### Get Available System Scopes Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example demonstrates the response for retrieving available system scopes based on the provided X-Auth-Token. ```javascript { "system": [ { "all": true } ], "links": { "self": "https://example.com/identity/v3/auth/system" } } ``` -------------------------------- ### Get Project Details Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example shows the JSON response when retrieving details for a specific project. ```json { "project": { "is_domain": false, "description": null, "domain_id": "default", "enabled": true, "id": "0c4e939acacf4376bdcd1129f1a054ad", "links": { "self": "http://example.com/identity/v3/projects/0c4e939acacf4376bdcd1129f1a054ad" }, "name": "admin", "parent_id": "default", "options": {} } } ``` -------------------------------- ### Enable and Start Apache HTTP Service Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-rdo.rst Enable the Apache HTTP service to start on system boot and start the service immediately. ```console # systemctl enable httpd.service # systemctl start httpd.service ``` -------------------------------- ### Example Logging Configuration File Path Source: https://github.com/openstack/keystone/blob/master/doc/source/configuration/samples/logging-conf.rst Illustrates the path to a custom logging configuration file that can be specified in keystone.conf. This allows for advanced logging setup beyond basic configuration. ```ini /etc/keystone/logging.conf ``` -------------------------------- ### Example: Assign Role to User-Project Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/cli-manage-projects-users-and-roles.rst An example demonstrating how to assign the 'new-role' role to the 'demo' user within the 'test-project' project. ```console $ openstack role add --user demo --project test-project new-role ``` -------------------------------- ### Install Keystone Packages Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-ubuntu.rst Install the necessary Keystone packages on the Ubuntu controller node using apt. ```console # apt install keystone ``` -------------------------------- ### Example LDAP Configuration Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This JSON object shows an example configuration for LDAP settings. ```javascript { "ldap": { "url": "http://myldap/root", "user_tree_dn": "ou=Users,dc=root,dc=org" } } ``` -------------------------------- ### Get Project Details with Parents as List Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example demonstrates the JSON response when retrieving project details with the `parents_as_list` query parameter enabled, showing the project's parent hierarchy. ```json { "project": { "domain_id": "1789d1", "enabled": true, "id": "263fd9", "links": { "self": "http://example.com/identity/v3/projects/263fd9" }, "name": "Dev Group A", "options": {}, "parent_id": "183ab2", "parents": [ { "project": { "domain_id": "1789d1", "enabled": true, "id": "183ab2", "links": { "self": "http://example.com/identity/v3/projects/183ab2" }, "name": "Dev Group A Parent", "parent_id": null } } ] } } ``` -------------------------------- ### Get Project Details with Subtree as List Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example shows the JSON response when retrieving project details with the `subtree_as_list` query parameter enabled, including the project's direct children and their descendants. ```json { "project": { "domain_id": "1789d1", "enabled": true, "id": "263fd9", "links": { "self": "http://example.com/identity/v3/projects/263fd9" }, "name": "Dev Group A", "options": {}, "parent_id": "183ab2", "subtree": [ { "project": { "domain_id": "1789d1", "enabled": true, "id": "9n1jhb", "links": { "self": "http://example.com/identity/v3/projects/9n1jhb" }, "name": "Dev Group A Child 1", "parent_id": "263fd9" } }, { "project": { "domain_id": "1789d1", "enabled": true, "id": "4b6aa1", "links": { "self": "http://example.com/identity/v3/projects/4b6aa1" }, "name": "Dev Group A Child 2", "parent_id": "263fd9" } }, { "project": { "domain_id": "1789d1", "enabled": true, "id": "b76eq8", "links": { "self": "http://example.com/identity/v3/projects/b76xq8" }, "name": "Dev Group A Grandchild", "parent_id": "4b6aa1" } } ] } } ``` -------------------------------- ### Project Response Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This is an example of a successful response when retrieving project information, including associated tags. ```javascript { "links": { "next": null, "previous": null, "self": "http://identity:5000/v3/projects" }, "projects": [ { "description": "Test Project", "domain_id": "default", "enabled": true, "id": "3d4c2c82bd5948f0bcab0cf3a7c9b48c", "links": { "self": "http://identity:5000/v3/projects/3d4c2c82bd5948f0bcab0cf3a7c9b48c" }, "name": "demo", "tags": ["foo", "bar"] } ] } ``` -------------------------------- ### Templated Backend Configuration Example Source: https://github.com/openstack/keystone/blob/master/doc/source/getting-started/architecture.rst An example of paste.deploy configuration for a templated catalog backend, using environment variables for dynamic URL construction. ```ini [DEFAULT] catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v3 catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v3 catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v3 catalog.RegionOne.identity.name = 'Identity Service' ``` -------------------------------- ### List Policies Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md Example JSON response when listing policies. It includes pagination links and a list of policy objects. ```json { "links": { "next": null, "previous": null, "self": "http://example.com/identity/v3/policies" }, "policies": [ { "blob": { "foobar_user": [ "role:compute-user" ] }, "id": "717273", "links": { "self": "http://example.com/identity/v3/policies/717273" }, "type": "application/json" }, { "blob": { "foobar_user": [ "role:compute-user" ] }, "id": "717274", "links": { "self": "http://example.com/identity/v3/policies/717274" }, "type": "application/json" } ] } ``` -------------------------------- ### Create Policy Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md Example of a request body to create a policy, specifying the policy type and the serialized policy blob. ```javascript { "policy": { "blob": "{'foobar_user': 'role:compute-user'}", "type": "application/json" } } ``` -------------------------------- ### Install Keystone Packages Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-rdo.rst Install the necessary OpenStack Keystone, Apache HTTP server, and uWSGI Python plugin packages using dnf. ```console # dnf install openstack-keystone httpd uwsgi-plugin-python3 ``` -------------------------------- ### Create Region Request Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example demonstrates how to create a new region, including specifying a parent region to establish a hierarchy. ```javascript { "region": { "description": "My subregion", "id": "RegionOneSubRegion", "parent_region_id": "RegionOne" } } ``` -------------------------------- ### Example: Create swift object store service Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/manage-services.rst Demonstrates creating a 'swift' service with the type 'object-store' and a specific description. The output shows the details of the newly created service. ```console $ openstack service create --name swift --description "object store service" object-store +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | object store service | | enabled | True | | id | 84c23f4b942c44c38b9c42c5e517cd9a | | name | swift | | type | object-store | +-------------+----------------------------------+ ``` -------------------------------- ### Get a token from a token Source: https://github.com/openstack/keystone/blob/master/doc/source/api_curl_examples.rst This example demonstrates how to obtain a new token by authenticating with an existing token. It includes the request payload and an example of a successful response. ```APIDOC ## POST /v3/auth/tokens ### Description Get a token from a token. ### Method POST ### Endpoint http://localhost:5000/v3/auth/tokens ### Parameters #### Request Body - **auth** (object) - Required - Authentication details. - **identity** (object) - Required - Identity provider details. - **methods** (array) - Required - List of authentication methods. Must include "token". - **token** (object) - Required - Token details. - **id** (string) - Required - The existing token ID. ### Request Example ```json { "auth": { "identity": { "methods": ["token"], "token": { "id": "'$OS_TOKEN'" } } } } ``` ### Response #### Success Response (201 Created) - **token** (object) - Details of the newly issued token. - **issued_at** (string) - The timestamp when the token was issued. - **audit_ids** (array) - List of audit IDs associated with the token. - **methods** (array) - List of authentication methods used. - **expires_at** (string) - The timestamp when the token expires. - **user** (object) - User details. - **password_expires_at** (null) - Indicates