OpenStack Client Tools

osc identity

Identity (Keystone) commands

The Identity service generates authentication tokens that permit access to the OpenStack services REST APIs. Clients obtain this token and the URL endpoints for other service APIs by supplying their valid credentials to the authentication service.

Each time you make a REST API request to an OpenStack service, you supply your authentication token in the X-Auth-Token request header.

Like most OpenStack projects, OpenStack Identity protects its APIs by defining policy rules based on a role-based access control (RBAC) approach.

The Identity service configuration file sets the name and location of a JSON policy file that stores these rules.

Usage: osc identity <COMMAND>

Available subcommands:

• osc identity auth — Identity Auth commands
• osc identity access-rule — Application Credentials - Access Rules
• osc identity application-credential — Application Credentials
• osc identity credential — Identity Credential commands
• osc identity domain — Identity Domain commands
• osc identity endpoint — Endpoint commands
• osc identity endpoint-filter — OS-EP-FILTER API
• osc identity federation — OS-Federation
• osc identity group — Identity Group commands
• osc identity limit — Unified Limits
• osc identity project — Projects
• osc identity region — Region commands
• osc identity registered-limit — Unified Limits - Registered limits
• osc identity role — Identity Role commands
• osc identity role-assignment — Role Assignments commands
• osc identity role-inference — Role Inferences commands
• osc identity service — Service commands
• osc identity user — User commands