identity: autogenerate docs

$namespace = openstack.identity.v{2|3}

The subcommand documents for $namespace were hardcoded and thus prone to
drift over time. This commit removes the hardcoded content and uses the
autoprogram-cliff directive to generate them automatically from the
subcommand configuration classes.

Special things:

- Some reorganization happened here. Certain subcommand names, such as
  `endpoint` and `project`, are shared by identify v2 and v3. Previously
  the hardcoded documents had them combined and interleaved. Attempting
  to preserve this with autoprogram-cliff would have required
  significant additional infrastructure. However, since most readers
  care completely about one and not at all about the other, we instead
  split the v2 and v3 versions of these commands into separate pages. In
  case links to the old pages exist in the wild, they are preserved, but
  moved (with redirects) to a hidden directory, and populated simply
  with links to the new version-specific generated documents.

- The `federation domain` and `federation project` subcommands were
  previously absent from the docs. They are added. These are such small
  commands and they seem related, so they're put into a single document.

- Some pages were already being generated but were listing operations
  individually instead of using wildcards (possibly because they were
  created before wildcarding was supported by cliff). These are changed
  to use wildcarding. (We want to do this wherever possible as it is
  more future-proof in the event that more operations are added to a
  subcommand later.)

- The `service provider` document was incorrectly titled `identity
  provider`. Fixed.

Change-Id: I2030f9fe370038c5908b6eb6bed9692a73fe5067
This commit is contained in:
Eric Fried 2019-11-04 17:16:34 -06:00 committed by Monty Taylor
parent 00e88822e3
commit 26878e7d53
50 changed files with 271 additions and 2458 deletions

View File

@ -9,3 +9,6 @@ redirectmatch 301 ^/python-openstackclient/([^/]+)/specs/([^/.]+).html$ /python-
redirectmatch 301 ^/python-openstackclient/([^/]+)/(command-(beta|errors|logs|options|wrappers)|developing|humaninterfaceguide|plugins).html$ /python-openstackclient/$1/contributor/$2.html redirectmatch 301 ^/python-openstackclient/([^/]+)/(command-(beta|errors|logs|options|wrappers)|developing|humaninterfaceguide|plugins).html$ /python-openstackclient/$1/contributor/$2.html
redirectmatch 301 ^/python-openstackclient/([^/]+)/cli/plugin-commands.html$ /python-openstackclient/$1/cli/plugin-commands/index.html redirectmatch 301 ^/python-openstackclient/([^/]+)/cli/plugin-commands.html$ /python-openstackclient/$1/cli/plugin-commands/index.html
# Identity pages were split into -v2 and -v3 for common subcommand names.
# The unversioned page is hidden but contains links to the versioned pages so links in the wild redirect somewhere sane.
redirectmatch 301 ^/python-openstackclient/([^/]+)/cli/command-objects/(ec2-credentials|endpoint|project|role|service|token|user).html$ /python-openstackclient/$1/cli/_hidden/$2.html

View File

@ -0,0 +1,13 @@
===============
ec2 credentials
===============
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/ec2-credentials-v2
../command-objects/ec2-credentials-v3

View File

@ -0,0 +1,13 @@
========
endpoint
========
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/endpoint-v2
../command-objects/endpoint-v3

View File

@ -0,0 +1,13 @@
=======
project
=======
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/project-v2
../command-objects/project-v3

View File

@ -0,0 +1,13 @@
====
role
====
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/role-v2
../command-objects/role-v3

View File

@ -0,0 +1,13 @@
=======
service
=======
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/service-v2
../command-objects/service-v3

View File

@ -0,0 +1,13 @@
=====
token
=====
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/token-v2
../command-objects/token-v3

View File

@ -0,0 +1,13 @@
====
user
====
.. NOTE(efried): This page is hidden from the main TOC; it's here so links in
the wild redirect somewhere sane, because previously identity v2 and v3 were
combined in a single page.
.. toctree::
:maxdepth: 2
../command-objects/user-v2
../command-objects/user-v3

View File

@ -8,109 +8,6 @@ With application credentials, a user can grant their applications limited
access to their cloud resources. Once created, users can authenticate with an access to their cloud resources. Once created, users can authenticate with an
application credential by using the ``v3applicationcredential`` auth type. application credential by using the ``v3applicationcredential`` auth type.
application credential create
-----------------------------
Create new application credential .. autoprogram-cliff:: openstack.identity.v3
:command: application credential *
.. program:: application credential create
.. code:: bash
openstack application credential create
[--secret <secret>]
[--role <role>]
[--expiration <expiration>]
[--description <description>]
[--restricted|--unrestricted]
[--access-rules <access-rules>]
<name>
.. option:: --secret <secret>
Secret to use for authentication (if not provided, one will be generated)
.. option:: --role <role>
Roles to authorize (name or ID) (repeat option to set multiple values)
.. option:: --expiration <expiration>
Sets an expiration date for the application credential (format of
YYYY-mm-ddTHH:MM:SS)
.. option:: --description <description>
Application credential description
.. option:: --unrestricted
Enable application credential to create and delete other application
credentials and trusts (this is potentially dangerous behavior and is
disabled by default)
.. option:: --restricted
Prohibit application credential from creating and deleting other
application credentials and trusts (this is the default behavior)
.. option:: --access-rules
Either a string or file path containing a JSON-formatted list of access
rules, each containing a request method, path, and service, for example
'[{"method": "GET", "path": "/v2.1/servers", "service": "compute"}]'
.. describe:: <name>
Name of the application credential
application credential delete
-----------------------------
Delete application credential(s)
.. program:: application credential delete
.. code:: bash
openstack application credential delete
<application-credential> [<application-credential> ...]
.. describe:: <application-credential>
Application credential(s) to delete (name or ID)
application credential list
---------------------------
List application credentials
.. program:: application credential list
.. code:: bash
openstack application credential list
[--user <user>]
[--user-domain <user-domain>]
.. option:: --user
User whose application credentials to list (name or ID)
.. option:: --user-domain
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
application credential show
---------------------------
Display application credential details
.. program:: application credential show
.. code:: bash
openstack application credential show
<application-credential>
.. describe:: <application-credential>
Application credential to display (name or ID)

View File

@ -6,7 +6,4 @@ A **catalog** lists OpenStack services that are available on the cloud.
Applicable to Identity v2 and v3 Applicable to Identity v2 and v3
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: catalog list :command: catalog *
.. autoprogram-cliff:: openstack.identity.v3
:command: catalog show

View File

@ -7,16 +7,4 @@ is used to create a **request token** and **access token**. Applicable to
Identity v3. Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: consumer create :command: consumer *
.. autoprogram-cliff:: openstack.identity.v3
:command: consumer delete
.. autoprogram-cliff:: openstack.identity.v3
:command: consumer list
.. autoprogram-cliff:: openstack.identity.v3
:command: consumer set
.. autoprogram-cliff:: openstack.identity.v3
:command: consumer show

