Applies to SUSE OpenStack Cloud Crowbar
4 Keystone User Guide #
This section contains the documentation for end-users of keystone.
4.1 User Documentation #
An end user can find the specific API documentation here, OpenStack’s Identity API.
Note
Following are some API examples using curl. These examples are not automatically generated. They can be outdated as things change and are subject to regular updates and changes.
4.1.1 API Examples using Curl #
4.1.1.1 v3 API Examples Using Curl #
4.1.1.1.1 Tokens #
4.1.1.1.1.1 Default scope #
Get a token with default scope (may be unscoped):
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
}
}
}' \
"http://localhost:5000/v3/auth/tokens" ; echoExample response:
HTTP/1.1 201 Created
X-Subject-Token: MIIFvgY...
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 1025
Date: Tue, 10 Jun 2014 20:55:16 GMT
{
"token": {
"methods": ["password"],
"roles": [{
"id": "9fe2ff9ee4384b1894a90878d3e92bab",
"name": "_member_"
}, {
"id": "c703057be878458588961ce9a0ce686b",
"name": "admin"
}],
"expires_at": "2014-06-10T2:55:16.806001Z",
"project": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "8538a3f13f9541b28c2620eb19065e45",
"name": "admin"
},
"catalog": [{
"endpoints": [{
"url": "http://localhost:3537/v2.0",
"region": "RegionOne",
"interface": "admin",
"id": "29beb2f1567642eb810b042b6719ea88"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "internal",
"id": "8707e3735d4415c97ae231b4841eb1c"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "public",
"id": "ef303187fc8d41668f25199c298396a5"
}],
"type": "identity",
"id": "bd73972c0e14fb69bae8ff76e112a90",
"name": "keystone"
}],
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "3ec3164f750146be97f21559ee4d9c51",
"name": "admin"
},
"audit_ids": ["yRt0UrxJSs6-WYJgwEMMmg"],
"issued_at": "201406-10T20:55:16.806027Z"
}
}4.1.1.1.1.2 Project-scoped #
Get a project-scoped token:
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
},
"scope": {
"project": {
"name": "demo",
"domain": { "id": "default" }
}
}
}
}' \
"http://localhost:5000/v3/auth/tokens" ; echoExample response:
HTTP/1.1 201 Created
X-Subject-Token: MIIFfQ...
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 960
Date: Tue, 10 Jun 2014 20:40:14 GMT
{
"token": {
"audit_ids": ["ECwrVNWbSCqmEgPnu0YCRw"],
"methods": ["password"],
"roles": [{
"id": "c703057be878458588961ce9a0ce686b",
"name": "admin"
}],
"expires_at": "2014-06-10T21:40:14.360795Z",
"project": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"name": "demo"
},
"catalog": [{
"endpoints": [{
"url": "http://localhost:35357/v2.0",
"region": "RegionOne",
"interface": "admin",
"id": "29beb2f1567642eb810b042b6719ea88"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "internal",
"id": "87057e3735d4415c97ae231b4841eb1c"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "public",
"id": "ef303187fc8d41668f25199c298396a5"
}],
"type": "identity",
"id": "bd7397d2c0e14fb69bae8ff76e112a90",
"name": "keystone"
}],
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "3ec3164f750146be97f21559ee4d9c51",
"name": "admin"
},
"issued_at": "2014-06-10T20:40:14.360822Z"
}
}4.1.1.1.1.3 Domain-Scoped #
Get a domain-scoped token:
Note
Ensure you have a role-assignment on the domain first.
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
}
},
"scope": {
"domain": {
"id": "default"
}
}
}
}' \
"http://localhost:5000/v3/auth/tokens" ; echoExample response:
HTTP/1.1 201 Created
X-Subject-Token: MIIFNg...
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 889
Date: Tue, 10 Jun 2014 20:52:59 GMT
{
"token": {
"domain": {
"id": "default",
"name": "Default"
},
"methods": ["password"],
"roles": [{
"id": "c703057be878458588961ce9a0ce686b",
"name": "admin"
}],
"expires_at": "2014-06-10T21:52:58.852167Z",
"catalog": [{
"endpoints": [{
"url": "http://localhost:35357/v2.0",
"region": "RegionOne",
"interface": "admin",
"id": "29beb2f1567642eb810b042b6719ea88"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "internal",
"id": "87057e3735d4415c97ae231b4841eb1c"
}, {
"url": "http://localhost:5000/v2.0",
"region": "RegionOne",
"interface": "public",
"id": "ef303187fc8d41668f25199c298396a5"
}],
"type": "identity",
"id": "bd7397d2c0e14fb69bae8ff76e112a90",
"name": "keystone"
}],
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "3ec3164f750146be97f21559ee4d9c51",
"name": "admin"
},
"audit_ids": ["Xpa6Uyn-T9S6mTREudUH3w"],
"issued_at": "2014-06-10T20:52:58.852194Z"
}
}4.1.1.1.1.4 Getting a token from a token #
Get a token from a token:
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["token"],
"token": {
"id": "'$OS_TOKEN'"
}
}
}
}' \
"http://localhost:5000/v3/auth/tokens" ; echoExample response:
HTTP/1.1 201 Created
X-Subject-Token: MIIFxw...
