+        "roles": [
+            {
+                "id": "0",
+                "name": "te_admin"
+            },
+            {
+                "id": "0",
+                "name": "secu_admin"
+            }
+        ],
+        "issued_at": "2020-02-12T14:21:34.042000Z",
+        "user": {
+            "OS-FEDERATION": {
+                "groups": [
+                    {
+                        "id": "06aa2260bb00cecc3f3ac0084a74038f",
+                        "name": "admin"
+                    }
+                ],
+                "identity_provider": {
+                    "id": "ACME"
+                },
+                "protocol": {
+                    "id": "saml"
+                }
+            },
+            "domain": {
+                "id": "06aa2260a480cecc0f36c0086bb6cfe0",
+                "name": "IAMDomain"
+            },
+            "id": "LdQTDSC7zmJVIic3yaCbLBXDxPAdDxLg",
+            "name": "FederationUser",
+            "password_expires_at": ""
+        }
+    }
+}

+

+
Status Codes

+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Status Code

+
Description

+
201

+
The scoped token is obtained successfully.

+
400

+
The server failed to process the request.

+
401

+
Authentication failed.

+
403

+
Access denied.

+
404

+
The requested resource cannot be found.

+
500

+
Internal server error.

+
503

+
Service unavailable.

+

+

+

+
Error Codes
None

+

+

+

+

+
Parent topic: Token

+

+

+
diff --git a/docs/iam/api-ref/iam_19_0003.html b/docs/iam/api-ref/iam_19_0003.html
new file mode 100644
index 00000000..73a5eaa0
--- /dev/null
+++ b/docs/iam/api-ref/iam_19_0003.html
@@ -0,0 +1,17 @@
+
+
+
Introduction

+
By default, new users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

+
An account has all the permissions required to call all APIs, but users must be assigned the required permissions. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. For example, if a user queries ECSs using an API, the user must have been granted permissions that allow the ecs:servers:list action.

+
Supported Actions
IAM provides system-defined policies that can be directly used. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:

+
+
 
  • The check mark (√) and cross symbol (x) indicate that an action takes effect or does not take effect for the corresponding type of projects. A hyphen (-) indicates that an action is irrelevant to the corresponding type of projects.
  • IAM is a global service which does not involve project-based authorization.
  • Some permissions support only actions and do not support APIs, such as permissions for virtual MFA device management.

+

+

+

+

+

+
Parent topic: Permissions Policies and Supported Actions

+

+

+
diff --git a/docs/iam/api-ref/iam_19_0004.html b/docs/iam/api-ref/iam_19_0004.html
new file mode 100644
index 00000000..113288e7
--- /dev/null
+++ b/docs/iam/api-ref/iam_19_0004.html
@@ -0,0 +1,13 @@
+
+
+
Permissions Policies and Supported Actions

+

+

+
+

+
diff --git a/docs/iam/api-ref/iam_20_0000.html b/docs/iam/api-ref/iam_20_0000.html
new file mode 100644
index 00000000..2272f4e7
--- /dev/null
+++ b/docs/iam/api-ref/iam_20_0000.html
@@ -0,0 +1,37 @@
+
+
+
APIs