View File

@ -4,125 +4,5 @@ credential
Identity v3 Identity v3
credential create .. autoprogram-cliff:: openstack.identity.v3
----------------- :command: credential *
Create new credential
.. program:: credential create
.. code:: bash
openstack credential create
[--type <type>]
[--project <project>]
<user> <data>
.. option:: --type <type>
New credential type: cert, ec2, totp and so on
.. option:: --project <project>
Project which limits the scope of the credential (name or ID)
.. _credential_create:
.. describe:: <user>
User that owns the credential (name or ID)
.. describe:: <data>
New credential data
credential delete
-----------------
Delete credential(s)
.. program:: credential delete
.. code:: bash
openstack credential delete
<credential-id> [<credential-id> ...]
.. _credential_delete:
.. describe:: <credential-id>
ID(s) of credential to delete
credential list
---------------
List credentials
.. program:: credential list
.. code:: bash
openstack credential list
[--user <user> [--user-domain <user-domain>]]
[--type <type>]
.. option:: --user <user>
Filter credentials by <user> (name or ID)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. option:: --type <type>
Filter credentials by type: cert, ec2, totp and so on
credential set
--------------
Set credential properties
.. program:: credential set
.. code:: bash
openstack credential set
[--user <user>]
[--type <type>]
[--data <data>]
[--project <project>]
<credential-id>
.. option:: --user <user>
User that owns the credential (name or ID)
.. option:: --type <type>
New credential type: cert, ec2, totp and so on.
.. option:: --data <data>
New credential data
.. option:: --project <project>
Project which limits the scope of the credential (name or ID)
.. _credential_set:
.. describe:: <credential-id>
ID of credential to change
credential show
---------------
Display credential details
.. program:: credential show
.. code:: bash
openstack credential show
<credential-id>
.. _credential_show:
.. describe:: <credential-id>
ID of credential to display

View File

@ -0,0 +1,6 @@
=============================
ec2 credentials (Identity v2)
=============================
.. autoprogram-cliff:: openstack.identity.v2
:command: ec2 credentials *

View File

@ -0,0 +1,6 @@
=============================
ec2 credentials (Identity v3)
=============================
.. autoprogram-cliff:: openstack.identity.v3
:command: ec2 credentials *

View File

@ -1,138 +0,0 @@
===============
ec2 credentials
===============
Identity v2
ec2 credentials create
----------------------
Create EC2 credentials
.. program:: ec2 credentials create
.. code-block:: bash
openstack ec2 credentials create
[--project <project>]
[--user <user>]
[--user-domain <user-domain>]
[--project-domain <project-domain>]
.. option:: --project <project>
Create credentials in project (name or ID; default: current authenticated project)
.. option:: --user <user>
Create credentials for user (name or ID; default: current authenticated user)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
The :option:`--project` and :option:`--user` options are typically only
useful for admin users, but may be allowed for other users depending on
the policy of the cloud and the roles granted to the user.
ec2 credentials delete
----------------------
Delete EC2 credentials
.. program:: ec2 credentials delete
.. code-block:: bash
openstack ec2 credentials delete
[--user <user>]
[--user-domain <user-domain>]
<access-key> [<access-key> ...]
.. option:: --user <user>
Delete credentials for user (name or ID)
.. option:: --user-domain <user-domain>
Select user from a specific domain (name or ID)
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. _ec2_credentials_delete-access-key:
.. describe:: access-key
Credentials access key(s)
The :option:`--user` option is typically only useful for admin users, but
may be allowed for other users depending on the policy of the cloud and
the roles granted to the user.
ec2 credentials list
--------------------
List EC2 credentials
.. program:: ec2 credentials list
.. code-block:: bash
openstack ec2 credentials list
[--user <user>]
[--user-domain <user-domain>]
.. option:: --user <user>
Filter list by <user> (name or ID)
.. option:: --user-domain <user-domain>
Select user from a specific domain (name or ID)
This can be used in case collisions between user names exist.
.. versionadded:: 3
The :option:`--user` option is typically only useful for admin users, but
may be allowed for other users depending on the policy of the cloud and
the roles granted to the user.
ec2 credentials show
--------------------
Display EC2 credentials details
.. program:: ec2 credentials show
.. code-block:: bash
openstack ec2 credentials show
[--user <user>]
[--user-domain <user-domain>]
<access-key>
.. option:: --user <user>
Show credentials for user (name or ID)
.. option:: --user-domain <user-domain>
Select user from a specific domain (name or ID)
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. _ec2_credentials_show-access-key:
.. describe:: access-key
Credentials access key
The :option:`--user` option is typically only useful for admin users, but
may be allowed for other users depending on the policy of the cloud and
the roles granted to the user.

View File

@ -0,0 +1,6 @@
======================
endpoint (Identity v2)
======================
.. autoprogram-cliff:: openstack.identity.v2
:command: endpoint *

View File

@ -0,0 +1,24 @@
======================
endpoint (Identity v3)
======================
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint add project
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint create
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint delete
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint list
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint remove project
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint set
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint show

