Wei, Hongmin
bdc1f338a2
Reviewed-by: Gladkov, Maksim <mgladkov@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com> Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
68 KiB
API Overview
Token Management
API |
Description |
|---|---|
Obtain a user token through username/password-based authentication. |
|
Obtain an agency token. |
|
Check the validity of a specified token. If the token is valid, detailed information about the token will be returned. |
|
Provided for the administrator to verify the token of a user or provided for a user to verify their token. The administrator can only verify the token of a user created using the account. If the verified token is valid, 200 is displayed. |
|
Delete a token no matter whether the token has expired or not. |
Access Key Management
API |
Description |
|---|---|
Obtain a temporary access key (AK/SK) and security token. |
|
Provided for the administrator to create a permanent access key for a user or provided for a user to create a permanent access key for themselves. |
|
Provided for the administrator to list all permanent access key of a user or provided for a user to list all of their permanent access keys. |
|
Provided for the administrator to query the specified permanent access key of a user or provided for a user to query one of their permanent access keys. |
|
Provided for the administrator to modify the specified permanent access key of a user or provided for a user to modify one of their permanent access keys. |
|
Provided for the administrator to delete the specified permanent access key of a user or provided for a user to delete one of their permanent access keys. |
Region Management
API |
Description |
|---|---|
List all regions. |
|
Query region details. |
Project Management
API |
Description |
|---|---|
Querying Project Information Based on the Specified Criteria |
Query project information. |
Query the project list of a specified user. |
|
List the projects in which resources are accessible to a specified user. |
|
Create a project. |
|
Modify the details of a project. |
|
Query the detailed information about a project based on the project ID. |
|
Change the status of a specified project. The project status can be normal or suspended. |
|
Query the details and status of a project. |
|
Delete a project. |
|
Query the quotas of a specified project. |
Tenant Management
API |
Description |
|---|---|
Query the list of domains accessible to users. |
|
Query the password strength policy, including its regular expression and description. |
|
Query the regular expression or description of the password strength policy configured for a specified account. |
|
Query a resource quota. You can query the quota of users, user groups, identity providers, agencies, and policies. |
User Management
API |
Description |
|---|---|
List all users. |
|
Query the detailed information about a specified user. |
|
Provided for the administrator to query the details about a specified user or provided for a user to query their details. |
|
Query the information about the groups which a specified user belongs to. |
|
Provided for the administrator to query the users in a user group. |
|
Create a user under a domain. |
|
Change the password for a user. |
|
Modify user information under a domain. |
|
Modifying User Information (Including Email Address and Mobile Number) as the Administrator |
Provided for the administrator to modify user information. |
Provided for the administrator to delete a user. |
|
Delete a user from a user group. |
|
Provided for the administrator to send a welcome email to a new user. |
User Group Management
API |
Description |
|---|---|
Provided for the administrator to list all user groups. |
|
Provided for the administrator to query user group information. |
|
Provided for the administrator to create a user group. |
|
Provided for the administrator to add a user to a specified user group. |
|
Provided for the administrator to update user group information. |
|
Provided for the administrator to delete a user group. |
|
Provided for the administrator to check whether a user belongs to a specified user group. |
Permission Management
API |
Description |
|---|---|
Provided for the administrator to list all permissions. |
|
Provided for the administrator to query permission information. |
|
Query permission assignment records of a specified account. |
|
Query the user groups to which a specified role has been assigned. |
|
Query the permissions of a specified user group under a domain. |
|
Querying Permissions of a User Group Corresponding to a Project |
Query the permissions of a specified user group for a project. |
Grant permissions to a specified user group under a domain. |
|
Granting Permissions to a User Group Corresponding to a Project |
Grant permissions to a specified user group for a project. |
Deleting Permissions of a User Group Corresponding to a Project |
Delete permissions of a user group corresponding to a project. |
Delete permissions of a specified user group of a domain. |
|
Querying Whether a User Group Under a Domain Has Specific Permissions |
Query whether a specified user group under a domain has specific permissions. |
Querying Whether a User Group Corresponding to a Project Has Specific Permissions |
Query whether a user group corresponding to a project has specific permissions. |
Grant permissions to a user group. |
|
Removing Specified Permissions of a User Group in All Projects |
