openstack-manuals/doc/admin-guide-cloud/source/identity_user_crud.rst
Christian Berendt 6475c37330 RST cleanup: remove line numbering from code listings
Change-Id: If421d82e4c3522a008054c31a2003e81d591bbd3
2015-10-15 09:30:33 +00:00

1.2 KiB

User CRUD

Identity provides a user CRUD (Create, Read, Update, and Delete) filter that can be added to the public_api pipeline. The user CRUD filter enables users to use a HTTP PATCH to change their own password. To enable this extension you should define a user_crud_extension filter, insert it after the "option:*_body middleware and before the public_service application in the public_api WSGI pipeline in keystone-paste.ini. For example:

[filter:user_crud_extension]
paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory

[pipeline:public_api]
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service

Each user can then change their own password with a HTTP PATCH:

$ curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/USERID -H "Content-type: application/json"  \
  -H "X_Auth_Token: AUTHTOKENID" -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}'

In addition to changing their password, all current tokens for the user are invalidated.

Note

Only use a KVS back end for tokens when testing.