View File

@ -1,275 +0,0 @@
========
endpoint
========
Identity v2, v3
endpoint add project
--------------------
Associate a project to an endpoint for endpoint filtering
.. program:: endpoint add project
.. code:: bash
openstack endpoint add project
[--project-domain <project-domain>]
<endpoint>
<project>
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _endpoint_add_project-endpoint:
.. describe:: <endpoint>
Endpoint to associate with specified project (name or ID)
.. _endpoint_add_project-project:
.. describe:: <project>
Project to associate with specified endpoint (name or ID)
endpoint create
---------------
Create new endpoint
*Identity version 2 only*
.. program:: endpoint create (v2)
.. code:: bash
openstack endpoint create
--publicurl <url>
[--adminurl <url>]
[--internalurl <url>]
[--region <region-id>]
<service>
.. option:: --publicurl <url>
New endpoint public URL (required)
.. option:: --adminurl <url>
New endpoint admin URL
.. option:: --internalurl <url>
New endpoint internal URL
.. option:: --region <region-id>
New endpoint region ID
.. _endpoint_create-endpoint:
.. describe:: <service>
Service to be associated with new endpoint (name or ID)
*Identity version 3 only*
.. program:: endpoint create (v3)
.. code:: bash
openstack endpoint create
[--region <region-id>]
[--enable | --disable]
<service>
<interface>
<url>
.. option:: --region <region-id>
New endpoint region ID
.. option:: --enable
Enable endpoint (default)
.. option:: --disable
Disable endpoint
.. describe:: <service>
Service to be associated with new endpoint(name or ID)
.. describe:: <interface>
New endpoint interface type (admin, public or internal)
.. describe:: <url>
New endpoint URL
endpoint delete
---------------
Delete endpoint(s)
.. program:: endpoint delete
.. code:: bash
openstack endpoint delete
<endpoint-id> [<endpoint-id> ...]
.. _endpoint_delete-endpoint:
.. describe:: <endpoint-id>
Endpoint(s) to delete (ID only)
endpoint list
-------------
List endpoints
.. program:: endpoint list
.. code:: bash
openstack endpoint list
[--service <service>]
[--interface <interface>]
[--region <region-id>]
[--long]
[--endpoint <endpoint> |
--project <project> [--project-domain <project-domain>]]
.. option:: --service <service>
Filter by service (type, name or ID)
*Identity version 3 only*
.. option:: --interface <interface>
Filter by interface type (admin, public or internal)
*Identity version 3 only*
.. option:: --region <region-id>
Filter by region ID
*Identity version 3 only*
.. option:: --long
List additional fields in output
*Identity version 2 only*
.. option:: --endpoint
List projects that have access to that endpoint using
endpoint filtering
*Identity version 3 only*
.. option:: --project
List endpoints available for the project using
endpoint filtering
*Identity version 3 only*
.. option:: --project-domain
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
*Identity version 3 only*
endpoint remove project
-----------------------
Dissociate a project from an endpoint.
.. program:: endpoint remove project
.. code:: bash
openstack endpoint remove project
[--project-domain <project-domain>]
<endpoint>
<project>
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. _endpoint_remove_project-endpoint:
.. describe:: <endpoint>
Endpoint to dissociate with specified project (name or ID)
.. _endpoint_remove_project-project:
.. describe:: <project>
Project to dissociate with specified endpoint (name or ID)
endpoint set
------------
Set endpoint properties
*Identity version 3 only*
.. program:: endpoint set
.. code:: bash
openstack endpoint set
[--region <region-id>]
[--interface <interface>]
[--url <url>]
[--service <service>]
[--enable | --disable]
<endpoint-id>
.. option:: --region <region-id>
New endpoint region ID
.. option:: --interface <interface>
New endpoint interface type (admin, public or internal)
.. option:: --url <url>
New endpoint URL
.. option:: --service <service>
New endpoint service (name or ID)
.. option:: --enable
Enable endpoint
.. option:: --disable
Disable endpoint
.. _endpoint_set-endpoint:
.. describe:: <endpoint-id>
Endpoint to modify (ID only)
endpoint show
-------------
Display endpoint details
.. program:: endpoint show
.. code:: bash
openstack endpoint show
<endpoint>
.. _endpoint_show-endpoint:
.. describe:: <endpoint>
Endpoint to display (endpoint ID, service ID, service name, service type)

View File

@ -7,22 +7,4 @@ can be used to filter the endpoints that are available to a project.
Applicable to Identity v3 Applicable to Identity v3
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group add project :command: endpoint group *
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group create
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group delete
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group list
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group remove project
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group set
.. autoprogram-cliff:: openstack.identity.v3
:command: endpoint group show

View File

@ -0,0 +1,11 @@
=========================
federation domain/project
=========================
Identity v3
.. autoprogram-cliff:: openstack.identity.v3
:command: federation domain *
.. autoprogram-cliff:: openstack.identity.v3
:command: federation project *

View File

@ -7,16 +7,4 @@ extension. It is used by **identity providers** and **mappings**. Applicable to
Identity v3. Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: federation protocol create :command: federation protocol *
.. autoprogram-cliff:: openstack.identity.v3
:command: federation protocol delete
.. autoprogram-cliff:: openstack.identity.v3
:command: federation protocol list
.. autoprogram-cliff:: openstack.identity.v3
:command: federation protocol set
.. autoprogram-cliff:: openstack.identity.v3
:command: federation protocol show

View File

@ -4,246 +4,5 @@ group
Identity v3 Identity v3
group add user .. autoprogram-cliff:: openstack.identity.v3
-------------- :command: group *
Add user to group
.. program:: group add user
.. code:: bash
openstack group add user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user> [<user> ...]
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group to contain <user> (name or ID)
.. describe:: <user>
User(s) to add to <group> (name or ID)
(repeat option to add multiple users)
group contains user
-------------------
Check user membership in group
.. program:: group contains user
.. code:: bash
openstack group contains user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user>
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group to check (name or ID)
.. describe:: <user>
User to check (name or ID)
group create
------------
Create new group
.. program:: group create
.. code:: bash
openstack group create
[--domain <domain>]
[--description <description>]
[--or-show]
<group-name>
.. option:: --domain <domain>
Domain to contain new group (name or ID)
.. option:: --description <description>
New group description
.. option:: --or-show
Return existing group
If the group already exists, return the existing group data and do not fail.
.. describe:: <group-name>
New group name
group delete
------------
Delete group
.. program:: group delete
.. code:: bash
openstack group delete
[--domain <domain>]
<group> [<group> ...]
.. option:: --domain <domain>
Domain containing group(s) (name or ID)
.. describe:: <group>
Group(s) to delete (name or ID)
group list
----------
List groups
.. program:: group list
.. code:: bash
openstack group list
[--domain <domain>]
[--user <user> [--user-domain <user-domain>]]
[--long]
.. option:: --domain <domain>
Filter group list by <domain> (name or ID)
.. option:: --user <user>
Filter group list by <user> (name or ID)
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --long
List additional fields in output
group remove user
-----------------
Remove user from group
.. program:: group remove user
.. code:: bash
openstack group remove user
[--group-domain <group-domain>]
[--user-domain <user-domain>]
<group>
<user> [<user> ...]
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID). This can be
used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID). This can be
used in case collisions between user names exist.
.. versionadded:: 3
.. describe:: <group>
Group containing <user> (name or ID)
.. describe:: <user>
User(s) to remove from <group> (name or ID)
(repeat option to remove multiple users)
group set
---------
Set group properties
.. program:: group set
.. code:: bash
openstack group set
[--domain <domain>]
[--name <name>]
[--description <description>]
<group>
.. option:: --domain <domain>
Domain containing <group> (name or ID)
.. option:: --name <name>
New group name
.. option:: --description <description>
New group description
.. describe:: <group>
Group to modify (name or ID)
group show
----------
Display group details
.. program:: group show
.. code:: bash
openstack group show
[--domain <domain>]
<group>
.. option:: --domain <domain>
Domain containing <group> (name or ID)
.. describe:: <group>
Group to display (name or ID)