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 1034
Date: Tue, 10 Jun 2014 21:00:05 GMT
{
"token": {
"methods": ["token", "password"],
"expires_at": "2015-05-28T07:43:44.808209Z",
"extras": {},
"user": {
"domain": {
"id": "default",
"name": "Default"
},
"id": "753867c25c3340ffad1abc22d488c31a",
"name": "admin"
},
"audit_ids": ["ZE0OPSuzTmCXHo0eIOYltw",
"xxIQCkHOQOywL0oY6CTppQ"
],
"issued_at": "2015-05-28T07:19:23.763532Z"
}
}Note
If a scope was included in the request body, then this would get a token with the new scope.
4.1.1.1.1.5 DELETE /v3/auth/tokens #
Revoke a token:
curl -i -X DELETE \
-H "X-Auth-Token: $OS_TOKEN" \
-H "X-Subject-Token: $OS_TOKEN" \
"http://localhost:5000/v3/auth/tokens"If there’s no error then the response is empty.
4.1.1.1.2 Domains #
4.1.1.1.2.1 GET /v3/domains #
List domains:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/domains" | python -mjson.toolExample response:
{
"domains": [
{
"description": "Owns users and tenants (i.e. projects) available on Identity API v2.",
"enabled": true,
"id": "default",
"links": {
"self": "http://identity-server:5000/v3/domains/default"
},
"name": "Default"
}
],
"links": {
"next": null,
"previous": null,
"self": "http://identity-server:5000/v3/domains"
}
}4.1.1.1.2.2 POST /v3/domains #
Create a domain:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "domain": { "name": "newdomain"}}' \
"http://localhost:5000/v3/domains" | python -mjson.toolExample response:
{
"domain": {
"enabled": true,
"id": "3a5140aecd974bf08041328b53a62458",
"links": {
"self": "http://identity-server:5000/v3/domains/3a5140aecd974bf08041328b53a62458"
},
"name": "newdomain"
}
}4.1.1.1.3 Projects #
4.1.1.1.3.1 GET /v3/projects #
List projects:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/projects" | python -mjson.toolExample response:
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/projects"
},
"projects": [
{
"description": null,
"domain_id": "default",
"enabled": true,
"id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"links": {
"self": "http://localhost:5000/v3/projects/3d4c2c82bd5948f0bcab0cf3a7c9b48c"
},
"name": "demo"
}
]
}4.1.1.1.3.2 PATCH /v3/projects/{id} #
Disable a project:
curl -s -X PATCH \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '
{
"project": {
"enabled": false
}
}'\
"http://localhost:5000/v3/projects/$PROJECT_ID" | python -mjson.toolExample response:
{
"project": {
"description": null,
"domain_id": "default",
"enabled": false,
"extra": {},
"id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"links": {
"self": "http://localhost:5000/v3/projects/3d4c2c82bd5948f0bcab0cf3a7c9b48c"
},
"name": "demo"
}
}4.1.1.1.4 GET /v3/services #
List the services:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/services" | python -mjson.toolExample response:
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/services"
},
"services": [
{
"description": "Keystone Identity Service",
"enabled": true,
"id": "bd7397d2c0e14fb69bae8ff76e112a90",
"links": {
"self": "http://localhost:5000/v3/services/bd7397d2c0e14fb69bae8ff76e112a90"
},
"name": "keystone",
"type": "identity"
}
]
}4.1.1.1.5 GET /v3/endpoints #
List the endpoints:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/endpoints" | python -mjson.toolExample response:
{
"endpoints": [
{
"enabled": true,
"id": "29beb2f1567642eb810b042b6719ea88",
"interface": "admin",
"links": {
"self": "http://localhost:5000/v3/endpoints/29beb2f1567642eb810b042b6719ea88"
},
"region": "RegionOne",
"service_id": "bd7397d2c0e14fb69bae8ff76e112a90",
"url": "http://localhost:35357/v2.0"
}
],
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/endpoints"
}
}4.1.1.1.6 Users #
4.1.1.1.6.1 GET /v3/users #
