root / docs / astakos-api-guide.rst @ b4b82ec4
History | View | Annotate | Download (16.5 kB)
1 |
Astakos API |
---|---|
2 |
=========== |
3 |
|
4 |
This is Astakos API guide. |
5 |
|
6 |
Overview |
7 |
-------- |
8 |
|
9 |
|
10 |
Astakos service co-ordinates the access to resources (and the subsequent |
11 |
permission model) and acts as the single point of registry and entry to the |
12 |
GRNET cloud services. |
13 |
|
14 |
This document's goals is to describe the APIs to the outer world. |
15 |
Make sure you have read the :ref:`astakos` general architecture first. |
16 |
|
17 |
Document Revisions |
18 |
^^^^^^^^^^^^^^^^^^ |
19 |
|
20 |
========================= ================================ |
21 |
Revision Description |
22 |
========================= ================================ |
23 |
0.15 (October 29, 2013) Remove GET /authenticate in favor of POST /tokens |
24 |
0.14 (June 03, 2013) Remove endpoint listing |
25 |
0.14 (May 28, 2013) Extend token api with authenticate call |
26 |
0.14 (May 23, 2013) Extend api to list endpoints |
27 |
0.14 (May 14, 2013) Do not serve user quotas in :ref:`authenticate-api-label` |
28 |
0.14 (May 02, 2013) Change URIs (keep also the old ones until the next version) |
29 |
0.13 (January 21, 2013) Extend api to export user presentation & quota information. |
30 |
0.6 (June 06, 2012) Split service and user API. |
31 |
0.1 (Feb 10, 2012) Initial release. |
32 |
========================= ================================ |
33 |
|
34 |
Get Services |
35 |
^^^^^^^^^^^^ |
36 |
|
37 |
Returns a json formatted list containing information about the supported cloud services. |
38 |
|
39 |
============================= ========= ================== |
40 |
Uri Method Description |
41 |
============================= ========= ================== |
42 |
``/ui/get_services`` GET Get cloud services |
43 |
============================= ========= ================== |
44 |
|
45 |
Example reply: |
46 |
|
47 |
:: |
48 |
|
49 |
[{"url": "/", "icon": "home-icon.png", "name": "grnet cloud", "id": "1"}, |
50 |
{"url": "/okeanos.html", "name": "~okeanos", "id": "2"}, |
51 |
{"url": "/ui/", "name": "pithos", "id": "3"}] |
52 |
|
53 |
|
54 |
Get Menu |
55 |
^^^^^^^^ |
56 |
|
57 |
Returns a json formatted list containing the cloud bar links. |
58 |
|
59 |
========================= ========= ================== |
60 |
Uri Method Description |
61 |
========================= ========= ================== |
62 |
``/ui/get_menu`` GET Get cloud bar menu |
63 |
========================= ========= ================== |
64 |
|
65 |
Example reply if request user is not authenticated: |
66 |
|
67 |
:: |
68 |
|
69 |
[{"url": "/ui/", "name": "Sign in"}] |
70 |
|
71 |
Example reply if request user is authenticated: |
72 |
|
73 |
:: |
74 |
|
75 |
[{"url": "/ui/", "name": "user@example.com"}, |
76 |
{"url": "/ui/landing", "name": "Dashboard"}, |
77 |
{"url": "/ui/logout", "name": "Sign out"}] |
78 |
|
79 |
|
80 |
User API Operations |
81 |
-------------------- |
82 |
|
83 |
The operations described in this chapter allow users to send feedback and |
84 |
get user uuid/displayname mappings. |
85 |
|
86 |
All the operations require a valid user token. |
87 |
|
88 |
Send feedback |
89 |
^^^^^^^^^^^^^ |
90 |
|
91 |
Post user feedback. |
92 |
|
93 |
========================== ========= ================== |
94 |
Uri Method Description |
95 |
========================== ========= ================== |
96 |
``/account/v1.0/feedback`` POST Send feedback |
97 |
========================== ========= ================== |
98 |
|
99 |
| |
100 |
|