+

+

+
+

+
diff --git a/docs/iam/api-ref/public_sys-resources/ExpandCollapse.js b/docs/iam/api-ref/public_sys-resources/ExpandCollapse.js
new file mode 100644
index 00000000..116ddaab
--- /dev/null
+++ b/docs/iam/api-ref/public_sys-resources/ExpandCollapse.js
@@ -0,0 +1 @@
+var expandClassName="dropdownexpand";var collapseClassName="dropdowncollapse";var collapseTableClassName="dropdowncollapsetable";function ExpandorCollapseNode(a){a=a.parentNode;if(a.className==expandClassName){a.className=collapseClassName}else{a.className=expandClassName}}function ExpandorCollapseTableNode(a){a=a.parentNode;if(a.className==expandClassName){a.className=collapseTableClassName}else{a.className=expandClassName}}function ExpandorCollapseAllNodes(g,h,c){var a=g.getAttribute("title");var b=g.parentNode;if(a=="collapse"){g.setAttribute("title","expand");g.className="dropdownAllButtonexpand";g.innerHTML=h}else{g.setAttribute("title","collapse");g.className="dropdownAllButtoncollapse";g.innerHTML=c}var f=b.getElementsByTagName("*");for(var d=0;d-1){ExpandForHref(a.substring(a.lastIndexOf("#")+1))}}catch(c){}};
\ No newline at end of file
diff --git a/docs/iam/api-ref/public_sys-resources/caution_3.0-en-us.png b/docs/iam/api-ref/public_sys-resources/caution_3.0-en-us.png
new file mode 100644
index 00000000..60f60762
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/caution_3.0-en-us.png differ
diff --git a/docs/iam/api-ref/public_sys-resources/commonltr.css b/docs/iam/api-ref/public_sys-resources/commonltr.css
new file mode 100644
index 00000000..c5480b0a
--- /dev/null
+++ b/docs/iam/api-ref/public_sys-resources/commonltr.css
@@ -0,0 +1 @@
+body{font-size:10pt;font-family:Arial;margin:1.5em;border-top:2pt;padding-top:1em;padding-bottom:2em}.msgph{font-family:Courier New}.rowlinecopyright{color:red;margin-top:10pt}.unresolved{background-color:skyblue}.noTemplate{background-color:yellow}.base{background-color:#fff}.nested0{margin-top:1em}.p{margin-top:.6em;margin-bottom:.6em}p{margin-top:.5em;margin-bottom:.5em}.note p{margin-top:.5em;margin-bottom:.5em}.tip p{margin-top:.5em;margin-bottom:.5em}.danger p{margin-top:.5em;margin-bottom:.5em}.notice p{margin-top:.5em;margin-bottom:.5em}.warning p{margin-top:.5em;margin-bottom:.5em}.caution p{margin-top:.5em;margin-bottom:.5em}.attention p{margin-top:.5em;margin-bottom:.5em}table p{margin-top:.2em;margin-bottom:.2em}table .p{margin-top:.4em;margin-bottom:.2em}.figcap{font-size:10pt}img{margin-top:.3em}.figdesc{font-style:normal}.figborder{border-style:solid;padding-left:3px;border-width:2px;padding-right:3px;margin-top:1em;border-color:Silver}.figsides{border-left:2px solid;padding-left:3px;border-right:2px solid;padding-right:3px;margin-top:1em;border-color:Silver}.figtop{border-top:2px solid;margin-top:1em;border-color:Silver}.figbottom{border-bottom:2px solid;border-color:Silver}.figtopbot{border-top:2px solid;border-bottom:2px solid;margin-top:1em;border-color:Silver}.fignone{font-size:10pt;margin-top:8pt;margin-bottom:8pt}.familylinks{margin-top:1.5em;margin-bottom:1em}.ullinks{list-style-type:none}.linklist{margin-bottom:1em}.linklistwithchild{margin-left:1.5em;margin-bottom:1em}.sublinklist{margin-left:1.5em;margin-bottom:1em}.relconcepts{margin-top:.6em;margin-bottom:.6em}.reltasks{margin-top:.6em;margin-bottom:.6em}.relref{margin-top:.6em;margin-bottom:.6em}.relinfo{margin-top:.6em;margin-bottom:.6em}.breadcrumb{font-size:smaller;margin-bottom:.6em}.prereq{margin-left:20px}.parentlink{margin-top:.6em;margin-bottom:.6em}.nextlink{margin-top:.6em;margin-bottom:.6em}.previouslink{margin-top:.6em;margin-bottom:.6em}.topictitle1{margin-top:0;margin-bottom:1em;font-size:14pt;color:#007af4}.topictitle2{margin-top:1pc;margin-bottom:.45em;font-size:1.17em;color:#007af4}.topictitle3{margin-top:1pc;margin-bottom:.17em;font-size:1.17em;font-weight:bold;color:#007af4}.topictitle4{margin-top:.83em;font-size:1.17em;font-weight:bold}.topictitle5{font-size:1.17em;font-weight:bold}.topictitle6{font-size:1.17em;font-style:italic}.sectiontitle{margin-top:1em;margin-bottom:1em;color:black;font-size:10.5pt;font-weight:bold;color:#007af4;overflow:auto}.section{margin-top:1em;margin-bottom:1em}.example{margin-top:1em;margin-bottom:1em}.sectiontitle2contents:link{color:#007af4}.sectiontitle2contents:visited{color:#800080}.note{margin-top:1em;margin-bottom:1em;background-color:#ffc}.notetitle{font-weight:bold}.notelisttitle{font-weight:bold}.tip{margin-top:1em;margin-bottom:1em;background-color:#ffc}.tiptitle{font-weight:bold}.fastpath{margin-top:1em;margin-bottom:1em;background-color:#ffc}.fastpathtitle{font-weight:bold}.important{margin-top:1em;margin-bottom:1em;background-color:#ffc}.importanttitle{font-weight:bold}.remember{margin-top:1em;margin-bottom:1em;background-color:#ffc}.remembertitle{font-weight:bold}.restriction{margin-top:1em;margin-bottom:1em;background-color:#ffc}.restrictiontitle{font-weight:bold}.attention{margin-top:1em;margin-bottom:1em;background-color:#ffc}.attentiontitle{font-weight:bold}.dangertitle{font-weight:bold}.danger{margin-top:1em;margin-bottom:1em;background-color:#ffc}.noticetitle{font-weight:bold}.notice{margin-top:1em;margin-bottom:1em;background-color:#ffc}.warningtitle{font-weight:bold}.warning{margin-top:1em;margin-bottom:1em;background-color:#ffc}.cautiontitle{font-weight:bold}.caution{margin-top:1em;margin-bottom:1em;background-color:#ffc}ul.simple{list-style-type:none}li ul{margin-top:.6em}li{margin-top:.6em;margin-bottom:.6em}.note li{margin-top:.2em;margin-bottom:.2em}.tip li{margin-top:.2em;margin-bottom:.2em}.danger li{margin-top:.2em;margin-bottom:.2em}.warning li{margin-top:.2em;margin-bottom:.2em}.notice li{margin-top:.2em;margin-bottom:.2em}.caution li{margin-top:.2em;margin-bottom:.2em}.attention li{margin-top:.2em;margin-bottom:.2em}table li{margin-top:.2em;margin-bottom:.2em}ol{margin-top:1em;margin-bottom:1em;margin-left:2.4em;padding-left:0}ul{margin-top:1em;margin-bottom:1em;margin-left:2.0em;padding-left:0}ol ul{list-style:disc}ul ul{list-style:square}ol ul ul{list-style:square}ol ul{list-style-type:disc}table ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}table ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ul{margin-top:.4em;margin-bottom:.4em;list-style:square}table ol ol{margin-top:.4em;margin-bottom:.4em;list-style:lower-alpha}table ol ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}.substepthirdol{list-style-type:lower-roman}.firstcol{font-weight:bold}th{background-color:#cfcfcf}table{margin-top:8pt;margin-bottom:12pt;width:100%}table caption{margin-top:8pt;text-align:left}.bold{font-weight:bold}.boldItalic{font-weight:bold;font-style:italic}.italic{font-style:italic}.underlined{text-decoration:underline}.var{font-style:italic}.shortcut{text-decoration:underline}.dlterm{font-weight:bold}dd{margin-top:.5em;margin-bottom:.5em}.dltermexpand{font-weight:bold;margin-top:1em}*[compact="yes"]>li{margin-top:0}*[compact="no"]>li{margin-top:.53em}.liexpand{margin-top:1em;margin-bottom:1em}.sliexpand{margin-top:1em;margin-bottom:1em}.dlexpand{margin-top:1em;margin-bottom:1em}.ddexpand{margin-top:1em;margin-bottom:1em}.stepexpand{margin-top:.3em;margin-bottom:.3em}.substepexpand{margin-top:.3em;margin-bottom:.3em}div.imageleft{text-align:left}div.imagecenter{text-align:center}div.imageright{text-align:right}div.imagejustify{text-align:justify}div.noblankline{text-align:center}div.noblankline img{margin-top:0}pre.screen{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;background-color:#ddd;white-space:pre}pre.codeblock{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;background-color:#ddd;white-space:pre}.hrcopyright{color:#3f4e5d;margin-top:18pt}.hwcopyright{text-align:center}.comment{margin:2px 2px 2px 2px;font-family:Arial;font-size:10pt;background-color:#bfb;color:#000}.dropdownAllButtonexpand{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdownAllButtoncollapse{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;text-decoration:underline;color:#007af4}.dropdowntitle{background-repeat:no-repeat;background-position:0 4px;padding-left:15px;cursor:pointer;text-decoration:underline;color:#007af4}.dropdownexpand .dropdowntitle{background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapse .dropdowncontext{display:none}.dropdowncollapse .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdowncollapsetable{border:0}.dropdowncollapsetable .dropdowncontext{display:none}.dropdowncollapsetable .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}pre{font-size:10pt;font-weight:normal;margin-left:9;margin-top:2;margin-bottom:2}.termcolor{color:blue;cursor:pointer}#dhtmlgoodies_tooltip{background-color:#f0f0d2;border:1px solid #000;position:absolute;display:none;z-index:20000;padding:2px;font-size:.9em;-moz-border-radius:6px;font-family:"Trebuchet MS","Lucida Sans Unicode",Arial,sans-serif}#dhtmlgoodies_tooltipShadow{position:absolute;background-color:#555;display:none;z-index:10000;opacity:.7;filter:alpha(opacity=70);-khtml-opacity:.7;-moz-opacity:.7;-moz-border-radius:6px}.freeze{position:fixed;_position:absolute;_top:expression(eval(document.documentElement.scrollTop));left:10;top:0}
\ No newline at end of file