List users:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/users" | python -mjson.tool4.1.1.1.6.2 POST /v3/users #
Create a user:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"user": {"name": "newuser", "password": "changeme"}}' \
"http://localhost:5000/v3/users" | python -mjson.toolExample response:
{
"user": {
"domain_id": "default",
"enabled": true,
"id": "ec8fc20605354edd91873f2d66bf4fc4",
"links": {
"self": "http://identity-server:5000/v3/users/ec8fc20605354edd91873f2d66bf4fc4"
},
"name": "newuser"
}
}4.1.1.1.6.3 GET /v3/users/{user_id} #
Show details for a user:
USER_ID=ec8fc20605354edd91873f2d66bf4fc4
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/users/$USER_ID" | python -mjson.toolExample response:
{
"user": {
"domain_id": "default",
"enabled": true,
"id": "ec8fc20605354edd91873f2d66bf4fc4",
"links": {
"self": "http://localhost:5000/v3/users/ec8fc20605354edd91873f2d66bf4fc4"
},
"name": "newuser"
}
}4.1.1.1.6.4 POST /v3/users/{user_id}/password #
Change password using the default policy; this can be done as the user:
USER_ID=b7793000f8d84c79af4e215e9da78654
ORIG_PASS=userpwd
NEW_PASS=newuserpwd
curl \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "user": {"password": "'$NEW_PASS'", "original_password": "'$ORIG_PASS'"} }' \
"http://localhost:5000/v3/users/$USER_ID/password"Note
This command will not print anything if the request was successful.
4.1.1.1.6.5 PATCH /v3/users/{user_id} #
Reset password using the default policy; this requires admin:
USER_ID=b7793000f8d84c79af4e215e9da78654
NEW_PASS=newuserpwd
curl -s -X PATCH \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "user": {"password": "'$NEW_PASS'"} }' \
"http://localhost:5000/v3/users/$USER_ID" | python -mjson.toolExample response:
{
"user": {
"default_project_id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"domain_id": "default",
"email": "demo@example.com",
"enabled": true,
"extra": {
"email": "demo@example.com"
},
"id": "269348fdd9374b8885da1418e0730af1",
"links": {
"self": "http://localhost:5000/v3/users/269348fdd9374b8885da1418e0730af1"
},
"name": "demo"
}
}4.1.1.1.7 PUT /v3/projects/{project_id}/groups/{group_id}/roles/{role_id} #
Create group role assignment on project:
curl -s -X PUT \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/projects/$PROJECT_ID/groups/$GROUP_ID/roles/$ROLE_ID" |
python -mjson.toolThere’s no data in the response if the operation is successful.
4.1.1.1.8 POST /v3/OS-TRUST/trusts #
Create a trust:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d '
{ "trust": {
"expires_at": "2014-12-30T23:59:59.999999Z",
"impersonation": false,
"project_id": "'$PROJECT_ID'",
"roles": [
{ "name": "admin" }
],
"trustee_user_id": "'$DEMO_USER_ID'",
"trustor_user_id": "'$ADMIN_USER_ID'"
}}'\
"http://localhost:5000/v3/OS-TRUST/trusts" | python -mjson.toolExample response:
{
"trust": {
"expires_at": "2014-12-30T23:59:59.999999Z",
"id": "394998fa61f14736b1f0c1f322882949",
"impersonation": false,
"links": {
"self": "http://localhost:5000/v3/OS-TRUST/trusts/394998fa61f14736b1f0c1f322882949"
},
"project_id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c",
"remaining_uses": null,
"roles": [
{
"id": "c703057be878458588961ce9a0ce686b",
"links": {
"self": "http://localhost:5000/v3/roles/c703057be878458588961ce9a0ce686b"
},
"name": "admin"
}
],
"roles_links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/OS-TRUST/trusts/394998fa61f14736b1f0c1f322882949/roles"
},
"trustee_user_id": "269348fdd9374b8885da1418e0730af1",
"trustor_user_id": "3ec3164f750146be97f21559ee4d9c51"
}
}4.1.1.2 Service API Examples Using Curl #
The service API is defined to be a subset of the Admin API and runs on port 5000 by default.
