OpenStack Identity (Keystone)

Identity/Auth API

Registered by Ziad Sawalha on 2011-05-24

Spec for identity API. This continues support for the Rackspace Auth protocol version (1.x) and moves it to the OpenStack namespace at version 2.0.

Blueprint information

Status:
Complete
Approver:
Ziad Sawalha
Priority:
High
Drafter:
Rackspace Architecture
Direction:
Approved
Assignee:
Ziad Sawalha
Definition:
Approved
Series goal:
Accepted for diablo
Implementation:
Implemented
Milestone target:
milestone icon diablo-2
Started by
Ziad Sawalha on 2011-05-26
Completed by
Ziad Sawalha on 2011-10-21

Related branches

Sprints

Whiteboard

Service API:

    POST /tokens
        Returns a token in exchange for valid credentials.

    GET /tenants
        Returns a list of tenants for my X-Auth-Token.

        This implies that an unscoped token returns a list of all tenants
        associated with the user, and that a scoped token returns the single
        tenant the token is associated with.

Admin API (Superset of Service API):

    POST /tokens
        Returns a token in exchange for valid credentials.

    GET /tokens/{token_id}
        Validates a token.

        Returns token expiration, user info, and the user's roles for the given
        token.

    HEAD /tokens/{token_id}
        Validates a token (for performance).

    GET /tokens/{token_id}?belongsTo={tenant_id}
        Validates that a token belongs to a specific tenant.

        Returns token expiration, user info, and the user's roles for the given
        token.

    HEAD /tokens/{token_id}?belongsTo={tenant_id}
        Validates that a token belongs to a specific tenant (for performance).

    GET /tokens/{token_id}/endpoints
        Returns a list of endpoints associated with a specific token.

    GET /users/?username={user_name}
        Returns detailed information about a specific user, by user name.

    GET /users/{user_id}
        Returns detailed information about a specific user, by user id.

    GET /users/{user_id}/roles
        Returns global roles for a specific user (excludes tenant roles).

    GET /tenants
        Returns a list of all tenants.

    GET /tenants/?name={tenant_name}
        Returns detailed information about a tenant, by name.

    GET /tenants/{tenant_id}
        Returns detailed information about a tenant, by id.

    GET /tenants/{tenant_id}/users/{user_id}/roles
        Returns a list of roles for a user on a specific tenant.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.