Supported OpenStack Identity (Keystone) APIs

The following OpenStack keystone (identity) APIs are supported in PowerVC.

For information about using these APIs, refer to the OpenStack identity documentation.

Tokens APIs
Users APIs
Groups APIs
Roles and role assignment APIs
Projects APIs
Multi-Factor Authentication (MFA) APIs

Tokens APIs

Table 1. OpenStack identity Tokens APIs that are used with PowerVC.
Method	URI	Description
POST	`/v3/auth/tokens`	Authenticates by returning an authentication token that can be used for subsequent requests. Returns an authentication token and service catalog when credentials are supplied. A payload of credentials must be included in the body. PowerVC supports the password authentication method. Domain name is Default and project name is ibm-default. Authentication token that is returned through X-Subject-Token return header.
GET	`/v3/auth/tokens`	Validates authentication token that is specified by X-Subject-Token header. Also returns service catalog.
HEAD	`/v3/auth/tokens`	Does a fast validation of authentication token (no service catalog).
DELETE	`/v3/auth/tokens`	Immediately invalidates access token.

Users APIs

Table 2. OpenStack identity Users APIs that are used with PowerVC.
Method	URI	Description
GET	`/v3/users`	List users.
GET	`/v3/users/{user_id}`	Retrieves user details.
GET	`/v3/users/{user_id}/groups`	Lists groups of which the user is a member.
GET	`/v3/users/{user_id}/projects`	Lists projects for a user.

Groups APIs

Table 3. OpenStack identity Groups APIs that are used with PowerVC.
Method	URI	Description
GET	`/v3/groups`	Retrieves list of Identity (Keystone) groups.
GET	`/v3/groups/{group_id}`	Retrieve group details.
GET	`/v3/groups/{group_id}/users`	List users in a group.

Roles and role assignment APIs

Table 4. OpenStack identity role assignment APIs that are used with PowerVC.
Method	URI	Description
GET	`/v3/roles`	List roles.
GET	`/v3/roles/{role_id}`	Show role details.
GET	`/v3/role_assignments`	List role assignment.
GET	`/v3/projects/{project_id}/users/{user_id}/roles`	List roles for a user in a project.
PUT	`/v3/projects/{project_id}/users/{user_id}/roles/{role_id}`	Grant role to a user in a project.
HEAD	`/v3/projects/{project_id}/users/{user_id}/roles/{role_id}`	Check whether a user has role in a project.
DELETE	`/v3/projects/{project_id}/users/{user_id}/roles/{role_id}`	Revoke role from a user in a project.
GET	`/v3/projects/{project_id}/groups/{group_id}/roles`	List roles for a group in a project.
PUT	`/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}`	Grant role to a group in a project.
HEAD	`/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}`	Check whether group has a role in a project.
DELETE	`/v3/projects/{project_id}/groups/{group_id}/roles/{role_id}`	Revoke role from a group in a project.

Projects APIs

Table 5. OpenStack project APIs that are used with PowerVC.
Method	URI	Description
GET	`/v3/projects/`	List projects.
POST	`/v3/projects/`	Create a project.
GET	`/v3/projects/{project_id}`	Show project details.
PATCH	`/v3/projects/{project_id}`	Update project details.
DELETE	`/v3/projects/{project_id}`	Delete a project.

Multi-Factor Authentication (MFA) APIs

Table 6. OpenStack identity Multi-Factor Authentication (MFA) APIs that are used with PowerVC.
Method	URI	Description
GET	`/v3/mfa/users/<user_id>`	Fetches MFA status of a user whether enabled or disabled.
GET	`/v3/mfa/users/`	Fetches MFA status of a all users whether enabled or disabled.
POST	`/v3/mfa/users/<user_id>`	Enables MFA for a user.
PUT	`/v3/mfa/users/<user_id>`	Updates secret key for a MFA enabled user.
DELETE	`/v3/mfa/users/<user_id>`	Disables MFA for a user.