Identity Admin API v2.0 (DEPRECATED)

Identity Admin API v2.0 (DEPRECATED)

Tenants

GET
/v2.0/tenants/{tenantId}/users

List users on a tenant

Lists all users for a tenant.

Normal response codes: 200, 203 Error response codes: 413, 405, 404, 403, 401, 400, 503

Request

Name In Type Description
tenantId path string The tenant ID.

Response Parameters

Name In Type Description
users body array One or more user objects.
users_link body array The link to the reporesented user collection.
enabled body boolean Indicates whether the user is enabled (true) or disabled(false). The default value is true.
username body string The user name.
email body string The user email.
id body string The user ID.

Response Example

{
    "users": [
        {
            "id": "3c9530e",
            "name": "admin",
            "email": "admin@example.org",
            "username": "admin",
            "enabled": true
        },
        {
            "id": "a0ae37b",
            "name": "demo",
            "email": "demo@example.org",
            "username": "demo",
            "enabled": true
        }
    ],
    "users_links": []
}
GET
/v2.0/tenants/{tenantId}/users/{userId}/roles

List roles for user

Lists roles for a user on a tenant. Excludes global roles.

Normal response codes: 200,203 Error response codes: 413,405,404,403,401,400,503

Request

Name In Type Description
userId path string The user ID.
tenantId path string The tenant ID.

Response Parameters

Name In Type Description
roles body array The collection of roles.
roles_links body array The link to the represented role collection.
description body string The role description.
name body string The role name.
id body string The role ID.

Response Example

{
    "roles": [
        {
            "id": "123",
            "name": "compute:admin",
            "description": "Nova Administrator"
        }
    ],
    "roles_links": []
}

Tokens

POST
/v2.0/tokens

Authenticate for admin API

Authenticates and generates a token.

A REST interface provides client authentication by using the POST method with v2.0/tokens as the path. Include a payload of credentials in the body.

The Identity API is a RESTful web service. It is the entry point to all service APIs. To access the Identity API, you must know its URL.

Each REST request against the Identity Service requires the X -Auth-Token header. Clients obtain this token and the URL endpoints for other service APIs by supplying their valid credentials to the authentication service.

If the authentication token has expired, this call returns the HTTP unauthorized (401) response code.

If the token has expired, this call returns the itemNotFound (404) response code.

The Identity API treats expired tokens as no longer valid tokens.

The deployment determines how long expired tokens are stored.

To view the trust object, you need to set trust enable on the keystone configuration.

Normal response codes: 200,203 Error response codes: 413,405,404,403,401,400,503

Request Example

{
    "auth": {
        "tenantName": "demo",
        "token": {
            "id": "cbc36478b0bd8e67e89469c7749d4127"
        }
    }
}

Response Parameters

Name In Type Description
token body string A token object.
access body string An access object.
issued_at body string

The date and time when the token was issued.

The date and time stamp format is ISO 8601:

CCYY-MM-DDThh:mm:ss.sssZ

For example, 2015-08-27T09:49:58.000000Z.

expires body string

The date and time when the token expires.

The date and time stamp format is ISO 8601:

CCYY-MM-DDThh:mm:ss.sssZ

For example, 2015-08-27T09:49:58.000000Z.

A null value indicates that the token never expires.

id body string The token ID.
tenant body string A tenant object.
description body string The description of the tenant. If not set, this value is null.
serviceCatalog body string A serviceCatalog object.
type body string The service catalog type.
endpoints_links body string Links for the endpoint.
impersonation (Optional) body string The impersonation flag.
endpoints body array One or more endpoint objects. Each object shows the adminURL, region, internalURL, id, and publicURL for the endpoint.
user body string A user object, which shows the username, roles_links, id, roles, and name.
roles body array The collection of roles.
metadata body string A metadata object.
trust (Optional) body string A trust object.