101 |
==================== ============================ |
102 |
Request Header Name Value |
103 |
==================== ============================ |
104 |
X-Auth-Token User authentication token |
105 |
==================== ============================ |
106 |
|
107 |
| |
108 |
|
109 |
====================== ========================= |
110 |
Request Parameter Name Value |
111 |
====================== ========================= |
112 |
feedback_msg Feedback message |
113 |
feedback_data Additional information about service client status |
114 |
====================== ========================= |
115 |
|
116 |
| |
117 |
|
118 |
=========================== ===================== |
119 |
Return Code Description |
120 |
=========================== ===================== |
121 |
200 (OK) The request succeeded |
122 |
502 (Bad Gateway) Send feedback failure |
123 |
400 (Bad Request) Method not allowed or invalid message data |
124 |
401 (Unauthorized) Missing or expired user token |
125 |
500 (Internal Server Error) The request cannot be completed because of an internal error |
126 |
=========================== ===================== |
127 |
|
128 |
.. warning:: The service is also available under ``/feedback``. |
129 |
It will be removed in the next version. |
130 |
|
131 |
Get User catalogs |
132 |
^^^^^^^^^^^^^^^^^ |
133 |
|
134 |
Return a json formatted dictionary containing information about a specific user |
135 |
|
136 |
=============================== ========= ================== |
137 |
Uri Method Description |
138 |
=============================== ========= ================== |
139 |
``/account/v1.0/user_catalogs`` POST Get 2 catalogs containing uuid to displayname mapping and the opposite |
140 |
=============================== ========= ================== |
141 |
|
142 |
| |
143 |
|
144 |
==================== ============================ |
145 |
Request Header Name Value |
146 |
==================== ============================ |
147 |
X-Auth-Token User authentication token |
148 |
==================== ============================ |
149 |
|
150 |
| |
151 |
|
152 |
The request body is a json formatted dictionary containing a list with uuids and another list of displaynames to translate. |
153 |
|
154 |
Example request content: |
155 |
|
156 |
:: |
157 |
|
158 |
{"displaynames": ["user1@example.com", "user2@example.com"], |
159 |
"uuids":["ff53baa9-c025-4d56-a6e3-963db0438830", "a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8"]} |
160 |
|
161 |
Example reply: |
162 |
|
163 |
:: |
164 |
|
165 |
{"displayname_catalog": {"user1@example.com": "a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8", |
166 |
"user2@example.com": "816351c7-7405-4f26-a968-6380cf47ba1f"}, |
167 |
'uuid_catalog': {"a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8": "user1@example.com", |
168 |
"ff53baa9-c025-4d56-a6e3-963db0438830": "user2@example.com"}} |
169 |
|
170 |
|
171 |
| |
172 |
|
173 |
=========================== ===================== |
174 |
Return Code Description |
175 |
=========================== ===================== |
176 |
200 (OK) The request succeeded |
177 |
400 (Bad Request) Method not allowed or request body is not json formatted |
178 |
401 (Unauthorized) Missing or expired or invalid user token |
179 |
500 (Internal Server Error) The request cannot be completed because of an internal error |
180 |
=========================== ===================== |
181 |
|
182 |
.. warning:: The service is also available under ``/user_catalogs``. |
183 |
It will be removed in the next version. |
184 |
|
185 |
Service API Operations |
