|
Project-scope
|
System-scope
|
Route |
Method |
reader |
member |
admin |
reader |
member |
admin |
no auth |
Tag |
RBAC Name |
Notes
|
/ |
GET |
x |
x |
x |
x |
x |
x |
x |
key_manager:get_home |
TBD |
|
/v1 |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:get_v1 |
TBD |
|
/v1/secrets |
GET |
x |
x |
x |
|
|
|
|
key_manager:list_secrets |
secrets:get |
|
POST |
|
x |
x |
|
|
|
|
key_manager:store_secrets |
secrets:post |
|
/v1/secrets/{secret-id} |
GET |
|
x |
x |
|
|
|
|
key_manager:get_secret_meta |
secret:get |
Marked as deprecated. Is this slotted to be removed?
|
PUT |
|
x |
x |
|
|
|
|
key_manager:store_secrets |
secret:put |
|
DELETE |
|
|
x |
|
|
|
|
key_manager:delete_secrets |
secret:delete |
|
/v1/secrets/{secret-id}/acl |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_acl |
secret_acls:get |
|
PATCH |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
secret_acls:put_patch |
|
PUT |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
secret_acls:put_patch |
|
DELETE |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
secret_acls:delete |
|
/v1/secrets/{secret-id}/metadata |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_secret_meta |
secret_meta:get |
Note: rule is used twice, consider breaking apart
|
PUT |
|
x |
x |
|
|
|
|
key_manager:store_secrets |
secret_meta:put |
Note: rule is used twice, consider breaking apart
|
POST |
|
x |
x |
|
|
|
|
key_manager:store_secrets |
secret_meta:post |
|
/v1/secrets/{secret-id}/metadata/{meta-key} |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_secret_meta |
secret_meta:get |
Note: rule is used twice, consider breaking apart
|
PUT |
|
x |
x |
|
|
|
|
key_manager:store_secrets |
secret_meta:put |
Note: rule is used twice, consider breaking apart
|
DELETE |
|
x |
x |
|
|
|
|
key_manager:delete_secret_meta |
secret_meta:delete |
|
/v1/secrets/{secret-id}/payload |
GET |
|
x |
x |
|
|
|
|
key_manager:decrypt_secrets |
secret:decrypt |
|
/v1/transport_keys |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:list_transport_keys |
transport_keys:get |
|
POST |
|
|
|
|
|
x |
|
key_manager:add_transport_keys |
transport_keys:post |
|
/v1/transport_keys/{key-id} |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:get_transport_keys |
transport_key:get |
|
DELETE |
|
|
|
|
|
x |
|
key_manager:delete_transport_keys |
transport_key:delete |
|
/v1/containers |
GET |
x |
x |
x |
|
|
|
|
key_manager:list_containers |
containers:get |
|
POST |
|
x |
x |
|
|
|
|
key_manager:create_containers |
containers:post |
|
/v1/containers/{container-id} |
GET |
|
x |
x |
|
|
|
|
key_manager:get_containers |
container:get |
|
DELETE |
|
|
x |
|
|
|
|
key_manager:delete_containers |
container:delete |
|
/v1/containers/{container-id}/acl |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_acl |
container_acls:get |
|
PATCH |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
container_acls:put_patch |
|
PUT |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
container_acls:put_patch |
|
DELETE |
|
x |
x |
|
|
|
|
key_manager:manage_acl |
container_acls:delete |
Should this be on the 'consumeR' controller rather than the 'consumerS' controller?
|
/v1/containers/{container-id}/consumers/{consumer-id} |
GET |
|
|
|
|
|
|
|
key_manager:list_container_consumer |
consumer:get |
|
/v1/containers/{container-id}/consumers |
GET |
x |
x |
x |
|
|
|
|
key_manager:list_container_consumers |
consumers:get |
|
POST |
|
|
|
|
|
|
|
key_manager:list_container_consumers |
consumers:post |
|
DELETE |
|
|
|
|
|
|
|
key_manager:list_container_consumers |
consumers:delete |
|
/v1/containers/{container-id}/secrets |
POST |
|
x |
x |
|
|
|
|
key_manager:create_containers |
container_secret:post |
|
DELETE |
|
|
x |
|
|
|
|
key_manager:delete_containers |
container_secret:delete |
|
/v1/secret-stores |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:list_backends |
secretstores:get |
|
/v1/secret-stores/global-default |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:list_backends |
secretstores:get_global_default |
|
/v1/secret-stores/preferred |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_preferred_backend |
secretstores:get_preferred |
|
/v1/secret-stores/{ss-id} |
GET |
x |
x |
x |
x |
x |
x |
|
key_manager:list_backends |
secretstore:get |
|
/v1/secret-stores/{ss-id}/preferred |
POST |
|
|
x |
|
|
|
|
key_manager:manage_preferred_backend |
secretstores_preferred:post |
|
DELETE |
|
|
x |
|
|
|
|
key_manager:manage_preferred_backend |
secretstores_preferred:delete |
|
/v1/quotas |
GET |
x |
x |
x |
|
|
|
|
key_manager:list_quotas |
quotas:get |
|
/v1/project-quotas |
GET |
|
|
|
x |
x |
x |
|
key_manager:get_system_quotas |
project_quotas:get |
|
/v1/project-quotas/{project-id} |
GET |
|
|
|
x |
x |
x |
|
key_manager:get_system_quotas |
project_quotas:get |
|
PUT |
|
|
|
|
x |
x |
|
key_manager:set_system_quotas |
project_quotas:put |
|
DELETE |
|
|
|
|
x |
x |
|
key_manager:set_system_quotas |
project_quotas:delete |
|
/v1/orders |
GET |
x |
x |
x |
|
|
|
|
key_manager:list_orders |
orders:get |
|
PUT |
|
x |
x |
|
|
|
|
key_manager:submit_orders |
orders:put |
This call is missing from the API reference: https://docs.openstack.org/barbican/latest/api/reference/orders.html. Perhaps it needs to be removed: https://storyboard.openstack.org/#!/story/2002579
|
POST |
|
x |
x |
|
|
|
|
key_manager:submit_orders |
orders:post |
|
/v1/orders/{order-id} |
GET |
x |
x |
x |
|
|
|
|
key_manager:get_orders |
order:get |
|
DELETE |
|
|
x |
|
|
|
|
key_manager:delete_orders |
order:delete |
|