4.1.1.2.1 GET / #
This call is identical to that documented for the Admin API, except that it uses port 5000 by default instead of port 35357:
$ curl "http://0.0.0.0:5000"or:
$ curl "http://0.0.0.0:5000/v2.0/"See the Section 4.1.1.3, “Admin API Examples Using Curl” for more info.
4.1.1.2.2 GET /extensions #
This call is identical to that documented for the Admin API.
4.1.1.2.3 POST /tokens #
This call is identical to that documented for the Admin API.
4.1.1.2.4 GET /tenants #
List all of the tenants your token can access:
$ curl -H "X-Auth-Token:887665443383838" \
"http://localhost:5000/v2.0/tenants"Returns:
{
"tenants_links": [],
"tenants": [
{
"enabled": true,
"description": "None",
"name": "customer-x",
"id": "1"
}
]
}4.1.1.3 Admin API Examples Using Curl #
These examples assume a default port value of 35357, and depend on the
sampledata bundled with keystone.
4.1.1.3.1 GET / #
Discover API version information, links to documentation (PDF, HTML, WADL), and supported media types:
$ curl "http://0.0.0.0:35357"{
"versions": {
"values": [
{
"id": "v3.4",
"links": [
{
"href": "http://127.0.0.1:35357/v3/",
"rel": "self"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"
}
],
"status": "stable",
"updated": "2015-03-30T00:00:00Z"
},
{
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:35357/v2.0/",
"rel": "self"
},
{
"href": "https://docs.openstack.org/",
"rel": "describedby",
"type": "text/html"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v2.0+json"
}
],
"status": "stable",
"updated": "2014-04-17T00:00:00Z"
}
]
}
}$ curl "http://0.0.0.0:35357/v2.0/"Returns:
{
"version": {
"id": "v2.0",
"links": [
{
"href": "http://127.0.0.1:35357/v2.0/",
"rel": "self"
},
{
"href": "https://docs.openstack.org/",
"rel": "describedby",
"type": "text/html"
}
],
"media-types": [
{
"base": "application/json",
"type": "application/vnd.openstack.identity-v2.0+json"
}
],
"status": "stable",
"updated": "2014-04-17T00:00:00Z"
}
}4.1.1.3.2 GET /extensions #
Discover the API extensions enabled at the endpoint:
$ curl "http://localhost:35357/v2.0/extensions/"Returns:
{
"extensions":{
"values":[]
}
}4.1.1.3.3 POST /tokens #
Authenticate by exchanging credentials for an access token:
$ curl -d '
{"auth": {
"tenantName": "customer-x",
"passwordCredentials": {
"username": "joeuser",
"password": "secret"
}
}
}' \
-H "Content-type: application/json" \
"http://localhost:35357/v2.0/tokens"Returns:
{
"access":{
"token":{
"expires":"2012-02-05T00:00:00",
"id":"887665443383838",
"tenant":{
"id":"1",
"name":"customer-x"
}
},
"serviceCatalog":[
{
"endpoints":[
{
"adminURL":"http://swift.admin-nets.local:8080/",
"region":"RegionOne",
"internalURL":"http://127.0.0.1:8080/v1/AUTH_1",
"publicURL":"http://swift.publicinternets.com/v1/AUTH_1"
}
],
"type":"object-store",
"name":"swift"
},
{
"endpoints":[
{
"adminURL":"http://cdn.admin-nets.local/v1.1/1",
"region":"RegionOne",
"internalURL":"http://127.0.0.1:7777/v1.1/1",
"publicURL":"http://cdn.publicinternets.com/v1.1/1"
}
],
"type":"object-store",
"name":"cdn"
}
],
"user":{
"id":"1",
"roles":[
{
"tenantId":"1",
"id":"3",
"name":"Member"
}
],
"name":"joeuser"
}
}
}Note
Take note of the value [‘access’][‘token’][‘id’] value produced here
(887665443383838, above), as you can use it in the calls below.
4.1.1.3.4 GET /tokens/{token_id} #
Note
This call refers to a token known to be valid, 887665443383838 in this case.