186 |
---------------------- |
187 |
|
188 |
The operations described in this chapter allow services to get user uuid/displayname mappings. |
189 |
|
190 |
All the operations require a valid service token. |
191 |
|
192 |
Get User catalogs |
193 |
^^^^^^^^^^^^^^^^^ |
194 |
|
195 |
Return a json formatted dictionary containing information about a specific user |
196 |
|
197 |
======================================= ========= ================== |
198 |
Uri Method Description |
199 |
======================================= ========= ================== |
200 |
``/account/v1.0/service/user_catalogs`` POST Get 2 catalogs containing uuid to displayname mapping and the opposite |
201 |
======================================= ========= ================== |
202 |
|
203 |
| |
204 |
|
205 |
==================== ============================ |
206 |
Request Header Name Value |
207 |
==================== ============================ |
208 |
X-Auth-Token Service authentication token |
209 |
==================== ============================ |
210 |
|
211 |
| |
212 |
|
213 |
The request body is a json formatted dictionary containing a list with uuids and another list of displaynames to translate. |
214 |
If instead of list null is passed then the response contains the information for all the system users (For discretion purposes |
215 |
this behavior is **not** exposed in the respective call of the User API). |
216 |
|
217 |
Example request content: |
218 |
|
219 |
:: |
220 |
|
221 |
{"displaynames": ["user1@example.com", "user2@example.com"], |
222 |
"uuids":["ff53baa9-c025-4d56-a6e3-963db0438830", "a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8"]} |
223 |
|
224 |
Example reply: |
225 |
|
226 |
:: |
227 |
|
228 |
{"displayname_catalog": {"user1@example.com": "a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8", |
229 |
"user2@example.com": "816351c7-7405-4f26-a968-6380cf47ba1f"}, |
230 |
'uuid_catalog': {"a9dc21d2-bcb2-4104-9a9e-402b7c70d6d8": "user1@example.com", |
231 |
"ff53baa9-c025-4d56-a6e3-963db0438830": "user2@example.com"}} |
232 |
|
233 |
|
234 |
| |
235 |
|
236 |
=========================== ===================== |
237 |
Return Code Description |
238 |
=========================== ===================== |
239 |
200 (OK) The request succeeded |
240 |
400 (Bad Request) Method not allowed or request body is not json formatted |
241 |
401 (Unauthorized) Missing or expired or invalid service token |
242 |
500 (Internal Server Error) The request cannot be completed because of an internal error |
243 |
=========================== ===================== |
244 |
|
245 |
.. warning:: The service is also available under ``/service/api/user_catalogs``. |
246 |
It will be removed in the next version. |
247 |
|
248 |
Tokens API Operations |
249 |
---------------------- |
250 |
|
251 |
Authenticate |
252 |
^^^^^^^^^^^^ |
253 |
|
254 |
This call takes the user token or the user uuid/token pair, authenticates |
255 |
the user and returns information about the token, its holder as well as |
256 |
a list of services the user can access. |
257 |
If no request body is provided (the request content length is missing or |
258 |
equals to 0), the call operates in public mode, attempts no authentication |
259 |
and returns only the service catalog. |
260 |
|
261 |
========================================= ========= ================== |
262 |
Uri Method Description |
263 |
========================================= ========= ================== |
264 |
``/identity/v2.0/tokens/`` POST Checks whether the provided token is valid and conforms with the provided uuid (if present) and returns back information about the user |