diff --git a/docs/iam/api-ref/public_sys-resources/commonltr_print.css b/docs/iam/api-ref/public_sys-resources/commonltr_print.css
new file mode 100644
index 00000000..a5982314
--- /dev/null
+++ b/docs/iam/api-ref/public_sys-resources/commonltr_print.css
@@ -0,0 +1 @@
+body{font-size:12.0pt;margin:1.5em;margin-left:1.6cm}.msgph{font-family:Courier New}.rowlinecopyright{color:red;margin-top:10pt}.unresolved{background-color:skyblue}.noTemplate{background-color:yellow}.base{background-color:#fff}.nested0{margin-top:1em}.p{margin-top:1em}p{margin-top:.5em;margin-bottom:.5em}.note p{margin-top:.5em;margin-bottom:.5em}.tip p{margin-top:.5em;margin-bottom:.5em}.danger p{margin-top:.5em;margin-bottom:.5em}.warning p{margin-top:.5em;margin-bottom:.5em}.notice p{margin-top:.5em;margin-bottom:.5em}.caution p{margin-top:.5em;margin-bottom:.5em}.attention p{margin-top:.5em;margin-bottom:.5em}table p{margin-top:.2em;margin-bottom:.2em}table .p{margin-top:.4em;margin-bottom:.2em}.covertable{border:0;width:100% cellpadding:8pt;cellspacing:8pt}.cover_productname{font-size:15.0pt;font-family:"Arial"}.cover_manualtitle{font-size:24.0pt;font-weight:bold;font-family:"Arial"}.cover_manualsubtitle{font-size:18.0pt;font-weight:bold;font-family:"Arial"}.cover_heading{font-size:12.0pt;font-weight:bold;font-family:"Arial"}.cover_text{font-size:9.0pt;font-family:"Arial"}.tocheading,.heading1,.topictitle1{margin-top:40.0pt;margin-right:0;margin-bottom:20.0pt;margin-left:-1cm;text-align:left;border:0;border-bottom:solid windowtext .5pt;font-size:22.0pt;font-family:"Arial";font-weight:bold}.topictitlenumber1{font-size:72.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle2{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:-1cm;text-indent:0;font-size:18.0pt;font-family:"Arial";font-weight:bold}.topictitle3{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:16.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle4{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:14.0pt;font-family:"Book Antiqua";font-weight:bold}.topictitle5{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.blocklabel,.topictitle6{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.sectiontitle{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:-1cm;text-indent:0;font-size:13.0pt;font-family:"Arial";font-weight:bold}.tocentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:12.0pt;font-family:"Book Antiqua";font-weight:bold}.tocentry2{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry3{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry4{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tocentry5{margin-top:4.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman"}.tofentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman";font-weight:normal}.totentry1{margin-top:8.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;line-height:12.0pt;font-size:11.0pt;font-family:"Times New Roman";font-weight:normal}.indexheading{margin-top:15.0pt;margin-right:0;margin-bottom:4.0pt;margin-left:0;text-indent:0;font-size:13.0pt;font-family:"Book Antiqua";font-weight:bold}.indexentry1{margin-top:4pt;margin-right:0;margin-bottom:0;margin-left:0;line-height:12.0pt;font-size:12.0pt;font-family:"Times New Roman"}.indexentry2{margin-top:0;margin-right:0;margin-bottom:0;margin-left:24.0pt;line-height:12.0pt;font-size:12.0pt}.indexentry3{margin-top:0;margin-right:0;margin-bottom:0;margin-left:48pt;line-height:12.0pt;font-size:12.0pt}.figurenumber{font-weight:bold}.tablenumber{font-weight:bold}.familylinks{margin-top:1.5em;margin-bottom:1em}.figcap{font-size:11.0pt}.tablecap{font-size:11.0pt}.figdesc{font-style:normal}.fignone{margin-top:8.0pt}.figborder{border-style:solid;padding-left:3px;border-width:2px;padding-right:3px;margin-top:1em;border-color:Silver}.figsides{border-left:2px solid;padding-left:3px;border-right:2px solid;padding-right:3px;margin-top:1em;border-color:Silver}.figtop{border-top:2px solid;margin-top:1em;border-color:Silver}.figbottom{border-bottom:2px solid;border-color:Silver}.figtopbot{border-top:2px solid;border-bottom:2px solid;margin-top:1em;border-color:Silver}.ullinks{margin-left:0;list-style-type:none}.ulchildlink{margin-top:1em;margin-bottom:1em}.olchildlink{margin-top:1em;margin-bottom:1em;margin-left:1em}.linklist{margin-bottom:1em}.linklistwithchild{margin-left:1.5em;margin-bottom:1em}.sublinklist{margin-left:1.5em;margin-bottom:1em}.relconcepts{margin-left:1cm;margin-top:1em;margin-bottom:1em}.reltasks{margin-left:1cm;margin-top:1em;margin-bottom:1em}.relref{margin-left:1cm;margin-top:1em;margin-bottom:1em}.relinfo{margin-top:1em;margin-bottom:1em}.breadcrumb{font-size:smaller;margin-bottom:1em}.prereq{margin-left:0}.parentlink{margin-top:.6em;margin-bottom:.6em}.nextlink{margin-top:.6em;margin-bottom:.6em}.previouslink{margin-top:.6em;margin-bottom:.6em}.section{margin-top:1em;margin-bottom:1em}.example{margin-top:1em;margin-bottom:1em}table .note{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.note{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.notetitle{font-weight:bold;font-size:11.0pt}.notelisttitle{font-weight:bold}table .tip{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.tip{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.tiptitle{font-weight:bold;font-size:11.0pt}table .fastpath{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.fastpath{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.fastpathtitle{font-weight:bold;font-size:11.0pt}table .important{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.important{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.importanttitle{font-weight:bold;font-size:11.0pt}table .remember{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.remember{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.remembertitle{font-weight:bold;font-size:11.0pt}table .restriction{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman";font-style:italic}.restriction{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;border-top:solid .5pt;border-bottom:solid .5pt}.restrictiontitle{font-weight:bold;font-size:11.0pt}table .attention{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.attention{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}.attentiontitle{font-weight:bold}table .danger{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.dangertitle{font-weight:bold}.danger{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .notice{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.noticetitle{font-weight:bold}.notice{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .warning{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}.warningtitle{font-weight:bold}.warning{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}table .caution{margin-top:1em;margin-bottom:1em;border:0;font-size:10.0pt;font-family:"Times New Roman"}table caption{margin-top:8pt;text-align:left;font-weight:bold}.tablenoborder{margin-top:8pt}.cautiontitle{font-weight:bold}.caution{margin-top:1em;margin-bottom:1em;border:0;border-top:solid .5pt;border-bottom:solid .5pt}ul.simple{list-style-type:none}li ul{margin-top:.6em}li{margin-top:.6em;margin-bottom:.6em}.note li{margin-top:.2em;margin-bottom:.2em}.tip li{margin-top:.2em;margin-bottom:.2em}.danger li{margin-top:.2em;margin-bottom:.2em}.warning li{margin-top:.2em;margin-bottom:.2em}.notice li{margin-top:.2em;margin-bottom:.2em}.caution li{margin-top:.2em;margin-bottom:.2em}.attention li{margin-top:.2em;margin-bottom:.2em}table li{margin-top:.2em;margin-bottom:.2em}.firstcol{font-weight:bold}th{background-color:#cfcfcf}.bold{font-weight:bold}.boldItalic{font-weight:bold;font-style:italic}.italic{font-style:italic}.underlined{text-decoration:underline}.var{font-style:italic}.shortcut{text-decoration:underline}.dlterm{font-weight:bold}dd{margin-top:.5em;margin-bottom:.5em}.dltermexpand{font-weight:bold;margin-top:1em}*[compact="yes"]>li{margin-top:0}*[compact="no"]>li{margin-top:.53em}.liexpand{margin-top:1em;margin-bottom:1em}.sliexpand{margin-top:1em;margin-bottom:1em}.dlexpand{margin-top:1em;margin-bottom:1em}.ddexpand{margin-top:1em;margin-bottom:1em}.stepexpand{margin-top:1em;margin-bottom:1em}.substepexpand{margin-top:1em;margin-bottom:1em}table{margin-top:8pt;margin-bottom:10.0pt;width:100%}thead{font-size:10.0pt;font-family:"Book Antiqua";font-weight:bold}tbody{font-size:11.0pt}ol{margin-top:1em;margin-bottom:1em;margin-left:1.7em;-webkit-padding-start:0}ul{margin-top:1em;margin-bottom:1em;margin-left:1.2em;-webkit-padding-start:0}ol ul{list-style:disc}ul ul{list-style:square}ol ol{list-style-type:lower-alpha}table ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}table ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ul{margin-top:.4em;margin-bottom:.4em;list-style:square}table ol ol{margin-top:.4em;margin-bottom:.4em;list-style:lower-alpha}table ol ul{margin-top:.4em;margin-bottom:.4em;list-style:disc}table ul ol{margin-top:.4em;margin-bottom:.4em;list-style:decimal}.substepthirdol{list-style-type:lower-roman}div.imageleft{text-align:left}div.imagecenter{text-align:center}div.imageright{text-align:right}div.imagejustify{text-align:justify}div.noblankline{text-align:center}div.noblankline