Keystone/EndpointPolicyAssignment

PROPOSAL: Extension OS-POLICY Provides the means to assign policy files to specific endpoint, or to all endpoints for a specific services. This extension requires v3.X of the Identity API.

The API calls are:

API

The following additional APIs are supported by this extension:

Assign policy file to all endpoints for a services :

PUT /OS-POLICY/service/{service_id}/policy/{policy_id}

The policy file role is applied to all endpoints for that service

Response:

Status: 204 No Content

Assign a policy file to a specific endpoint for a service. If a policy file already covers a service, this specific rule takes priority.

PUT /OS-POLICY/endpoint/{endpoint_id}/policy/{policy_id}

The policy file role is applied to the specific endpoint

Response:

Status: 204 No Content

Get a policy file for an endpoint

GET /OS-POLICY/endpoint/{endpoint_id}

The response contains the content that would also be returned by GET /v3/policy/{policy_id} for the policy file associated with the endpoint. If no specific policy file has been assigned to that endpoint, the response contains the policy file assigned to the service_id for the specified endpoint.

Response:

Status: 200 OK

(Copy from policy exmaple in V3 API)

Check if an endpoint has a poicy file

HEAD /OS-POLICY/endpoint/{endpoint_id}

Response:

Status: 204 No Content

GET /OS-POLICY/project/{project_id}

Status: 200 OK

Response will contain the set of policy rules that apply to that project. See policy.json in Keystone for format,

Status: 409 Conflict If multiple policy files specify the same rule, and that rule differs, the policy for the project is invalid and cannot be downloaded. The response will provide the equivalent of a git conflict showing where two rules do not agree.