if the password has an expiration. - **domain** (object) - User's domain details. - **id** (string) - The domain ID. - **name** (string) - The domain name. - **id** (string) - The user ID. - **name** (string) - The username. #### Response Example ```json { "token": { "issued_at": "2018-05-11T03:41:29.000000Z", "audit_ids": [ "zS_C_KROTFeZm-VlG1LjbA", "RAjE82q8Rz-Cd50ogCpx3Q" ], "methods": [ "token", "password" ], "expires_at": "2018-05-11T04:40:00.000000Z", "user": { "password_expires_at": null, "domain": { "id": "default", "name": "Default" }, "id": "9a7e43333cc44ef4b988f05fc3d3a49d", "name": "admin" } } } ``` ### Note If a scope was included in the request body then this would get a token with the new scope. ``` -------------------------------- ### Connect to MySQL Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-ubuntu.rst Connect to the MySQL database server as the root user to perform initial setup. ```console # mysql ``` -------------------------------- ### Initialize Credential Encryption Keys Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/credential-encryption.rst Use 'keystone-manage credential_setup' to populate the specified key repository with new encryption keys. This command should only be run once during initial setup. ```bash keystone-manage credential_setup ``` -------------------------------- ### Get Role Delegated by Trust Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3-ext/index.md Retrieves a specific role that has been delegated by a trust. This example shows a successful response containing the role details. ```javascript { "role": { "id": "c1648e", "links": { "self": "http://example.com/identity/v3/roles/c1648e" }, "name": "manager" } } ``` -------------------------------- ### Get Role Response Body Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This is an example of a successful response when retrieving role details. It includes domain ID, role ID, links, name, description, and options. ```javascript { "role": { "domain_id": "73748865fb964ded9e836d491d32dcfb", "id": "1e443fa8cee3482a8a2b6954dd5c8f12", "links": { "self": "http://example.com/identity/v3/roles/1e443fa8cee3482a8a2b6954dd5c8f12" }, "description": "My new role", "name": "Developer", "options": {} } } ``` -------------------------------- ### Initialize Fernet Key Repositories Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-rdo.rst Set up Fernet key repositories and credentials for the Identity service. Use --keystone-user and --keystone-group flags to specify the operating system user and group running keystone. ```console # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone ``` -------------------------------- ### Create a project Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/identity-concepts.rst Creates a new project within the default domain. ```console $ openstack project create acme --domain default ``` -------------------------------- ### List Domains Response for Federated User Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3-ext/index.md Example JSON response for domains a federated user can access. This endpoint is deprecated and core `GET /auth/domains` should be used instead. ```javascript { "domains": [ { "description": "desc of domain", "enabled": true, "id": "37ef61", "links": { "self": "http://example.com/identity/v3/domains/37ef61" }, "name": "my domain" } ], "links": { "self": "http://example.com/identity/v3/OS-FEDERATION/domains", "previous": null, "next": null } } ``` -------------------------------- ### Keystone Authentication Examples using Command-Line Flags Source: https://github.com/openstack/keystone/blob/master/doc/source/user/supported_clients.rst Illustrates how to authenticate with Keystone and execute commands such as listing users and creating projects by passing all necessary credentials directly as command-line flags with python-openstackclient. ```bash # Using password authentication, with flags $ openstack --os-username=admin --os-user-domain-name=Default \ --os-password=secret \ --os-project-name=admin --os-project-domain-name=Default \ --os-auth-url=http://localhost:5000/v3 --os-identity-api-version=3 \ user list $ openstack --os-username=admin --os-user-domain-name=Default \ --os-password=secret \ --os-project-name=admin --os-project-domain-name=Default \ --os-auth-url=http://localhost:5000/v3 --os-identity-api-version=3 \ project create demo ``` -------------------------------- ### Create User Source: https://github.com/openstack/keystone/blob/master/doc/source/api_curl_examples.rst Initiates