265 |
========================================= ========= ================== |
266 |
|
267 |
The input should be json formatted. |
268 |
|
269 |
Example request: |
270 |
|
271 |
:: |
272 |
|
273 |
{ |
274 |
"auth":{ |
275 |
"token":{ |
276 |
"id":"CDEe2k0T/HdiJWBMMbHyOA" |
277 |
}, |
278 |
"tenantName":"c18088be-16b1-4263-8180-043c54e22903" |
279 |
} |
280 |
} |
281 |
|
282 |
or |
283 |
|
284 |
:: |
285 |
|
286 |
{ |
287 |
"auth":{ |
288 |
"passwordCredentials":{ |
289 |
"username":"c18088be-16b1-4263-8180-043c54e22903", |
290 |
"password":"CDEe2k0T/HdiJWBMMbHyOA" |
291 |
}, |
292 |
"tenantName":"c18088be-16b1-4263-8180-043c54e22903" |
293 |
} |
294 |
} |
295 |
|
296 |
|
297 |
The tenantName in the above requests is optional. |
298 |
|
299 |
The response is json formatted unless it is requested otherwise via format |
300 |
request parameter or Accept header. |
301 |
|
302 |
Example json response: |
303 |
|
304 |
:: |
305 |
|
306 |
{"access": { |
307 |
"token": { |
308 |
"expires": "2013-06-19T15:23:59.975572+00:00", |
309 |
"id": "CDEe2k0T/HdiJWBMMbHyOA==", |
310 |
"tenant": { |
311 |
"id": "c18088be-16b1-4263-8180-043c54e22903", |
312 |
"name": "Firstname Lastname" |
313 |
} |
314 |
}, |
315 |
"serviceCatalog": [ |
316 |
{"endpoints_links": [], |
317 |
"endpoints": [{ |
318 |
"SNF:uiURL": "https://accounts.example.synnefo.org/ui", |
319 |
"versionId": "v1.0", |
320 |
"publicURL": "https://accounts.example.synnefo.org/account/v1.0"}], |
321 |
"type": "account", |
322 |
"name": "astakos_account"}, |
323 |
{"endpoints_links": [], |
324 |
"endpoints": [{ |
325 |
"SNF:uiURL": "https://accounts.example.synnefo.org/ui", |
326 |
"versionId": "v2.0", |
327 |
"publicURL": "https://accounts.example.synnefo.org/account/v2.0"}], |
328 |
"type": "identity", |
329 |
"name": "astakos_identity"}, |
330 |
{"endpoints_links": [], |
331 |
"endpoints": [{ |
332 |
"SNF:uiURL": "https://cyclades.example.synnefo.org/ui", |
333 |
"versionId": "v2.0", |
334 |
"publicURL": "https://cyclades.example.synnefo.org/cyclades/compute/v2.0"}], |
335 |
"type": "compute", |
336 |
"name": "cyclades_compute"}, |
337 |
{"endpoints_links": [], |
338 |
"endpoints": [{ |
339 |
"SNF:uiURL": "https://cyclades.example.synnefo.org/ui", |
340 |
"versionId": "v1.0", |
341 |
"publicURL": "https://cyclades.example.synnefo.org/cyclades/vmapi/v1.0"}], |
342 |
"type": "cyclades_vmapi", |
343 |
"name": "cyclades_vmapi"}, |
344 |
{"endpoints_links": [], |
345 |
"endpoints": [{ |
346 |
"SNF:uiURL": "https://cyclades.example.synnefo.org/ui", |
347 |
"versionId": "v1.0", |
348 |
"publicURL": "https://cyclades.example.synnefo.org/cyclades/image/v1.0"}], |
349 |
"type": "image", |
350 |
"name": "cyclades_plankton"}, |
351 |
{"endpoints_links": [], |
352 |
"endpoints": [{ |
353 |
"SNF:uiURL": "https://object-store.example.synnefo.org/ui", |
354 |
"versionId": "v2.0", |
355 |
"publicURL": "https://object-store.example.synnefo.org/pithos/public/v2.0"}], |
356 |
"type": "public", |
357 |
"name": "pithos_public"}, |
358 |
{"endpoints_links": [], |
359 |
"endpoints": [{ |
360 |
"SNF:uiURL": "https://object-store.example.synnefo.org/ui", |
361 |
"versionId": "v1", |
362 |
"publicURL": "https://object-store.example.synnefo.org/pithos/object-store/v1"}], |
363 |
"type": "object-store", |
364 |
"name": "pithos_object-store"}, |
365 |
{"endpoints_links": [], |
366 |
"endpoints": [{ |
367 |
"SNF:uiURL": "https://accounts.example.synnefo.org/ui", |
368 |
"versionId": "", |
369 |
"SNF:webloginURL": "http://localhost:8080/astakos/weblogin" |