Validate a token:
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tokens/887665443383838"If the token is valid, returns:
{
"access":{
"token":{
"expires":"2012-02-05T00:00:00",
"id":"887665443383838",
"tenant":{
"id":"1",
"name":"customer-x"
}
},
"user":{
"name":"joeuser",
"tenantName":"customer-x",
"id":"1",
"roles":[
{
"serviceId":"1",
"id":"3",
"name":"Member"
}
],
"tenantId":"1"
}
}
}4.1.1.3.5 HEAD /tokens/{token_id} #
This is a high-performance variant of the GET call documented above, which by definition, returns no response body:
$ curl -I -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tokens/887665443383838"This returns 200, indicating the token is valid:
HTTP/1.1 200 OK Content-Length: 0 Content-Type: None Date: Tue, 08 Nov 2011 23:07:44 GMT
4.1.1.3.6 GET /tokens/{token_id}/endpoints #
List all endpoints for a token:
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tokens/887665443383838/endpoints"Returns:
{
"endpoints_links": [
{
"href": "http://127.0.0.1:35357/tokens/887665443383838/endpoints?'marker=5&limit=10'",
"rel": "next"
}
],
"endpoints": [
{
"internalURL": "http://127.0.0.1:8080/v1/AUTH_1",
"name": "swift",
"adminURL": "http://swift.admin-nets.local:8080/",
"region": "RegionOne",
"tenantId": 1,
"type": "object-store",
"id": 1,
"publicURL": "http://swift.publicinternets.com/v1/AUTH_1"
},
{
"internalURL": "http://localhost:8774/v1.0",
"name": "nova_compat",
"adminURL": "http://127.0.0.1:8774/v1.0",
"region": "RegionOne",
"tenantId": 1,
"type": "compute",
"id": 2,
"publicURL": "http://nova.publicinternets.com/v1.0/"
},
{
"internalURL": "http://localhost:8774/v1.1",
"name": "nova",
"adminURL": "http://127.0.0.1:8774/v1.1",
"region": "RegionOne",
"tenantId": 1,
"type": "compute",
"id": 3,
"publicURL": "http://nova.publicinternets.com/v1.1/
},
{
"internalURL": "http://127.0.0.1:9292/v1.1/",
"name": "glance",
"adminURL": "http://nova.admin-nets.local/v1.1/",
"region": "RegionOne",
"tenantId": 1,
"type": "image",
"id": 4,
"publicURL": "http://glance.publicinternets.com/v1.1/"
},
{
"internalURL": "http://127.0.0.1:7777/v1.1/1",
"name": "cdn",
"adminURL": "http://cdn.admin-nets.local/v1.1/1",
"region": "RegionOne",
"tenantId": 1,
"type": "object-store",
"id": 5,
"publicURL": "http://cdn.publicinternets.com/v1.1/1"
}
]
}4.1.1.3.7 GET /tenants #
List all of the tenants in the system (requires an Admin X-Auth-Token):
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tenants"Returns:
{
"tenants_links": [],
"tenants": [
{
"enabled": false,
"description": "None",
"name": "project-y",
"id": "3"
},
{
"enabled": true,
"description": "None",
"name": "ANOTHER:TENANT",
"id": "2"
},
{
"enabled": true,
"description": "None",
"name": "customer-x",
"id": "1"
}
]
}4.1.1.3.8 GET /tenants/{tenant_id} #
Retrieve information about a tenant, by tenant ID:
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tenants/1"Returns:
{
"tenant":{
"enabled":true,
"description":"None",
"name":"customer-x",
"id":"1"
}
}4.1.1.3.9 GET /tenants/{tenant_id}/users/{user_id}/roles #
List the roles a user has been granted on a tenant:
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/tenants/1/users/1/roles"Returns:
{
"roles_links":[],
"roles":[
{
"id":"3",
"name":"Member"
}
]
}4.1.1.3.10 GET /users/{user_id} #
Retrieve information about a user, by user ID:
$ curl -H "X-Auth-Token:999888777666" \
"http://localhost:35357/v2.0/users/1"Returns:
{
"user":{
"tenantId":"1",
"enabled":true,
"id":"1",
"name":"joeuser"
}
}4.1.1.3.11 GET /tokens/revoked #
Get the revocation list:
curl -s -H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:35357/v2.0/tokens/revoked" |
jq -r .signed |
openssl cms -verify \
-certfile /etc/keystone/ssl/certs/signing_cert.pem \
-CAfile /etc/keystone/ssl/certs/ca.pem \
-inform PEM \
-nosmimecap -nodetach -nocerts -noattr 2>/dev/null |
python -m json.toolExample response:
{
"revoked": [
{
"expires": "2014-06-10T21:40:14Z",
"id": "e6e2b5c9092751f88d2bcd30b09777a9"
},
{
"expires": "2014-06-10T21:47:29Z",
"id": "883ef5d610bd1c68fbaa8ac528aa9f17"
},
{
"expires": "2014-06-10T21:51:52Z",
"id": "41775ff4838f8f406b7bad28bea0dde6"
}
]
}