View File

@ -7,16 +7,4 @@ extension. It is used by **federation protocols** and **mappings**. Applicable
to Identity v3. to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: identity provider create :command: identity provider *
.. autoprogram-cliff:: openstack.identity.v3
:command: identity provider delete
.. autoprogram-cliff:: openstack.identity.v3
:command: identity provider list
.. autoprogram-cliff:: openstack.identity.v3
:command: identity provider set
.. autoprogram-cliff:: openstack.identity.v3
:command: identity provider show

View File

@ -4,54 +4,5 @@ implied role
Identity v3 Identity v3
.. autoprogram-cliff:: openstack.identity.v3
implied role create :command: implied role *
-------------------
Creates an association between prior and implied roles
.. program:: implied role create
.. code:: bash
openstack implied role create
<role>
--implied-role <role>
.. option:: <role>
Prior role <role> (name or ID) implies another role
.. option:: --implied-role <role>
<role> (name or ID) implied by another role
implied role delete
-------------------
Deletes an association between prior and implied roles
.. program:: implied role delete
.. code:: bash
openstack implied role delete
<role>
--implied-role <role>
.. option:: <role>
Prior role <role> (name or ID) implies another role
.. option:: --implied-role <role>
<role> (name or ID) implied by another role
implied role list
-----------------
List implied roles
.. program:: implied role list
.. code:: bash
openstack implied role list

View File

@ -6,128 +6,5 @@ Identity v3
Limits are used to specify project-specific limits thresholds of resources. Limits are used to specify project-specific limits thresholds of resources.
limit create .. autoprogram-cliff:: openstack.identity.v3
------------ :command: limit *
Create a new limit
.. program:: limit create
.. code:: bash
openstack limit create
[--description <description>]
[--region <region>]
--project <project>
--service <service>
--resource-limit <resource-limit>
<resource-name>
.. option:: --description <description>
Useful description of the limit or its purpose
.. option:: --region <region>
Region that the limit should be applied to
.. describe:: --project <project>
The project that the limit applies to (required)
.. describe:: --service <service>
The service that is responsible for the resource being limited (required)
.. describe:: --resource-limit <resource-limit>
The limit to apply to the project (required)
.. describe:: <resource-name>
The name of the resource to limit (e.g. cores or volumes)
limit delete
------------
Delete project-specific limit(s)
.. program:: limit delete
.. code:: bash
openstack limit delete
<limit-id> [<limit-id> ...]
.. describe:: <limit-id>
Limit(s) to delete (ID)
limit list
----------
List project-specific limits
.. program:: limit list
.. code:: bash
openstack limit list
[--service <service>]
[--resource-name <resource-name>]
[--region <region>]
[--project <project>]
.. option:: --service <service>
The service to filter the response by (name or ID)
.. option:: --resource-name <resource-name>
The name of the resource to filter the response by
.. option:: --region <region>
The region name to filter the response by
.. option:: --project <project>
List resource limits associated with project
limit show
----------
Display details about a limit
.. program:: limit show
.. code:: bash
openstack limit show
<limit-id>
.. describe:: <limit-id>
Limit to display (ID)
limit set
---------
Update a limit
.. program:: limit show
.. code:: bash
openstack limit set
[--description <description>]
[--resource-limit <resource-limit>]
<limit-id>
.. option:: --description <description>
Useful description of the limit or its purpose
.. option:: --resource-limit <resource-limit>
The limit to apply to the project
.. describe:: <limit-id>
Limit to update (ID)

View File

@ -7,16 +7,4 @@ extension. It is used by **federation protocols** and **identity providers**.
Applicable to Identity v3. Applicable to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: mapping create :command: mapping *
.. autoprogram-cliff:: openstack.identity.v3
:command: mapping delete
.. autoprogram-cliff:: openstack.identity.v3
:command: mapping list
.. autoprogram-cliff:: openstack.identity.v3
:command: mapping set
.. autoprogram-cliff:: openstack.identity.v3
:command: mapping show

View File

@ -6,16 +6,4 @@ A **policy** is an arbitrarily serialized policy engine rule set to be consumed
by a remote service. Applies to Identity v3. by a remote service. Applies to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: policy create :command: policy *
.. autoprogram-cliff:: openstack.identity.v3
:command: policy delete
.. autoprogram-cliff:: openstack.identity.v3
:command: policy list
.. autoprogram-cliff:: openstack.identity.v3
:command: policy set
.. autoprogram-cliff:: openstack.identity.v3
:command: policy show

View File

@ -0,0 +1,6 @@
=====================
project (Identity v2)
=====================
.. autoprogram-cliff:: openstack.identity.v2
:command: project *

View File

@ -0,0 +1,6 @@
=====================
project (Identity v3)
=====================
.. autoprogram-cliff:: openstack.identity.v3
:command: project *