img{margin-top:0}pre{font-size:10.0pt;border-width:2px;padding:2px;margin-top:5px;margin-bottom:5px;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}pre.screen{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;white-space:pre}pre.codeblock{margin-top:2px;margin-bottom:2px;padding:1.5px 1.5px 0 1.5px;border:0;white-space:pre}.dropdownAllButtonexpand{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4}.dropdownAllButtoncollapse{cursor:pointer;background-repeat:no-repeat;background-position:0 4px;padding-left:15px;background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;text-decoration:underline;color:#007af4}.dropdowntitle{background-repeat:no-repeat;background-position:0 4px;padding-left:15px;cursor:pointer;text-decoration:underline;color:#007af4}.dropdownexpand .dropdowntitle{background-image:url(icon-arrowdn.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapse .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.dropdowncollapsetable .dropdowntitle{background-image:url(icon-arrowrt.gif);text-decoration:underline;color:#007af4;margin:0 0 8px 0}.prefacesectiontitle1{margin-top:10.0pt;margin-right:0;margin-bottom:8.0pt;margin-left:-1cm;text-indent:0;font-size:18.0pt;font-family:"Book Antiqua";font-weight:bold;overflow:auto}.termcolor{color:blue;cursor:pointer}#dhtmlgoodies_tooltip{background-color:#f0f0d2;border:1px solid #000;position:absolute;display:none;z-index:20000;padding:2px;font-size:.9em;-moz-border-radius:6px;font-family:"Trebuchet MS","Lucida Sans Unicode",Arial,sans-serif}#dhtmlgoodies_tooltipShadow{position:absolute;background-color:#555;display:none;z-index:10000;opacity:.7;filter:alpha(opacity=70);-khtml-opacity:.7;-moz-opacity:.7;-moz-border-radius:6px}.freeze{position:fixed;_position:absolute;_top:expression(eval(document.documentElement.scrollTop));left:10;top:0}.hrcopyright{color:#3f4e5d;margin-top:18pt;margin-left:-1cm}.hwcopyright{text-align:center;font-family:Arial;margin-left:-1cm}
\ No newline at end of file
diff --git a/docs/iam/api-ref/public_sys-resources/commonrtl.css b/docs/iam/api-ref/public_sys-resources/commonrtl.css
new file mode 100644
index 00000000..f261da75
--- /dev/null
+++ b/docs/iam/api-ref/public_sys-resources/commonrtl.css
@@ -0,0 +1,2 @@
+/*! Copyright (c) Huawei Technologies Co., Ltd. 2020-2022. All rights reserved. */.msgph{font-family:Courier New}.unresolved{background-color:#87ceeb}.noTemplate{background-color:#ff0}.base{background-color:#fff}/*!  Add space for top level topics */.nested0,.p{margin-top:1em}/*!  div with class=p is used for paragraphs that contain blocks, to keep the XHTML valid *//*!  Default of italics to set apart figure captions */.figcap,.italic,.var{font-style:italic}.figdesc{font-style:normal}/*!  Use @frame to create frames on figures */.figborder{padding-left:3px;padding-right:3px;margin-top:1em;border:2px solid Silver}.figsides{margin-top:1em;padding-left:3px;padding-right:3px;border-left:2px solid Silver;border-right:2px solid Silver}.figtop{border-top:2px solid Silver;margin-top:1em}.figbottom{border-bottom:2px solid Silver}.figtopbot{border-top:2px solid Silver;border-bottom:2px solid Silver;margin-top:1em}/*!  Most link groups are created with 
. Ensure they have space before and after. */.ullinks,ul.simple{list-style-type:none}.attention,.danger,.ddexpand,.dlexpand,.example,.fastpath,.important,.liexpand,.linklist,.note,.notice,.olchildlink,.relconcepts,.relinfo,.relref,.reltasks,.remember,.restriction,.section,.sliexpand,.stepexpand,.substepexpand,.tip,.ulchildlink,.warning{margin-top:1em;margin-bottom:1em}.linklistwithchild,.sublinklist{margin-top:1em;margin-right:1.5em;margin-bottom:1em}.breadcrumb{font-size:smaller;margin-bottom:1em}.prereq{margin-right:20px}/*!  Set heading sizes, getting smaller for deeper nesting */.topictitle1{font-size:1.34em;margin-top:0;margin-bottom:.1em}.topictitle2,.topictitle3,.topictitle4,.topictitle5,.topictitle6,.sectiontitle{font-size:1.17em}.topictitle2{margin-top:1pc;margin-bottom:.45em}.topictitle3{margin-top:1pc;margin-bottom:.17em;font-weight:700}.topictitle4{margin-top:.83em;font-weight:700}.topictitle5{font-weight:700}.topictitle6{font-style:italic}.sectiontitle{margin-top:1em;margin-bottom:0;color:#000;font-weight:700}/*!  All note formats have the same default presentation */.attentiontitle,.bold,.cautiontitle,.dangertitle,.dlterm,.fastpathtitle,.firstcol,.importanttitle,.notelisttitle,.notetitle,.noticetitle,.parmname,.remembertitle,.restrictiontitle,.tiptitle,.uicontrol,.warningtitle{font-weight:700}.caution{font-weight:700;margin-bottom:1em}/*!  Simple lists do not get a bullet *//*!  Used on the first column of a table, when rowheader="firstcol" is used *//*!  Various basic phrase styles */.boldItalic{font-weight:700;font-style:italic}.shortcut,.underlined{text-decoration:underline}/*!  2008-10-27 keyword采用跟随上下文的样式
