summaryrefslogtreecommitdiff
path: root/doc/source/cli/command-objects
diff options
context:
space:
mode:
authorColleen Murphy <colleen.murphy@suse.de>2019-08-21 17:38:29 -0700
committerColleen Murphy <colleen.murphy@suse.com>2020-01-17 11:14:51 -0800
commit70ab3f9dd56a638cdff516ca85baa5ebd64c888b (patch)
treed8a92201238b7bcc749c80bb2d8a403f3d3b2d1b /doc/source/cli/command-objects
parentdb29e28b7c1a6ef737f0c4cd459906379f59b252 (diff)
downloadpython-openstackclient-70ab3f9dd56a638cdff516ca85baa5ebd64c888b.tar.gz
Add support for app cred access rules
This commit introduces the --access-rules option for 'application credential create' as well as new 'access rule' commands for listing, showing, and deleting access rules. bp whitelist-extension-for-app-creds Change-Id: I04834b2874ec2a70da456a380b5bef03a392effa
Diffstat (limited to 'doc/source/cli/command-objects')
-rw-r--r--doc/source/cli/command-objects/access-rules.rst61
-rw-r--r--doc/source/cli/command-objects/application-credentials.rst7
2 files changed, 68 insertions, 0 deletions
diff --git a/doc/source/cli/command-objects/access-rules.rst b/doc/source/cli/command-objects/access-rules.rst
new file mode 100644
index 00000000..bc845828
--- /dev/null
+++ b/doc/source/cli/command-objects/access-rules.rst
@@ -0,0 +1,61 @@
+===========
+access rule
+===========
+
+Identity v3
+
+Access rules are fine-grained permissions for application credentials. An access
+rule comprises of a service type, a request path, and a request method. Access
+rules may only be created as attributes of application credentials, but they may
+be viewed and deleted independently.
+
+
+access rule delete
+------------------
+
+Delete access rule(s)
+
+.. program:: access rule delete
+.. code:: bash
+
+ openstack access rule delete <access-rule> [<access-rule> ...]
+
+.. describe:: <access-rule>
+
+ Access rule(s) to delete (ID)
+
+access rule list
+----------------
+
+List access rules
+
+.. program:: access rule list
+.. code:: bash
+
+ openstack access rule list
+ [--user <user>]
+ [--user-domain <user-domain>]
+
+.. option:: --user
+
+ User whose access rules to list (name or ID). If not provided, looks up the
+ current user's access rules.
+
+.. option:: --user-domain
+
+ Domain the user belongs to (name or ID). This can be
+ used in case collisions between user names exist.
+
+access rule show
+---------------------------
+
+Display access rule details
+
+.. program:: access rule show
+.. code:: bash
+
+ openstack access rule show <access-rule>
+
+.. describe:: <access-rule>
+
+ Access rule to display (ID)
diff --git a/doc/source/cli/command-objects/application-credentials.rst b/doc/source/cli/command-objects/application-credentials.rst
index 2a1fbff2..047f5ab6 100644
--- a/doc/source/cli/command-objects/application-credentials.rst
+++ b/doc/source/cli/command-objects/application-credentials.rst
@@ -22,6 +22,7 @@ Create new application credential
[--expiration <expiration>]
[--description <description>]
[--restricted|--unrestricted]
+ [--access-rules <access-rules>]
<name>
.. option:: --secret <secret>
@@ -52,6 +53,12 @@ Create new application credential
Prohibit application credential from creating and deleting other
application credentials and trusts (this is the default behavior)
+.. option:: --access-rules
+
+ Either a string or file path containing a JSON-formatted list of access
+ rules, each containing a request method, path, and service, for example
+ '[{"method": "GET", "path": "/v2.1/servers", "service": "compute"}]'
+
.. describe:: <name>
Name of the application credential
View Lorry Controller Status