Provided for the administrator to remove the specified permissions of a user group in all projects. |
Checking Whether a User Group Has Specified Permissions for All Projects |
Provided for the administrator to check whether a user group has specified permissions for all projects. |
Provided for the administrator to query all permissions that have been assigned to a user group. |
Custom Policy Management
API |
Description |
|---|---|
Provided for the administrator to list all custom policies. |
|
Provided for the administrator to query custom policy details. |
|
Provided for the administrator to create a custom policy for cloud services. |
|
Provided for the administrator to create a custom policy. |
|
Provided for the administrator to modify a custom policy for cloud services. |
|
Provided for the administrator to modify a custom policy. |
|
Provided for the administrator to delete a custom policy. |
Agency Management
API |
Description |
|---|---|
Create an agency. |
|
Query an agency list based on the specified conditions. |
|
Query the details of a specified agency. |
|
Modify agency information, including the trust_domain_id, description, and trust_domain_name parameters. |
|
Delete an agency. |
|
Grant permissions to an agency for a project. |
|
Checking Whether an Agency Has the Specified Permissions on a Project |
Check whether an agency has the specified permissions on a project. |
Query the list of permissions of an agency on a project. |
|
Delete permissions of an agency on a project. |
|
Grant permissions to an agency on a domain. |
|
Checking Whether an Agency Has the Specified Permissions on a Domain |
Check whether an agency has the specified permissions on a domain. |
Query the list of permissions of an agency on a domain. |
|
Delete permissions of an agency on a domain. |
Security Settings
API |
Description |
|---|---|
Query the password policy. |
|
Provided for the administrator to modify the password policy. |
|
Query the login authentication policy. |
|
Provided for the administrator to modify the login authentication policy. |
|
Provided for the administrator to query the MFA device information of users. |
|
Provided for the administrator to query the MFA device information of a specified user or provided for a user to query their MFA device information. |
|
Provided for the administrator to query the login protection configurations of users. |
|
Used by the administrator to query the login protection configuration of a specified user or used by a user to query their login protection configuration. |
|
Provided for the administrator to modify the login protection configuration of a user. |
|
Bind a virtual MFA device to a user. |
|
Unbind the virtual MFA device bound to a user. |
|
Create a virtual MFA device for a user. |
|
Provided for the administrator to delete the virtual MFA device created for a user. |
Federated Identity Authentication Management
API |
Description |
|---|---|
Obtain a federated authentication token using the OpenStack Client or ShibbolethECP Client. |
|
Obtain a federated authentication token in the IdP-initiated mode. The Client4ShibbolethIdP script is used as an example. |
|
List all identity providers. |
|
Query the details about an identity provider. |
|
Provided for the administrator to create an identity provider. |
|
Provided for the administrator to create an OpenID Connect identity provider. |
|
Provided for the administrator to update an identity provider. |
|
Provided for the administrator to modify an OpenID Connect identity provider. |
|
Provided for the administrator to query an OpenID Connect identity provider. |
|
Provided for the administrator to delete an identity provider. |
|
List all mappings. |
|
Query the information about a mapping. |
|
Provided for the administrator to register a mapping. |
|
Provided for the administrator to update a mapping. |
|
Provided for the administrator to delete a mapping. |
|
List all protocols. |
|
Query the details of a protocol. |
|
Provided for the administrator to register a protocol, that is, to associate a protocol with an identity provider. |
|
Provided for the administrator to update the protocol associated with a specified identity provider. |
|
Provided for the administrator to delete the protocol associated with a specified identity provider. |
|
Provided for the administrator to query the metadata file imported to IAM for an identity provider. |
|
Query the metadata file of Keystone. |
|
Provided for the administrator to import a metadata file. |
|
Obtain an unscoped token through SP-initiated federated identity authentication. |
|
Obtain an unscoped token through IdP-initiated federated identity authentication. |
|
Obtain a scoped token through federated identity authentication. |
|
Obtain a federated identity authentication token using an OpenID Connect ID token. |
|
Obtain an unscoped token using an OpenID Connect ID token. |
|
List the accounts whose resources are accessible to federated users. |
|
List the projects in which resources are accessible to federated users. |
Version Information Management
API |
Description |
|---|---|
Query the version information of Keystone APIs. |
|
Obtain the information about Keystone API 3.0. |
Services and Endpoints
API |
Description |
|---|---|
List all services. |
|
Query the details of a service. |
|
Query the service catalog corresponding to X-Auth-Token contained in the request. |
|
List all endpoints. |
|
Query the details of an endpoint. |