the creation of a new user within the identity service. This example shows the request setup, requiring an authentication token and content type specification. ```bash curl -s \ -H "X-Auth-Token: $OS_TOKEN" \ -H "Content-Type: application/json" \ ``` -------------------------------- ### Get Federation Protocol Details Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3-ext/index.md Example response body when retrieving details of a specific federation protocol for an identity provider. It includes the protocol ID, links, and mapping ID. ```javascript { "protocol": { "id": "saml2", "links": { "identity_provider": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME", "self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME/protocols/saml2" }, "mapping_id": "xyz234" } } ``` -------------------------------- ### Example: Show details for object-store service Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/manage-services.rst Example of retrieving details for the 'object-store' service. The output displays the service's description, enabled status, ID, name, and type. ```console $ openstack service show object-store +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | object store service | | enabled | True | | id | 84c23f4b942c44c38b9c42c5e517cd9a | | name | swift | | type | object-store | +-------------+----------------------------------+ ``` -------------------------------- ### Keystone Authentication Examples using Environment Variables Source: https://github.com/openstack/keystone/blob/master/doc/source/user/supported_clients.rst Demonstrates how to authenticate with Keystone and perform common operations like listing users, creating projects, and issuing tokens using environment variables with python-openstackclient. ```bash # Using password authentication, with environment variables $ export OS_USERNAME=admin $ export OS_USER_DOMAIN_NAME=Default $ export OS_PASSWORD=secret $ export OS_PROJECT_NAME=admin $ export OS_PROJECT_DOMAIN_NAME=Default $ export OS_AUTH_URL=http://localhost:5000/v3 $ export OS_IDENTITY_API_VERSION=3 $ openstack user list $ openstack project create demo $ openstack token issue ``` -------------------------------- ### Create a Regular Project Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md Use this snippet to create a standard project with a description and domain ID. ```javascript { "project": { "description": "My new project", "domain_id": "default", "enabled": true, "is_domain": false, "name": "myNewProject", "options": {} } } ``` -------------------------------- ### Credential Object Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This is an example of a credential object as returned by the API. ```javascript { "credential": { "user_id": "bb5476fd12884539b41d5a88f838d773", "links": { "self": "http://example.com/identity/v3/credentials/3d3367228f9c7665266604462ec60029bcd83ad89614021a80b2eb879c572510" }, "blob": "{\"access\":\"181920\",\"secret\":\"secretKey\"}", "project_id": "731fc6f265cd486d900f16e84c5cb594", "type": "ec2", "id": "3d3367228f9c7665266604462ec60029bcd83ad89614021a80b2eb879c572510" } } ``` -------------------------------- ### Connect to MySQL Database Source: https://github.com/openstack/keystone/blob/master/doc/source/install/keystone-install-rdo.rst Connect to the database server as the root user to perform initial database setup. ```console $ mysql -u root -p ``` -------------------------------- ### Auth Receipt Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md An example of an authentication receipt returned by Keystone. ```javascript { "receipt":{ "expires_at":"2018-07-05T08:39:23.000000Z", "issued_at":"2018-07-05T08:34:23.000000Z", "methods": [ "password" ], "user": { "domain": { "id": "default", "name": "Default" }, "id": "ee4dfb6e5540447cb3741905149d9b6e", "name": "admin" } }, "required_auth_methods": [ ["totp", "password"] ] } ``` -------------------------------- ### Create a New Project Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/cli-manage-projects-users-and-roles.rst Creates a new project with a specified name and description. If no domain is specified, the project is created in the default domain. ```console $ openstack project create --description 'my new project' new-project \ --domain default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | my new project | | domain_id | e601210181f54843b51b3edff41d4980 | | enabled | True | | id | 1a4a0618b306462c9830f876b0bd6af2 | | is_domain | False | | name | new-project | | parent_id | e601210181f54843b51b3edff41d4980 | | tags | [] | +-------------+----------------------------------+ ``` -------------------------------- ### Unscoped Token Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md An example of an unscoped token response from the Keystone API. ```APIDOC ## Unscoped Token Example ### Response Example ```javascript { "token": { "audit_ids": [ "mAjXQhiYRyKwkB4qygdLVg" ], "expires_at": "2015-11-05T22:00:11.000000Z", "issued_at": "2015-11-05T21:00:33.819948Z", "methods": [ "password" ], "user": { "domain": { "id": "default", "name": "Default" }, "id": "10a2e6e717a245d9acad3e5f97aeca3d", "name": "admin", "password_expires_at": null } } } ``` ``` -------------------------------- ### Build documentation Source: https://github.com/openstack/keystone/blob/master/doc/source/contributor/testing-keystone.rst Render all project documentation and manual pages using the 'docs' tox environment. The output is written to the 'doc/' directory. ```bash tox -e docs ``` -------------------------------- ### List Domains Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example shows the JSON response structure when listing domains. ```javascript { "domains": [ { "description": "my domain description", "enabled": true, "id": "1789d1", "links": { "self": "https://example.com/identity/v3/domains/1789d1" }, "name": "my domain" }, { "description": "description of my other domain", "enabled": true, "id": "43e8da", "links": { "self": "https://example.com/identity/v3/domains/43e8da" }, "name": "another domain" } ], "links": { "self": "https://example.com/identity/v3/auth/domains", "previous": null, "next": null } } ``` -------------------------------- ### Region Response Example Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md This example shows the structure of a successful response when retrieving region information. ```javascript { "links": { "next": null, "previous": null, "self": "http://example.com/identity/v3/regions" }, "regions": [ { "description": "", "id": "RegionOne", "links": { "self": "http://example.com/identity/v3/regions/RegionOne" }, "parent_region_id": null } ] } ``` -------------------------------- ### Build Documentation with Tox Source: https://github.com/openstack/keystone/blob/master/doc/README.rst Run this command from the repository root to build the developer documentation. The output will be located in the 'doc/build/' directory. ```bash $ tox -e docs ``` -------------------------------- ### Example Role IDs Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3-ext/index.md Provides an example JSON structure for specifying role IDs in a request. ```javascript { "roles": [ { "id": "a3b29b" }, { "id": "49993e" } ] } ``` -------------------------------- ### List domains Source: https://github.com/openstack/keystone/blob/master/doc/source/api_curl_examples.rst This example demonstrates how to list all available domains in the system. ```APIDOC ## GET /v3/domains ### Description List domains. ### Method GET ### Endpoint /v3/domains ``` -------------------------------- ### Generate Keystone Configuration Sample Source: https://github.com/openstack/keystone/blob/master/doc/source/contributor/set-up-keystone.rst Generate a sample Keystone configuration file (etc/keystone.conf.sample) using tox. This is useful for local development and testing. ```bash tox -e genconfig ``` -------------------------------- ### Example User Creation Notification Source: https://github.com/openstack/keystone/blob/master/doc/source/admin/event_notifications.rst This is an example of a notification payload sent when a new user is created in Keystone. ```javascript { "event_type": "identity.user.created", "message_id": "0156ee79-b35f-4cef-ac37-d4a85f231c69", "payload": { "resource_info": "671da331c47d4e29bb6ea1d270154ec3" }, "priority": "INFO", "publisher_id": "identity.host1234", "timestamp": "2013-08-29 19:03:45.960280" } ``` -------------------------------- ### Get Logger Instance Source: https://github.com/openstack/keystone/blob/master/HACKING.rst Import the common logging module and get a logger instance for the current module. ```python from oslo_log import log LOG = log.getLogger(__name__) ``` -------------------------------- ### Example LDAP Configuration Source: https://github.com/openstack/keystone/blob/master/api-ref/source/v3/index.md Provides an example JSON structure for configuring the LDAP identity driver in OpenStack Keystone. ```javascript { "config": { "identity": { "driver": "ldap" }, "ldap": { "url": "http://myldap/root", "user_tree_dn": "ou=Users,dc=root,dc=org" } } } ```