Response Example

{
    "access": {
        "token": {
            "issued_at": "2014-01-30T17:09:57.647795",
            "expires": "2014-01-31T17:09:57Z",
            "id": "admin_id",
            "tenant": {
                "description": null,
                "enabled": true,
                "id": "73f0aa26640f4971864919d0eb0f0880",
                "name": "admin"
            }
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880",
                        "id": "2dad48f09e2a447a9bf852bcd93548ef",
                        "publicURL": "http://23.253.72.207:8774/v2/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "compute",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9696/",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9696/",
                        "id": "97c526db8d7a4c88bbb8d68db1bdcdb8",
                        "publicURL": "http://23.253.72.207:9696/"
                    }
                ],
                "endpoints_links": [],
                "type": "network",
                "name": "neutron"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880",
                        "id": "93f86dfcbba143a39a33d0c2cd424870",
                        "publicURL": "http://23.253.72.207:8776/v2/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "volumev2",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8774/v3",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8774/v3",
                        "id": "3eb274b12b1d47b2abc536038d87339e",
                        "publicURL": "http://23.253.72.207:8774/v3"
                    }
                ],
                "endpoints_links": [],
                "type": "computev3",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:3333",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:3333",
                        "id": "957f1e54afc64d33a62099faa5e980a2",
                        "publicURL": "http://23.253.72.207:3333"
                    }
                ],
                "endpoints_links": [],
                "type": "s3",
                "name": "s3"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:9292",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:9292",
                        "id": "27d5749f36864c7d96bebf84a5ec9767",
                        "publicURL": "http://23.253.72.207:9292"
                    }
                ],
                "endpoints_links": [],
                "type": "image",
                "name": "glance"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880",
                        "id": "37c83a2157f944f1972e74658aa0b139",
                        "publicURL": "http://23.253.72.207:8776/v1/73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "volume",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8773/services/Admin",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8773/services/Cloud",
                        "id": "289b59289d6048e2912b327e5d3240ca",
                        "publicURL": "http://23.253.72.207:8773/services/Cloud"
                    }
                ],
                "endpoints_links": [],
                "type": "ec2",
                "name": "ec2"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://23.253.72.207:8080",
                        "region": "RegionOne",
                        "internalURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880",
                        "id": "16b76b5e5b7d48039a6e4cc3129545f3",
                        "publicURL": "http://23.253.72.207:8080/v1/AUTH_73f0aa26640f4971864919d0eb0f0880"
                    }
                ],
                "endpoints_links": [],
                "type": "object-store",
                "name": "swift"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://example.com/identity_v2_admin",
                        "region": "RegionOne",
                        "internalURL": "http://example.com/identity",
                        "id": "26af053673df4ef3a2340c4239e21ea2",
                        "publicURL": "http://example.com/identity"
                    }
                ],
                "endpoints_links": [],
                "type": "identity",
                "name": "keystone"
            }
        ],
        "user": {
            "username": "admin",
            "roles_links": [],
            "id": "1f568815cb8148688e6ee9b2f7527dcc",
            "roles": [
                {
                    "name": "service"
                },
                {
                    "name": "admin"
                }
            ],
            "name": "admin"
        },
        "metadata": {
            "is_admin": 0,
            "roles": [
                "8341d3603a1d4d5985bff09f10704d4d",
                "2e66d57df76946fdbe034bc4da6fdec0"
            ]
        },
        "trust": {
            "id": "394998fa61f14736b1f0c1f322882949",
            "trustee_user_id": "269348fdd9374b8885da1418e0730af1",
            "trustor_user_id": "3ec3164f750146be97f21559ee4d9c51",
            "impersonation": false
        }
    }
}

Versions

GET
/v2.0

Get version details

Gets detailed information about a version of the Identity API.

Normal response codes: 200,203 Error response codes: 413,405,404,403,401,400,503

Response Parameters

Name In Type Description
location body string  

Response Example

{
    "version": {
        "status": "stable",
        "updated": "2014-04-17T00:00:00Z",
        "media-types": [
            {
                "base": "application/json",
                "type": "application/vnd.openstack.identity-v2.0+json"
            }
        ],
        "id": "v2.0",
        "links": [
            {
                "href": "http://example.com/identity/v2.0/",
                "rel": "self"
            },
            {
                "href": "https://docs.openstack.org/",
                "rel": "describedby",
                "type": "text/html"
            }
        ]
    }
}

Certificates

Allows the retrieval of information for Certificate Authorities and certificates.

GET
/v2.0/certificates/ca

Show CA Certificate (v2)

Show the available CA certificate.

