diff --git a/v3/src/markdown/identity-api-v3-os-endpoint-policy.md b/v3/src/markdown/identity-api-v3-os-endpoint-policy.md new file mode 100644 index 00000000..cbb829d4 --- /dev/null +++ b/v3/src/markdown/identity-api-v3-os-endpoint-policy.md @@ -0,0 +1,166 @@ +OpenStack Identity API v3 OS-ENDPOINT-POLICY Extension +====================================================== + +This extension provides associations between service endpoints and policies +that are already stored in the Identity server and referenced by policy ID. +Such associations enable an endpoint to request the appropriate policy for +itself. Three types of association are supported: + +- A policy associated to a specific endpoint +- A policy associated to any endpoint of a given service type in a given +region +- A policy associated to any endpoint of a given service type + +When an endpoint requests the appropriate policy for itself, the extension will +look for an association *in the order given above* (which is essentially in +order from most specific to least specific) and select the first one it finds. +For region associations, any parent regions will also be examined in ascending +order. No combination of polices will occur. + +--- + +### Policy-Endpoint Associations + +#### Create association with endpoint: `PUT /OS-ENDPOINT-POLICY/policies/{policy_id}/endpoints/{endpoint_id}` + +Creates an association between the policy and the endpoint. If another +association already existed for the specified endpoint, this will replace that +association. Any body supplied with this API will be ignored. + +Response: + + Status: 204 No Content + +#### Check association with endpoint: `GET /OS-ENDPOINT-POLICY/policies/{policy_id}/endpoints/{endpoint_id}` + +Verifies the existence of an association between a policy and an endpoint. A +HEAD version of this API is also supported. + +Response: + + Status: 204 No Content + +#### Delete association with endpoint: `DELETE /OS-ENDPOINT-POLICY/policies/{policy_id}/endpoints/{endpoint_id}` + +Deletes an association between the policy and the endpoint. + +Response: + + Status: 204 No Content + +#### Create association with service: `PUT /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}` + +Creates an association between the policy and the service. If another +association already existed for the specified service, this will replace that +association. Any body supplied with this API will be ignored. + +Response: + + Status: 204 No Content + +#### Check association with service: `GET /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}` + +Verifies the existence of an association between a policy and a service. A HEAD +version of this API is also supported. + +Response: + + Status: 204 No Content + +#### Delete association with service: `DELETE /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}` + +Deletes an association between the policy and the service. + +Response: + + Status: 204 No Content + +#### Create association with service in a region: `PUT /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}/regions/{region_id}` + +Creates an association between the policy and the service in the given region. +If another association already existed for the specified service and region, +this will replace that association. Any body supplied with this API will be +ignored. + +Response: + + Status: 204 No Content + +#### Check association with service in a region: `GET /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}/regions/{region_id}` + +Verifies the existence of an association between a policy and a service in the +given region. A HEAD version of this API is also supported. + +Response: + + Status: 204 No Content + +#### Delete association with service in a region: `DELETE /OS-ENDPOINT-POLICY/policies/{policy_id}/services/{service_id}/regions/{region_id}` + +Deletes an association between the policy and the service in the given region. + +Response: + + Status: 204 No Content + +#### List effective endpoint associations for policy: `GET /OS-ENDPOINT-POLICY/policies/{policy_id}/endpoints` + +Returns all the endpoints that are currently associated with a specific policy +via any of the association methods. + +Response: + + Status: 200 OK + + { + "endpoints": [ + { + "id": "--endpoint-id--", + "interface": "public", + "links": { + "self": "http://identity:35357/v3/endpoints/--endpoint-id--" + }, + "region": "north", + "service_id": "--service-id--", + "url": "http://identity:35357/" + }, + { + "id": "--endpoint-id--", + "interface": "internal", + "links": { + "self": "http://identity:35357/v3/endpoints/--endpoint-id--" + }, + "region": "south", + "service_id": "--service-id--", + "url": "http://identity:35357/" + } + ], + "links": { + "next": null, + "previous": null, + "self": "http://identity:35357/v3/OS-ENDPOINT-POLICY/policies/{policy_id}/endpoints" + } + } + +#### Get effective policy associated with endpoint: `GET /OS-ENDPOINT-POLICY/endpoints/{endpoint_id}/policy` + +Returns the policy that is currently associated with the given endpoint, by +working through the ordered sequence of methods of association. The first +association that is found will be returned. If the region of the endpoint has a +parent, then region associations will be examined up the region tree in +ascending order. + +Response: + + Status: 200 OK + + { + "policy": { + "blob": "--serialized-blob--", + "id": "--policy-id--", + "links": { + "self": "http://identity:35357/v3/policies/--policy-id--" + }, + "type": "--serialization-mime-type--" + } + }