370 |
"publicURL": "https://accounts.example.synnefo.org/astakos/weblogin"}], |
371 |
"type": "astakos_weblogin", |
372 |
"name": "astakos_weblogin"}], |
373 |
"user": { |
374 |
"roles_links": [], |
375 |
"id": "c18088be-16b1-4263-8180-043c54e22903", |
376 |
"roles": [{"id": 1, "name": "default"}], |
377 |
"name": "Firstname Lastname"}}} |
378 |
|
379 |
Example xml response: |
380 |
|
381 |
:: |
382 |
|
383 |
<?xml version="1.0" encoding="UTF-8"?> |
384 |
|
385 |
<access xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
386 |
xmlns="http://docs.openstack.org/identity/api/v2.0"> |
387 |
<token id="CDEe2k0T/HdiJWBMMbHyOA==" expires="2013-06-19T15:23:59.975572+00:00"> |
388 |
<tenant id="c18088be-16b1-4263-8180-043c54e22903" name="Firstname Lastname" /> |
389 |
</token> |
390 |
<user id="c18088be-16b1-4263-8180-043c54e22903" name="Firstname Lastname"> |
391 |
<roles> |
392 |
<role id="1" name="default"/> |
393 |
</roles> |
394 |
</user> |
395 |
<serviceCatalog> |
396 |
<service type="account" name="astakos_account"> |
397 |
<endpoint SNF:uiURL="https://accounts.example.synnefo.org/ui" versionId="v1.0" publicURL="https://accounts.example.synnefo.org/account/v1.0" /> |
398 |
</service> |
399 |
<service type="identity" name="astakos_identity"> |
400 |
<endpoint SNF:uiURL="https://accounts.example.synnefo.org/ui" versionId="v2.0" publicURL="https://accounts.example.synnefo.org/account/v2.0" /> |
401 |
</service> |
402 |
<service type="compute" name="cyclades_compute"> |
403 |
<endpoint SNF:uiURL="https://cyclades.example.synnefo.org/ui" versionId="v2.0" publicURL="https://cyclades.example.synnefo.org/cyclades/compute/v2.0" /> |
404 |
</service> |
405 |
<service type="cyclades_vmapi" name="cyclades_vmapi"> |
406 |
<endpoint SNF:uiURL="https://cyclades.example.synnefo.org/ui" versionId="v1.0" publicURL="https://cyclades.example.synnefo.org/cyclades/vmapi/v1.0" /> |
407 |
</service> |
408 |
<service type="image" name="cyclades_plankton"> |
409 |
<endpoint SNF:uiURL="https://cyclades.example.synnefo.org/ui" versionId="v1.0" publicURL="https://cyclades.example.synnefo.org/cyclades/image/v1.0" /> |
410 |
</service> |
411 |
<service type="public" name="pithos_public"> |
412 |
<endpoint SNF:uiURL="https://object-store.example.synnefo.org/ui" versionId="v2.0" publicURL="https://object-store.example.synnefo.org/pithos/public/v2.0" /> |
413 |
</service> |
414 |
<service type="object-store" name="pithos_object-store"> |
415 |
<endpoint SNF:uiURL="https://object-store.example.synnefo.org/ui" versionId="v1" publicURL="https://object-store.example.synnefo.org/pithos/object-store/v1" /> </service> |
416 |
<service type="astakos_weblogin" name="astakos_weblogin"> |
417 |
<endpoint SNF:uiURL="htftps://accounts.example.synnefo.org/ui" versionId="" "SNF:webloginURL": "http://localhost:8080/astakos/weblogin" publicURL="https://accounts.example.synnefo.org/astakos/weblogin" /> |
418 |
</serviceCatalog> |
419 |
</access> |
420 |
|
421 |
| |
422 |
|
423 |
=========================== ===================== |
424 |
Return Code Description |
425 |
=========================== ===================== |
426 |
200 (OK) The request succeeded |
427 |
400 (Bad Request) Method not allowed or invalid request format or missing expected input or not consistent tenantName |
428 |
401 (Unauthorized) Invalid token or invalid creadentials or tenantName does not comply with the provided token |
429 |
500 (Internal Server Error) The request cannot be completed because of an internal error |
430 |
=========================== ===================== |