+*//*!  Default of bold for definition list terms *//*!  Use CSS to expand lists with @compact="no" */.dltermexpand{font-weight:700;margin-top:1em}[compact="yes"]>li{margin-top:0}[compact="no"]>li{margin-top:.53em}/*!  Align images based on @align on topic/image */div.imageleft,.text-align-left{text-align:left}div.imagecenter,.text-align-center{text-align:center}div.imageright,.text-align-right{text-align:right}div.imagejustify,.text-align-justify{text-align:justify}.cellrowborder{border-right:0;border-top:0;border-left:1px solid;border-bottom:1px solid}.row-nocellborder{border-left:hidden;border-right:0;border-top:0;border-bottom:1px solid}.cell-norowborder{border-top:0;border-bottom:hidden;border-right:0;border-left:1px solid}.nocellnorowborder{border:0;border-left:hidden;border-bottom:hidden}pre.codeblock,pre.screen{padding:5px;border:outset;background-color:#ccc;margin-top:2px;margin-bottom:2px;white-space:pre}
\ No newline at end of file
diff --git a/docs/iam/api-ref/public_sys-resources/danger_3.0-en-us.png b/docs/iam/api-ref/public_sys-resources/danger_3.0-en-us.png
new file mode 100644
index 00000000..47a9c723
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/danger_3.0-en-us.png differ
diff --git a/docs/iam/api-ref/public_sys-resources/delta.gif b/docs/iam/api-ref/public_sys-resources/delta.gif
new file mode 100644
index 00000000..0d1b1f67
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/delta.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/deltaend.gif b/docs/iam/api-ref/public_sys-resources/deltaend.gif
new file mode 100644
index 00000000..cc7da0fc
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/deltaend.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-arrowdn.gif b/docs/iam/api-ref/public_sys-resources/icon-arrowdn.gif
new file mode 100644
index 00000000..84eec9be
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-arrowdn.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-arrowrt.gif b/docs/iam/api-ref/public_sys-resources/icon-arrowrt.gif
new file mode 100644
index 00000000..39583d16
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-arrowrt.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-caution.gif b/docs/iam/api-ref/public_sys-resources/icon-caution.gif
new file mode 100644
index 00000000..079c79b2
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-caution.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-danger.gif b/docs/iam/api-ref/public_sys-resources/icon-danger.gif
new file mode 100644
index 00000000..079c79b2
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-danger.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-huawei.gif b/docs/iam/api-ref/public_sys-resources/icon-huawei.gif
new file mode 100644
index 00000000..a31d60f8
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-huawei.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-note.gif b/docs/iam/api-ref/public_sys-resources/icon-note.gif
new file mode 100644
index 00000000..31be2b03
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-note.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-notice.gif b/docs/iam/api-ref/public_sys-resources/icon-notice.gif
new file mode 100644
index 00000000..40907065
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-notice.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-tip.gif b/docs/iam/api-ref/public_sys-resources/icon-tip.gif
new file mode 100644
index 00000000..c47bae05
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-tip.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/icon-warning.gif b/docs/iam/api-ref/public_sys-resources/icon-warning.gif
new file mode 100644
index 00000000..079c79b2
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/icon-warning.gif differ
diff --git a/docs/iam/api-ref/public_sys-resources/note_3.0-en-us.png b/docs/iam/api-ref/public_sys-resources/note_3.0-en-us.png
new file mode 100644
index 00000000..57a0e1f5
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/note_3.0-en-us.png differ
diff --git a/docs/iam/api-ref/public_sys-resources/notice_3.0-en-us.png b/docs/iam/api-ref/public_sys-resources/notice_3.0-en-us.png
new file mode 100644
index 00000000..fa4b6499
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/notice_3.0-en-us.png differ
diff --git a/docs/iam/api-ref/public_sys-resources/popup.js b/docs/iam/api-ref/public_sys-resources/popup.js