View File

@ -1,297 +0,0 @@
=======
project
=======
Identity v2, v3
project create
--------------
Create new project
.. program:: project create
.. code:: bash
openstack project create
[--domain <domain>]
[--parent <project>]
[--description <description>]
[--immutable | --no-immutable]
[--enable | --disable]
[--property <key=value>]
[--or-show]
[--tag <tag>]
<name>
.. option:: --domain <domain>
Domain owning the project (name or ID)
.. versionadded:: 3
.. option:: --parent <project>
Parent of the project (name or ID)
.. versionadded:: 3
.. option:: --description <description>
Project description
.. option:: --enable
Enable project (default)
.. option:: --disable
Disable project
.. option:: --immutable
Make project immutable. An immutable project may not be deleted or
modified except to remove the immutable flag
.. option:: --no-immutable
Make project mutable (default)
.. option:: --property <key=value>
Add a property to :ref:`\<name\> <project_create-name>`
(repeat option to set multiple properties)
.. option:: --or-show
Return existing project
If the project already exists return the existing project data and do not fail.
.. option:: --tag
Add a tag to the project
(repeat option to set multiple tags)
.. versionadded:: 3
.. _project_create-name:
.. describe:: <name>
New project name
project delete
--------------
Delete project(s)
.. program:: project delete
.. code:: bash
openstack project delete
[--domain <domain>]
<project> [<project> ...]
.. option:: --domain <domain>
Domain owning :ref:`\<project\> <project_delete-project>` (name or ID)
.. versionadded:: 3
.. _project_delete-project:
.. describe:: <project>
Project to delete (name or ID)
project list
------------
List projects
.. program:: project list
.. code:: bash
openstack project list
[--domain <domain>]
[--parent <parent>]
[--user <user>]
[--my-projects]
[--long]
[--sort <key>[:<direction>,<key>:<direction>,..]]
[--tags <tag>[,<tag>,...]] [--tags-any <tag>[,<tag>,...]]
[--not-tags <tag>[,<tag>,...]] [--not-tags-any <tag>[,<tag>,...]]
.. option:: --domain <domain>
Filter projects by :option:`\<domain\> <--domain>` (name or ID)
.. versionadded:: 3
.. option:: --parent <parent>
Filter projects whose parent is :option:`\<parent\> <--parent>` (name or ID)
.. versionadded:: 3
.. option:: --user <user>
Filter projects by :option:`\<user\> <--user>` (name or ID)
.. versionadded:: 3
.. option:: --my-projects
List projects for the authenticated user. Supersedes other filters.
.. versionadded:: 3
.. option:: --long
List additional fields in output
.. option:: --sort <key>[:<direction>,<key>:<direction>,..]
Sort output by selected keys and directions (asc or desc) (default: asc),
multiple keys and directions can be specified --sort
<key>[:<direction>,<key>:<direction>,..]
.. option:: --tags <tag>[,<tag>,...]
List projects which have all given tag(s)
.. versionadded:: 3
.. option:: --tags-any <tag>[,<tag>,...]
List projects which have any given tag(s)
.. versionadded:: 3
.. option:: --not-tags <tag>[,<tag>,...]
Exclude projects which have all given tag(s)
.. versionadded:: 3
.. option:: --not-tags-any <tag>[,<tag>,...]
Exclude projects which have any given tag(s)
.. versionadded:: 3
project set
-----------
Set project properties
.. program:: project set
.. code:: bash
openstack project set
[--name <name>]
[--domain <domain>]
[--description <description>]
[--immutable | --no-immutable]
[--enable | --disable]
[--property <key=value>]
[--tag <tag> | --clear-tags | --remove-tags <tag>]
<project>
.. option:: --name <name>
Set project name
.. option:: --domain <domain>
Domain owning :ref:`\<project\> <project_set-project>` (name or ID)
.. versionadded:: 3
.. option:: --description <description>
Set project description
.. option:: --immutable
Make project immutable. An immutable project may not be deleted or
modified except to remove the immutable flag
.. option:: --no-immutable
Make project mutable (default)
.. option:: --enable
Enable project (default)
.. option:: --disable
Disable project
.. option:: --property <key=value>
Set a property on :ref:`\<project\> <project_set-project>`
(repeat option to set multiple properties)
*Identity version 2 only*
.. _project_set-project:
.. describe:: <project>
Project to modify (name or ID)
project show
------------
Display project details
.. program:: project show
.. code:: bash
openstack project show
[--domain <domain>]
<project>
.. option:: --domain <domain>
Domain owning :ref:`\<project\> <project_show-project>` (name or ID)
.. versionadded:: 3
.. option:: --parents
Show the project\'s parents as a list
.. versionadded:: 3
.. option:: --children
Show project\'s subtree (children) as a list
.. versionadded:: 3
.. _project_show-project:
.. describe:: <project>
Project to display (name or ID)
project unset
-------------
Unset project properties
*Identity version 2 only*
.. program:: project unset
.. code:: bash
openstack project unset
--property <key> [--property <key> ...]
<project>
.. option:: --property <key>
Property key to remove from project (repeat option to remove multiple properties)
.. describe:: <project>
Project to modify (name or ID)

View File

@ -7,16 +7,4 @@ zero or more sub-regions with a region to create a tree-like structured
hierarchy. Applies to Identity v3. hierarchy. Applies to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: region create :command: region *
.. autoprogram-cliff:: openstack.identity.v3
:command: region delete
.. autoprogram-cliff:: openstack.identity.v3
:command: region list
.. autoprogram-cliff:: openstack.identity.v3
:command: region set
.. autoprogram-cliff:: openstack.identity.v3
:command: region show

View File

@ -7,134 +7,5 @@ Identity v3
Registered limits are used to define default limits for resources within a Registered limits are used to define default limits for resources within a
deployment. deployment.
registered limit create .. autoprogram-cliff:: openstack.identity.v3
----------------------- :command: registered limit *
Create a new registered limit
.. program:: registered limit create
.. code:: bash
openstack registered limit create
[--description <description>]
[--region <region>]
--service <service>
--default-limit <default-limit>
<resource-name>
.. option:: --description <description>
Useful description of the registered limit or its purpose
.. option:: --region <region>
Region that the limit should be applied to
.. describe:: --service <service>
The service that is responsible for the resource being limited (required)
.. describe:: --default-limit <default-limit>
The default limit for projects to assume unless explicitly overridden
(required)
.. describe:: <resource-name>
The name of the resource to limit (e.g. cores or volumes)
registered limit delete
-----------------------
Delete registered limit(s)
.. program:: registered limit delete
.. code:: bash
openstack registered limit delete
<registered-limit-id> [<registered-limit-id> ...]
.. describe:: <registered-limit-id>
Registered limit(s) to delete (ID)
registered limit list
---------------------
List registered limits
.. program:: registered limit list
.. code:: bash
openstack registered limit list
[--service <service>]
[--resource-name <resource-name>]
[--region <region>]
.. option:: --service <service>
The service to filter the response by (name or ID)
.. option:: --resource-name <resource-name>
The name of the resource to filter the response by
.. option:: --region <region>
The region name to filter the response by
registered limit show
---------------------
Display details about a registered limit
.. program:: registered limit show
.. code:: bash
openstack registered limit show
<registered-limit-id>
.. describe:: <registered-limit-id>
Registered limit to display (ID)
registered limit set
--------------------
Update a registered limit
.. program:: registered limit set
.. code:: bash
openstack registered limit set
[--service <service>]
[--resource-name <resource-name>]
[--default-limit <default-limit>]
[--description <description>]
[--region <region>]
<registered-limit-id>
.. option:: --service <service>
The service of the registered limit to update (ID or name)
.. option:: --resource-name <resource-name>
The name of the resource for the limit
.. option:: --default-limit <default-limit>
The default limit for projects to assume for a given resource
.. option:: --description <description>
A useful description of the limit or its purpose
.. option:: --region <region>
The region the limit should apply to
.. describe:: <registered-limit-id>
Registered limit to display (ID)

View File

@ -7,7 +7,4 @@ is used by the **consumer** to request **access tokens**. Applicable to
Identity v3. Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: request token authorize :command: request token *
.. autoprogram-cliff:: openstack.identity.v3
:command: request token create

View File

@ -0,0 +1,6 @@
==================
role (Identity v2)
==================
.. autoprogram-cliff:: openstack.identity.v2
:command: role *

View File

@ -0,0 +1,6 @@
==================
role (Identity v3)
==================
.. autoprogram-cliff:: openstack.identity.v3
:command: role *

