diff --git a/doc/admin-guide/source/identity_keystone_usage_and_features.rst b/doc/admin-guide/source/identity_keystone_usage_and_features.rst index cbe6a56e2c..13a56ef623 100644 --- a/doc/admin-guide/source/identity_keystone_usage_and_features.rst +++ b/doc/admin-guide/source/identity_keystone_usage_and_features.rst @@ -2,10 +2,11 @@ Example usage and Identity features ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The ``keystone`` client is set up to expect commands in the general -form of ``keystone command argument``, followed by flag-like keyword +The ``openstack`` CLI is used to interact with the Identity service. +It is set up to expect commands in the general +form of ``openstack command argument``, followed by flag-like keyword arguments to provide additional (often optional) information. For -example, the :command:`user-list` and :command:`tenant-create` +example, the :command:`user list` and :command:`project create` commands can be invoked as follows: .. code-block:: bash @@ -13,12 +14,12 @@ commands can be invoked as follows: # Using token auth env variables export OS_SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/ export OS_SERVICE_TOKEN=secrete_token - keystone user-list - keystone tenant-create --name demo + openstack user list + openstack project create demo # Using token auth flags - keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ user-list - keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ tenant-create --name=demo + openstack --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ user list + openstack --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ project create demo # Using user + password + project_name env variables export OS_USERNAME=admin diff --git a/doc/cli-reference/source/index.rst b/doc/cli-reference/source/index.rst index 18f91885d4..f292b125ff 100644 --- a/doc/cli-reference/source/index.rst +++ b/doc/cli-reference/source/index.rst @@ -29,7 +29,6 @@ Contents trove trove-misc designate - keystone glance barbican monasca diff --git a/doc/cli-reference/source/keystone.rst b/doc/cli-reference/source/keystone.rst deleted file mode 100644 index 4d51eb4005..0000000000 --- a/doc/cli-reference/source/keystone.rst +++ /dev/null @@ -1,924 +0,0 @@ -.. ## WARNING ###################################### -.. This file is automatically generated, do not edit -.. ################################################# - -==================================== -Identity service command-line client -==================================== - -.. warning:: - - The keystone CLI is deprecated - in favor of python-openstackclient. - For more information, see :doc:`openstack`. - For a Python library, continue using - python-keystoneclient. - -The keystone client is the command-line interface (CLI) for -the Identity service API and its extensions. - -This chapter documents :command:`keystone` version ``2.3.1``. - -For help on a specific :command:`keystone` command, enter: - -.. code-block:: console - - $ keystone help COMMAND - -.. _keystone_command_usage: - -keystone usage -~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone [--version] [--debug] [--os-username ] - [--os-password ] - [--os-tenant-name ] - [--os-tenant-id ] [--os-auth-url ] - [--os-region-name ] - [--os-identity-api-version ] - [--os-token ] - [--os-endpoint ] [--os-cache] - [--force-new-token] [--stale-duration ] [--insecure] - [--os-cacert ] [--os-cert ] - [--os-key ] [--timeout ] - ... - -**Subcommands:** - -``catalog`` - List service catalog, possibly filtered by - service. - -``ec2-credentials-create`` - Create EC2-compatible credentials for user per - tenant. - -``ec2-credentials-delete`` - Delete EC2-compatible credentials. - -``ec2-credentials-get`` - Display EC2-compatible credentials. - -``ec2-credentials-list`` - List EC2-compatible credentials for a user. - -``endpoint-create`` - Create a new endpoint associated with a service. - -``endpoint-delete`` - Delete a service endpoint. - -``endpoint-get`` - Find endpoint filtered by a specific attribute or - service type. - -``endpoint-list`` - List configured service endpoints. - -``password-update`` - Update own password. - -``role-create`` - Create new role. - -``role-delete`` - Delete role. - -``role-get`` - Display role details. - -``role-list`` - List all roles. - -``service-create`` - Add service to Service Catalog. - -``service-delete`` - Delete service from Service Catalog. - -``service-get`` - Display service from Service Catalog. - -``service-list`` - List all services in Service Catalog. - -``tenant-create`` - Create new tenant. - -``tenant-delete`` - Delete tenant. - -``tenant-get`` - Display tenant details. - -``tenant-list`` - List all tenants. - -``tenant-update`` - Update tenant name, description, enabled status. - -``token-get`` - Display the current user token. - -``user-create`` - Create new user. - -``user-delete`` - Delete user. - -``user-get`` - Display user details. - -``user-list`` - List users. - -``user-password-update`` - Update user password. - -``user-role-add`` - Add role to user. - -``user-role-list`` - List roles granted to a user. - -``user-role-remove`` - Remove role from user. - -``user-update`` - Update user's name, email, and enabled status. - -``discover`` - Discover Keystone servers, supported API versions - and extensions. - -``bootstrap`` - Grants a new role to a new user on a new tenant, - after creating each. - -``bash-completion`` - Prints all of the commands and options to stdout. - -``help`` - Display help about this program or one of its - subcommands. - -.. _keystone_command_options: - -keystone optional arguments -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -``--version`` - Shows the client version and exits. - -``--debug`` - Prints debugging output onto the console, this - includes the curl request and response calls. - Helpful for debugging and understanding the API - calls. - -``--os-username `` - Name used for authentication with the OpenStack - Identity service. Defaults to ``env[OS_USERNAME]``. - -``--os-password `` - Password used for authentication with the - OpenStack Identity service. Defaults to - ``env[OS_PASSWORD]``. - -``--os-tenant-name `` - Tenant to request authorization on. Defaults to - ``env[OS_TENANT_NAME]``. - -``--os-tenant-id `` - Tenant to request