From 375964f270e125b8887e0ca4ee1cbe15d5eddf04 Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Sun, 21 Jan 2018 20:02:02 +0100 Subject: Add CRUD support for application credentials Add support for creating, retrieving, and deleting application credentials. Application credentials do not support updates. In order to provide a positive user experience for the `--role` option, this patch also includes an improvement to the `identity.common._get_token_resource()` function that allows it to introspect the roles list within a token. This way there is no need to make a request to keystone to retrieve a role object, which would fail most of the time anyway due to keystone's default policy prohibiting unprivileged users from retrieving roles. bp application-credentials Change-Id: I29e03b72acd931305cbdac5a9ff666854d05c6d7 --- .../command-objects/application-credentials.rst | 109 +++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 doc/source/cli/command-objects/application-credentials.rst (limited to 'doc/source/cli/command-objects') diff --git a/doc/source/cli/command-objects/application-credentials.rst b/doc/source/cli/command-objects/application-credentials.rst new file mode 100644 index 00000000..08d85b11 --- /dev/null +++ b/doc/source/cli/command-objects/application-credentials.rst @@ -0,0 +1,109 @@ +====================== +application credential +====================== + +Identity v3 + +With application credentials, a user can grant their applications limited +access to their cloud resources. Once created, users can authenticate with an +application credential by using the ``v3applicationcredential`` auth type. + +application credential create +----------------------------- + +Create new application credential + +.. program:: application credential create +.. code:: bash + + openstack application credential create + [--secret ] + [--role ] + [--expiration ] + [--description ] + [--unrestricted] + + +.. option:: --secret + + Secret to use for authentication (if not provided, one will be generated) + +.. option:: --role + + Roles to authorize (name or ID) (repeat option to set multiple values) + +.. option:: --expiration + + Sets an expiration date for the application credential (format of + YYYY-mm-ddTHH:MM:SS) + +.. option:: --description + + Application credential description + +.. option:: --unrestricted + + Enable application credential to create and delete other application + credentials and trusts (this is potentially dangerous behavior and is + disabled by default) + +.. option:: --restricted + + Prohibit application credential from creating and deleting other + application credentials and trusts (this is the default behavior) + +.. describe:: + + Name of the application credential + + +application credential delete +----------------------------- + +Delete application credential(s) + +.. program:: application credential delete +.. code:: bash + + openstack application credential delete + [ ...] + +.. describe:: + + Application credential(s) to delete (name or ID) + +application credential list +--------------------------- + +List application credentials + +.. program:: application credential list +.. code:: bash + + openstack application credential list + [--user ] + [--user-domain ] + +.. option:: --user + + User whose application credentials to list (name or ID) + +.. option:: --user-domain + + Domain the user belongs to (name or ID). This can be + used in case collisions between user names exist. + +application credential show +--------------------------- + +Display application credential details + +.. program:: application credential show +.. code:: bash + + openstack application credential show + + +.. describe:: + + Application credential to display (name or ID) -- cgit v1.2.1