View File

@ -1,312 +0,0 @@
====
role
====
Identity v2, v3
role add
--------
Add role assignment to a user or group in a project or domain
.. program:: role add
.. code:: bash
openstack role add
--system <system> | --domain <domain> | --project <project> [--project-domain <project-domain>]
--user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
--role-domain <role-domain>
--inherited
<role>
.. option:: --system <system>
Include <system>
System or service to grant authorization to. Currently only ``all`` is
supported which encompasses the entire deployment system.
.. versionadded:: 3
.. option:: --domain <domain>
Include <domain> (name or ID)
.. versionadded:: 3
.. option:: --project <project>
Include <project> (name or ID)
.. option:: --user <user>
Include <user> (name or ID)
.. option:: --group <group>
Include <group> (name or ID)
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
.. option:: --inherited
Specifies if the role grant is inheritable to the sub projects.
.. versionadded:: 3
.. option:: --role-domain <role-domain>
Domain the role belongs to (name or ID).
This must be specified when the name of a domain specific role is used.
.. versionadded:: 3
.. describe:: <role>
Role to add to <project>:<user> (name or ID)
role create
-----------
Create new role
.. program:: role create
.. code:: bash
openstack role create
[--or-show]
[--domain <domain>]
[--immutable | --no-immutable]
<name>
.. option:: --domain <domain>
Domain the role belongs to (name or ID).
.. versionadded:: 3
.. option:: --or-show
Return existing role
If the role already exists return the existing role data and do not fail.
.. describe:: <name>
New role name
.. option:: --description <description>
Add description about the role
.. option:: --immutable
Make role immutable. An immutable role may not be deleted or modified
except to remove the immutable flag
.. option:: --no-immutable
Make role mutable (default)
role delete
-----------
Delete role(s)
.. program:: role delete
.. code:: bash
openstack role delete
<role> [<role> ...]
[--domain <domain>]
.. describe:: <role>
Role to delete (name or ID)
.. option:: --domain <domain>
Domain the role belongs to (name or ID).
.. versionadded:: 3
role list
---------
List roles
.. program:: role list
.. code:: bash
openstack role list
[--domain <domain>]
.. option:: --domain <domain>
Filter roles by <domain> (name or ID)
.. versionadded:: 3
role remove
-----------
Remove role assignment from domain/project : user/group
.. program:: role remove
.. code:: bash
openstack role remove
--system <system> | --domain <domain> | --project <project> [--project-domain <project-domain>]
--user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
--role-domain <role-domain>
--inherited
<role>
.. option:: --system <system>
Include <system>
System or service to remove authorization from. Currently only ``all`` is
supported which encompasses the entire deployment system.
.. versionadded:: 3
.. option:: --domain <domain>
Include <domain> (name or ID)
.. versionadded:: 3
.. option:: --project <project>
Include <project> (name or ID)
.. option:: --user <user>
Include <user> (name or ID)
.. option:: --group <group>
Include <group> (name or ID)
.. versionadded:: 3
.. option:: --user-domain <user-domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --group-domain <group-domain>
Domain the group belongs to (name or ID).
This can be used in case collisions between group names exist.
.. versionadded:: 3
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. versionadded:: 3
.. option:: --inherited
Specifies if the role grant is inheritable to the sub projects.
.. versionadded:: 3
.. option:: --role-domain <role-domain>
Domain the role belongs to (name or ID).
This must be specified when the name of a domain specific role is used.
.. versionadded:: 3
.. describe:: <role>
Role to remove (name or ID)
role set
--------
Set role properties
.. versionadded:: 3
.. program:: role set
.. code:: bash
openstack role set
[--name <name>]
[--domain <domain>]
[--immutable | --no-immutable]
<role>
.. option:: --name <name>
Set role name
.. option:: --domain <domain>
Domain the role belongs to (name or ID).
.. versionadded:: 3
.. describe:: <role>
Role to modify (name or ID)
.. option:: --immutable
Make role immutable. An immutable role may not be deleted or modified
except to remove the immutable flag
.. option:: --no-immutable
Make role mutable (default)
role show
---------
Display role details
.. program:: role show
.. code:: bash
openstack role show
[--domain <domain>]
<role>
.. option:: --domain <domain>
Domain the role belongs to (name or ID).
.. versionadded:: 3
.. describe:: <role>
Role to display (name or ID)

View File

@ -7,16 +7,4 @@ extension. It is used by to register another OpenStack Identity service.
Applicable to Identity v3. Applicable to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: service provider create :command: service provider *
.. autoprogram-cliff:: openstack.identity.v3
:command: service provider delete
.. autoprogram-cliff:: openstack.identity.v3
:command: service provider list
.. autoprogram-cliff:: openstack.identity.v3
:command: service provider set
.. autoprogram-cliff:: openstack.identity.v3
:command: service provider show

View File

@ -0,0 +1,6 @@
=====================
service (Identity v2)
=====================
.. autoprogram-cliff:: openstack.identity.v2
:command: service *

View File

@ -0,0 +1,18 @@
=====================
service (Identity v3)
=====================
.. autoprogram-cliff:: openstack.identity.v3
:command: service create
.. autoprogram-cliff:: openstack.identity.v3
:command: service delete
.. autoprogram-cliff:: openstack.identity.v3
:command: service list
.. autoprogram-cliff:: openstack.identity.v3
:command: service show
.. autoprogram-cliff:: openstack.identity.v3
:command: service set

View File

@ -1,143 +0,0 @@
=======
service
=======
Identity v2, v3
service create
--------------
Create new service
.. program:: service create
.. code-block:: bash
openstack service create
[--name <name>]
[--description <description>]
[--enable | --disable]
<type>
.. option:: --name <name>
New service name
.. option:: --description <description>
New service description
.. option:: --enable
Enable service (default)
*Identity version 3 only*
.. option:: --disable
Disable service
*Identity version 3 only*
.. _service_create-type:
.. describe:: <type>
New service type (compute, image, identity, volume, etc)
service delete
--------------
Delete service(s)
.. program:: service delete
.. code-block:: bash
openstack service delete
<service> [<service> ...]
.. _service_delete-service:
.. describe:: <service>
Service(s) to delete (type, name or ID)
service list
------------
List services
.. program:: service list
.. code-block:: bash
openstack service list
[--long]
.. option:: --long
List additional fields in output
Returns service fields ID, Name and Type. :option:`--long` adds Description
and Enabled (*Identity version 3 only*) to the output.
service set
-----------
Set service properties
* Identity version 3 only*
.. program:: service set
.. code-block:: bash
openstack service set
[--type <type>]
[--name <name>]
[--description <description>]
[--enable | --disable]
<service>
.. option:: --type <type>
New service type (compute, image, identity, volume, etc)
.. option:: --name <name>
New service name
.. option:: --description <description>
New service description
.. option:: --enable
Enable service
.. option:: --disable
Disable service
.. _service_set-service:
.. describe:: <service>
Service to modify (type, name or ID)
service show
------------
Display service details
.. program:: service show
.. code-block:: bash
openstack service show
[--catalog]
<service>
.. option:: --catalog
Show service catalog information
*Identity version 2 only*
.. _service_show-service:
.. describe:: <service>
Service to display (type, name or ID)