Normal response codes: 200

Error response codes: 401, 500

Response Example

MIIDgTCCAmmgAwIBAgIJAIr3n9+0RSC7MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
BAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoM
BVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wHhcNMTYxMDIwMTMwMjE4
WhcNMjYxMDE4MTMwMjE4WjBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQx
DjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4
YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoJkYpfJ
Bvqfq0eAuqTIziiunNQdnSUX/aMS5UuI6tjzSkYnR5FCdf9UP8OrpA37gthvz3KK
XhNLqnnV8MLzEo3+lN5IAr+TE1foXnqGs6vNvj5Jn1lViXXpIeaHxMwkJpJjPwxJ
nFLtxL1m9hIx5anV5ZyJWV8RIaMqnzOJ7QYiX07aouRvmtT5O1LQzr2ht2l4EzPY
YDt9UV/daSikrmroBnwgWMecaFJOC1pxSyvO2PAnw+yhX6NHgGPJmOu0TSN2IK1p
o07ZVM3QJLLbEZFjcUK7FXNRk5ZfzjkCrJA1l0Ys3ByHTb2offffIyTYPuatQtfF
0XvTIwMN5eIAswIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBTZ4Nls
7DRmUBcrYhYDLSsDM0BCWzAfBgNVHSMEGDAWgBTZ4Nls7DRmUBcrYhYDLSsDM0BC
WzANBgkqhkiG9w0BAQsFAAOCAQEALil6WvVii6yNVwu0zgt2iDYqHvnnHWnSVhEJ
eKeBFRxpuwiH+UOeygFB0/6lD2r11cD0SdgaMfLAKkKspQucJIsp3BYLwBJ25oxn
NL2yB3HLZeEebAQzXQwnRbWUbIpcp/XPlKjybiA3unqE+X/qdQZgxJ2Xgtp7bHhN
yzDCSOUZlHrkKNXtFNvqRtoCeMBs2+jfqx2ap64ORSnLihEi57lOcUn2DbAR45OI
+wppD5CcUTDsE0r+XbBK3Cm3dn6pVyVcawv5qDidRB7JdsDbx6VC7gcBbdgdbLWz
Xf4KS8N77jeGjqKJ7QY5jkHdXhY+gGbeponch4y2VqLgMI0VGQ==
GET
/v2.0/certificates/signing

Show Signing Certificate (v2)

Show the available signing certificate.

Normal response codes: 200

Error response codes: 401, 500

Response Example

MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJVUzEO
MAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEY
MBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMB4XDTE2MTAyMDEzMDIxOFoXDTI2MTAx
ODEzMDIxOFowRzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVVuc2V0MQ4wDAYDVQQK
DAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAua3cVYSD9KY31+wNXZv3HBS5MyzTfoY+nh4nJ2x8
Ram6liu4gkHYRonTUriIrgDLyo+2fuXrmyFcq1+8ke4KD3n24i8pzcrt6BOGAVYP
KdPyXU0EkZECNmH/tKjvVqMLHcq2apsZdZ5ujBtE5G4zbTjVIEzz90AbAmRVJy7S
seluCxBKtg3IGa1WwqgU4B5pgog+VDpT8XPKFvHi1cVaX76qS6MOUxXA7kuOQUct
JxcyITS26Mxym7wOTI+7JV5A9Ow/dUN6CrGMrfHB59Psx3os/BfoopFmIbbnHdOO
ETOeifelkhwLWLfmmOHxWgYYX/aEyW3L/xCU5QDCz9B0wQIDAQABo00wSzAJBgNV
HRMEAjAAMB0GA1UdDgQWBBQeoHzsYSUSfGymk6kem/lpGVJS9DAfBgNVHSMEGDAW
gBTZ4Nls7DRmUBcrYhYDLSsDM0BCWzANBgkqhkiG9w0BAQsFAAOCAQEAfsH6AN7p
XWBg062LUtpfDsRyXqOLYofR4Y0Mzo1rH0jaozJsnOxsj42BdP+hBGjtZB9eUwgP
gx+MJQC4pz+Wuc/xMysDT6f0hyjZmsakXM92lsztlW7+Y7u9ATa2lDTER1Fv7X6D
I+kN+dhphq0lrIRWZvAf3TlZpEUG38cTxLD8OsdOlq4BxSzmvKFQf4mcbu39OX7i
0fGih0SxSa03idx9NWEOEp9IaGLo/mfL84nb4YjgV9yJj+3CkxYvqPlpiM2rHD/C
hMgz/UB52OxbjYjbWoyStZwvlSwKWY75C9iYA04TZrhs5UWvAT+I2Y2UY/krrZ2a
Rke2Bj7NAvXPHw==
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.