new file mode 100644
index 00000000..a550862e
--- /dev/null
+++ b/docs/iam/api-ref/public_sys-resources/popup.js
@@ -0,0 +1 @@
+var i=0;var dhtmlgoodies_tooltipFlag=false;var dhtmlgoodies_tooltip="";var dhtmlgoodies_tooltipShadow="";var dhtmlgoodies_shadowSize=3;var dhtmlgoodies_tooltipMaxWidth=500;var dhtmlgoodies_tooltipMinWidth=100;var dhtmlgoodies_iframe=false;var timeId;var clickFlag=false;var tooltip_is_msie=(navigator.userAgent.indexOf("MSIE")>=0&&navigator.userAgent.indexOf("opera")==-1&&document.all)?true:false;var xPos;var yPos;window.document.onmousemove=function(a){a=a||window.event;if(a.pageX){xPos=a.pageX;yPos=a.pageY}else{if(document.body!==null&&typeof document.body!=="undefined"){xPos=a.clientX+document.body.scrollLeft-document.body.clientLeft;yPos=a.clientY+document.body.scrollTop-document.body.clientTop}}};function showTooltip(e){if(document.body===null||typeof document.body==="undefined"){return}if(i==0){return}clickFlag=true;var f=Json.parse("jsonData."+e);var a=Math.max(document.body.clientWidth,document.documentElement.clientWidth)-20;if(!dhtmlgoodies_tooltipFlag){dhtmlgoodies_tooltip=document.createElement("DIV");dhtmlgoodies_tooltip.id="dhtmlgoodies_tooltip";dhtmlgoodies_tooltipShadow=document.createElement("DIV");dhtmlgoodies_tooltipShadow.id="dhtmlgoodies_tooltipShadow";document.body.appendChild(dhtmlgoodies_tooltip);document.body.appendChild(dhtmlgoodies_tooltipShadow);if(tooltip_is_msie){dhtmlgoodies_iframe=document.createElement("IFRAME");dhtmlgoodies_iframe.frameborder="5";dhtmlgoodies_iframe.style.backgroundColor="#FFFFFF";dhtmlgoodies_iframe.src="#";dhtmlgoodies_iframe.style.zIndex=100;dhtmlgoodies_iframe.style.position="absolute";document.body.appendChild(dhtmlgoodies_iframe)}}dhtmlgoodies_tooltip.style.display="block";dhtmlgoodies_tooltipShadow.style.display="block";if(tooltip_is_msie){dhtmlgoodies_iframe.style.display="block"}var b=Math.max(document.body.scrollTop,document.documentElement.scrollTop);if(navigator.userAgent.toLowerCase().indexOf("safari")>=0){b=0}var c=xPos+10;dhtmlgoodies_tooltip.style.width=null;dhtmlgoodies_tooltip.innerHTML=f;dhtmlgoodies_tooltip.style.left=c+"px";if(tooltip_is_msie){dhtmlgoodies_tooltip.style.top=yPos+20+b+"px"}else{dhtmlgoodies_tooltip.style.top=yPos+20+"px"}dhtmlgoodies_tooltipShadow.style.left=c+dhtmlgoodies_shadowSize+"px";if(tooltip_is_msie){dhtmlgoodies_tooltipShadow.style.top=yPos+20+b+dhtmlgoodies_shadowSize+"px"}else{dhtmlgoodies_tooltipShadow.style.top=yPos+20+dhtmlgoodies_shadowSize+"px"}if(dhtmlgoodies_tooltip.offsetWidth>dhtmlgoodies_tooltipMaxWidth){dhtmlgoodies_tooltip.style.width=dhtmlgoodies_tooltipMaxWidth+"px"}var d=dhtmlgoodies_tooltip.offsetWidth;if(da){dhtmlgoodies_tooltip.style.left=(dhtmlgoodies_tooltipShadow.style.left.replace("px","")-((c+d)-a))+"px";dhtmlgoodies_tooltipShadow.style.left=(dhtmlgoodies_tooltipShadow.style.left.replace("px","")-((c+d)-a)+dhtmlgoodies_shadowSize)+"px"}if(tooltip_is_msie){dhtmlgoodies_iframe.style.left=dhtmlgoodies_tooltip.style.left;dhtmlgoodies_iframe.style.top=dhtmlgoodies_tooltip.style.top;dhtmlgoodies_iframe.style.width=dhtmlgoodies_tooltip.offsetWidth+"px";dhtmlgoodies_iframe.style.height=dhtmlgoodies_tooltip.offsetHeight+"px"}}function hideTooltip(){i=0;clickFlag=false;if((dhtmlgoodies_tooltip!==null&&typeof dhtmlgoodies_tooltip!=="undefined")&&+(dhtmlgoodies_tooltip.style!==null&&typeof dhtmlgoodies_tooltip.style!=="undefined")){dhtmlgoodies_tooltip.style.display="none";dhtmlgoodies_tooltipShadow.style.display="none";if(tooltip_is_msie){dhtmlgoodies_iframe.style.display="none"}}if(timeId!==null&&typeof timeId!=="undefined"&&timeId!=""){clearTimeout(timeId)}}function showText(a){i=1;timeId=setTimeout(function(){showTooltip(a)},500)}function showText2(a){if(!clickFlag){i=1;showTooltip(a);i=0;if(timeId!==null&&typeof timeId!=="undefined"&&timeId!=""){clearTimeout(timeId)}}}function anchorScroll(b){var d=document.getElementsByName(b);if(d!=null&&d.length>0){var c=d[0];var a=c.getBoundingClientRect().left+(document.body.scrollLeft||(document.documentElement&&document.documentElement.scrollLeft));var e=c.getBoundingClientRect().top+(document.body.scrollTop||(document.documentElement&&document.documentElement.scrollTop));window.scrollTo(a,e-30)}};
\ No newline at end of file
diff --git a/docs/iam/api-ref/public_sys-resources/warning_3.0-en-us.png b/docs/iam/api-ref/public_sys-resources/warning_3.0-en-us.png
new file mode 100644
index 00000000..def5c356
Binary files /dev/null and b/docs/iam/api-ref/public_sys-resources/warning_3.0-en-us.png differ