View File

@ -0,0 +1,7 @@
===================
token (Identity v2)
===================
.. autoprogram-cliff:: openstack.identity.v2
:command: token *

View File

@ -0,0 +1,7 @@
===================
token (Identity v3)
===================
.. autoprogram-cliff:: openstack.identity.v3
:command: token *

View File

@ -1,30 +0,0 @@
=====
token
=====
Identity v2, v3
token issue
-----------
Issue new token
.. program:: token issue
.. code:: bash
openstack token issue
token revoke
------------
Revoke existing token
.. program:: token revoke
.. code:: bash
openstack token revoke
<token>
.. describe:: <token>
Token to be deleted

View File

@ -6,13 +6,4 @@ A **trust** provide project-specific role delegation between users, with
optional impersonation. Requires the OS-TRUST extension. Applies to Identity v3. optional impersonation. Requires the OS-TRUST extension. Applies to Identity v3.
.. autoprogram-cliff:: openstack.identity.v3 .. autoprogram-cliff:: openstack.identity.v3
:command: trust create :command: trust *
.. autoprogram-cliff:: openstack.identity.v3
:command: trust delete
.. autoprogram-cliff:: openstack.identity.v3
:command: trust list
.. autoprogram-cliff:: openstack.identity.v3
:command: trust show

View File

@ -0,0 +1,7 @@
==================
user (Identity v2)
==================
.. autoprogram-cliff:: openstack.identity.v2
:command: user *

View File

@ -0,0 +1,7 @@
==================
user (Identity v3)
==================
.. autoprogram-cliff:: openstack.identity.v3
:command: user *

View File

@ -1,349 +0,0 @@
====
user
====
Identity v2, v3
user create
-----------
Create new user
.. program:: user create
.. code:: bash
openstack user create
[--domain <domain>]
[--project <project> [--project-domain <project-domain>]]
[--password <password>]
[--password-prompt]
[--email <email-address>]
[--description <description>]
[--multi-factor-auth-rule <rule>]
[--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts]
[--ignore-password-expiry| --no-ignore-password-expiry]
[--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use]
[--enable-lock-password| --disable-lock-password]
[--enable-multi-factor-auth| --disable-multi-factor-auth]
[--enable | --disable]
[--or-show]
<user-name>
.. option:: --domain <domain>
Default domain (name or ID)
.. versionadded:: 3
.. option:: --project <project>
Default project (name or ID)
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. option:: --password <password>
Set user password
.. option:: --password-prompt
Prompt interactively for password
.. option:: --email <email-address>
Set user email address
.. option:: --description <description>
User description
.. versionadded:: 3
.. option:: --ignore-lockout-failure-attempts
Opt into ignoring the number of times a user has authenticated and
locking out the user as a result
.. option:: --no-ignore-lockout-failure-attempts
Opt out of ignoring the number of times a user has authenticated
and locking out the user as a result
.. option:: --ignore-change-password-upon-first-use
Control if a user should be forced to change their password immediately
after they log into keystone for the first time. Opt into ignoring
the user to change their password during first time login in keystone.
.. option:: --no-ignore-change-password-upon-first-use
Control if a user should be forced to change their password immediately
after they log into keystone for the first time. Opt out of ignoring
the user to change their password during first time login in keystone.
.. option:: --ignore-password-expiry
Opt into allowing user to continue using passwords that may be
expired
.. option:: --no-ignore-password-expiry
Opt out of allowing user to continue using passwords that may be
expired
.. option:: --enable-lock-password
Disables the ability for a user to change its password through
self-service APIs
.. option:: --disable-lock-password
Enables the ability for a user to change its password through
self-service APIs
.. option:: --enable-multi-factor-auth
Enables the MFA (Multi Factor Auth)
.. option:: --disable-multi-factor-auth
Disables the MFA (Multi Factor Auth)
.. option:: --multi-factor-auth-rule <rule>
Set multi-factor auth rules. For example, to set a rule requiring the
"password" and "totp" auth methods to be provided,
use: "--multi-factor-auth-rule password,totp".
May be provided multiple times to set different rule combinations.
.. option:: --enable
Enable user (default)
.. option:: --disable
Disable user
.. option:: --or-show
Return existing user
If the username already exist return the existing user data and do not fail.
.. describe:: <user-name>
New user name
user delete
-----------
Delete user(s)
.. program:: user delete
.. code:: bash
openstack user delete
[--domain <domain>]
<user> [<user> ...]
.. option:: --domain <domain>
Domain owning :ref:`\<user\> <user_delete-user>` (name or ID)
.. versionadded:: 3
.. _user_delete-user:
.. describe:: <user>
User(s) to delete (name or ID)
user list
---------
List users
.. program:: user list
.. code:: bash
openstack user list
[--project <project>]
[--domain <domain>]
[--group <group> | --project <project>]
[--long]
.. option:: --project <project>
Filter users by `<project>` (name or ID)
.. option:: --domain <domain>
Filter users by `<domain>` (name or ID)
*Identity version 3 only*
.. option:: --group <group>
Filter users by `<group>` membership (name or ID)
*Identity version 3 only*
.. option:: --long
List additional fields in output
user set
--------
Set user properties
.. program:: user set
.. code:: bash
openstack user set
[--name <name>]
[--project <project> [--project-domain <project-domain>]]
[--password <password>]
[--password-prompt]
[--email <email-address>]
[--description <description>]
[--multi-factor-auth-rule <rule>]
[--ignore-lockout-failure-attempts| --no-ignore-lockout-failure-attempts]
[--ignore-password-expiry| --no-ignore-password-expiry]
[--ignore-change-password-upon-first-use| --no-ignore-change-password-upon-first-use]
[--enable-lock-password| --disable-lock-password]
[--enable-multi-factor-auth| --disable-multi-factor-auth]
[--enable|--disable]
<user>
.. option:: --name <name>
Set user name
.. option:: --domain <domain>
Domain the user belongs to (name or ID).
This can be used in case collisions between user names exist.
.. versionadded:: 3
.. option:: --project <project>
Set default project (name or ID)
.. option:: --project-domain <project-domain>
Domain the project belongs to (name or ID).
This can be used in case collisions between project names exist.
.. option:: --password <password>
Set user password
.. option:: --password-prompt
Prompt interactively for password
.. option:: --email <email-address>
Set user email address
.. option:: --description <description>
Set user description
.. versionadded:: 3
.. option:: --ignore-lockout-failure-attempts
Opt into ignoring the number of times a user has authenticated and
locking out the user as a result
.. option:: --no-ignore-lockout-failure-attempts
Opt out of ignoring the number of times a user has authenticated
and locking out the user as a result
.. option:: --ignore-change-password-upon-first-use
Control if a user should be forced to change their password immediately
after they log into keystone for the first time. Opt into ignoring
the user to change their password during first time login in keystone.
.. option:: --no-ignore-change-password-upon-first-use
Control if a user should be forced to change their password immediately
after they log into keystone for the first time. Opt out of ignoring
the user to change their password during first time login in keystone.
.. option:: --ignore-password-expiry
Opt into allowing user to continue using passwords that may be
expired
.. option:: --no-ignore-password-expiry
Opt out of allowing user to continue using passwords that may be
expired
.. option:: --enable-lock-password
Disables the ability for a user to change its password through
self-service APIs
.. option:: --disable-lock-password
Enables the ability for a user to change its password through
self-service APIs
.. option:: --enable-multi-factor-auth
Enables the MFA (Multi Factor Auth)
.. option:: --disable-multi-factor-auth
Disables the MFA (Multi Factor Auth)
.. option:: --multi-factor-auth-rule <rule>
Set multi-factor auth rules. For example, to set a rule requiring the
"password" and "totp" auth methods to be provided,
use: "--multi-factor-auth-rule password,totp".
May be provided multiple times to set different rule combinations.
.. option:: --enable
Enable user (default)
.. option:: --disable
Disable user
.. describe:: <user>
User to modify (name or ID)
user show
---------
Display user details
.. program:: user show
.. code:: bash
openstack user show
[--domain <domain>]
<user>
.. option:: --domain <domain>
Domain owning :ref:`\<user\> <user_show-user>` (name or ID)
.. versionadded:: 3
.. _user_show-user:
.. describe:: <user>
User to display (name or ID)

View File

@ -13,3 +13,12 @@
interactive interactive
decoder decoder
backwards-incompatible backwards-incompatible
.. NOTE(efried): Everything must be in a toctree but we don't want these to
show up to the reader.
.. toctree::
:glob:
:hidden:
_hidden/*

View File

@ -16,3 +16,10 @@
/python-openstackclient/latest/humaninterfaceguide.html 301 /python-openstackclient/latest/contributor/humaninterfaceguide.html /python-openstackclient/latest/humaninterfaceguide.html 301 /python-openstackclient/latest/contributor/humaninterfaceguide.html
/python-openstackclient/latest/plugins.html 301 /python-openstackclient/latest/contributor/plugins.html /python-openstackclient/latest/plugins.html 301 /python-openstackclient/latest/contributor/plugins.html
/python-openstackclient/latest/cli/plugin-commands.html 301 /python-openstackclient/latest/cli/plugin-commands/index.html /python-openstackclient/latest/cli/plugin-commands.html 301 /python-openstackclient/latest/cli/plugin-commands/index.html
/python-openstackclient/latest/cli/command-objects/ec2-credentials.html 301 /python-openstackclient/latest/cli/_hidden/ec2-credentials.html
/python-openstackclient/latest/cli/command-objects/endpoint.html 301 /python-openstackclient/latest/cli/_hidden/endpoint.html
/python-openstackclient/latest/cli/command-objects/project.html 301 /python-openstackclient/latest/cli/_hidden/project.html
/python-openstackclient/latest/cli/command-objects/role.html 301 /python-openstackclient/latest/cli/_hidden/role.html
/python-openstackclient/latest/cli/command-objects/service.html 301 /python-openstackclient/latest/cli/_hidden/service.html
/python-openstackclient/latest/cli/command-objects/token.html 301 /python-openstackclient/latest/cli/_hidden/token.html
/python-openstackclient/latest/cli/command-objects/user.html 301 /python-openstackclient/latest/cli/_hidden/user.html

View File

@ -248,6 +248,15 @@ openstack.identity.v3 =
endpoint_group_set = openstackclient.identity.v3.endpoint_group:SetEndpointGroup endpoint_group_set = openstackclient.identity.v3.endpoint_group:SetEndpointGroup
endpoint_group_show = openstackclient.identity.v3.endpoint_group:ShowEndpointGroup endpoint_group_show = openstackclient.identity.v3.endpoint_group:ShowEndpointGroup
federation_domain_list = openstackclient.identity.v3.unscoped_saml:ListAccessibleDomains
federation_project_list = openstackclient.identity.v3.unscoped_saml:ListAccessibleProjects
federation_protocol_create = openstackclient.identity.v3.federation_protocol:CreateProtocol
federation_protocol_delete = openstackclient.identity.v3.federation_protocol:DeleteProtocol
federation_protocol_list = openstackclient.identity.v3.federation_protocol:ListProtocols
federation_protocol_set = openstackclient.identity.v3.federation_protocol:SetProtocol
federation_protocol_show = openstackclient.identity.v3.federation_protocol:ShowProtocol
group_add_user = openstackclient.identity.v3.group:AddUserToGroup group_add_user = openstackclient.identity.v3.group:AddUserToGroup
group_contains_user = openstackclient.identity.v3.group:CheckUserInGroup group_contains_user = openstackclient.identity.v3.group:CheckUserInGroup
group_create = openstackclient.identity.v3.group:CreateGroup group_create = openstackclient.identity.v3.group:CreateGroup
@ -291,15 +300,6 @@ openstack.identity.v3 =
project_set = openstackclient.identity.v3.project:SetProject project_set = openstackclient.identity.v3.project:SetProject
project_show = openstackclient.identity.v3.project:ShowProject project_show = openstackclient.identity.v3.project:ShowProject
federation_protocol_create = openstackclient.identity.v3.federation_protocol:CreateProtocol
federation_protocol_delete = openstackclient.identity.v3.federation_protocol:DeleteProtocol
federation_protocol_list = openstackclient.identity.v3.federation_protocol:ListProtocols
federation_protocol_set = openstackclient.identity.v3.federation_protocol:SetProtocol
federation_protocol_show = openstackclient.identity.v3.federation_protocol:ShowProtocol
federation_domain_list = openstackclient.identity.v3.unscoped_saml:ListAccessibleDomains
federation_project_list = openstackclient.identity.v3.unscoped_saml:ListAccessibleProjects
region_create = openstackclient.identity.v3.region:CreateRegion region_create = openstackclient.identity.v3.region:CreateRegion
region_delete = openstackclient.identity.v3.region:DeleteRegion region_delete = openstackclient.identity.v3.region:DeleteRegion
region_list = openstackclient.identity.v3.region:ListRegion region_list = openstackclient.identity.v3.region:ListRegion