authorization on. Defaults to - ``env[OS_TENANT_ID]``. - -``--os-auth-url `` - Specify the Identity endpoint to use for - authentication. Defaults to ``env[OS_AUTH_URL]``. - -``--os-region-name `` - Specify the region to use. Defaults to - ``env[OS_REGION_NAME]``. - -``--os-identity-api-version `` - Specify Identity API version to use. Defaults to - ``env[OS_IDENTITY_API_VERSION]`` or 2.0. - -``--os-token `` - Specify an existing token to use instead of - retrieving one via authentication (e.g. with - username & password). Defaults to - ``env[OS_SERVICE_TOKEN]``. - -``--os-endpoint `` - Specify an endpoint to use instead of retrieving - one from the service catalog (via authentication). - Defaults to ``env[OS_SERVICE_ENDPOINT]``. - -``--os-cache`` - Use the auth token cache. Defaults to - ``env[OS_CACHE]``. - -``--force-new-token`` - If the keyring is available and in use, token will - always be stored and fetched from the keyring - until the token has expired. Use this option to - request a new token and replace the existing one - in the keyring. - -``--stale-duration `` - Stale duration (in seconds) used to determine - whether a token has expired when retrieving it - from keyring. This is useful in mitigating process - or network delays. Default is 30 seconds. - -``--insecure`` - Explicitly allow client to perform "insecure" TLS - (https) requests. The server's certificate will - not be verified against any certificate - authorities. This option should be used with - caution. - -``--os-cacert `` - Specify a CA bundle file to use in verifying a TLS - (https) server certificate. Defaults to - ``env[OS_CACERT]``. - -``--os-cert `` - Defaults to ``env[OS_CERT]``. - -``--os-key `` - Defaults to ``env[OS_KEY]``. - -``--timeout `` - Set request timeout (in seconds). - -.. _keystone_bootstrap: - -keystone bootstrap -~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone bootstrap [--user-name ] --pass - [--role-name ] - [--tenant-name ] - -Grants a new role to a new user on a new tenant, after creating each. - -**Arguments:** - -``--user-name `` - The name of the user to be created (default="admin"). - -``--pass `` - The password for the new user. - -``--role-name `` - The name of the role to be created and granted to the - user (default="admin"). - -``--tenant-name `` - The name of the tenant to be created - (default="admin"). - -.. _keystone_catalog: - -keystone catalog -~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone catalog [--service ] - -List service catalog, possibly filtered by service. - -**Arguments:** - -``--service `` - Service type to return. - -.. _keystone_discover: - -keystone discover -~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone discover - -Discover Keystone servers, supported API versions and extensions. - -.. _keystone_ec2-credentials-create: - -keystone ec2-credentials-create -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone ec2-credentials-create [--user-id ] - [--tenant-id ] - -Create EC2-compatible credentials for user per tenant. - -**Arguments:** - -``--user-id `` - User ID for which to create credentials. If not - specified, the authenticated user will be used. - -``--tenant-id `` - Tenant ID for which to create credentials. If not - specified, the authenticated tenant ID will be used. - -.. _keystone_ec2-credentials-delete: - -keystone ec2-credentials-delete -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone ec2-credentials-delete [--user-id ] --access - - -Delete EC2-compatible credentials. - -**Arguments:** - -``--user-id `` - User ID. - -``--access `` - Access Key. - -.. _keystone_ec2-credentials-get: - -keystone ec2-credentials-get -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone ec2-credentials-get [--user-id ] --access - - -Display EC2-compatible credentials. - -**Arguments:** - -``--user-id `` - User ID. - -``--access `` - Access Key. - -.. _keystone_ec2-credentials-list: - -keystone ec2-credentials-list -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone ec2-credentials-list [--user-id ] - -List EC2-compatible credentials for a user. - -**Arguments:** - -``--user-id `` - User ID. - -.. _keystone_endpoint-create: - -keystone endpoint-create -~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone endpoint-create [--region ] --service - --publicurl - [--adminurl ] - [--internalurl ] - -Create a new endpoint associated with a service. - -**Arguments:** - -``--region `` - Endpoint region. - -``--service , --service-id , --service_id `` - Name or ID of service associated with endpoint. - -``--publicurl `` - Public URL endpoint. - -``--adminurl `` - Admin URL endpoint. - -``--internalurl `` - Internal URL endpoint. - -.. _keystone_endpoint-delete: - -keystone endpoint-delete -~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone endpoint-delete - -Delete a service endpoint. - -**Arguments:** - -```` - ID of endpoint to delete. - -.. _keystone_endpoint-get: - -keystone endpoint-get -~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone endpoint-get --service - [--endpoint-type ] - [--attr ] [--value ] - -Find endpoint filtered by a specific attribute or service type. - -**Arguments:** - -``--service `` - Service type to select. - -``--endpoint-type `` - Endpoint type to select. - -``--attr `` - Service attribute to match for selection. - -``--value `` - Value of attribute to match. - -.. _keystone_endpoint-list: - -keystone endpoint-list -~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone endpoint-list - -List configured service endpoints. - -.. _keystone_password-update: - -keystone password-update -~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone password-update [--current-password ] - [--new-password ] - -Update own password. - -**Arguments:** - -``--current-password `` - Current password, Defaults to the password as set by - :option:`--os-password` or ``env[OS_PASSWORD]``. - -``--new-password `` - Desired new password. - -.. _keystone_role-create: - -keystone role-create -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone role-create --name - -Create new role. - -**Arguments:** - -``--name `` - Name of new role. - -.. _keystone_role-delete: - -keystone role-delete -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone role-delete - -Delete role. - -**Arguments:** - -```` - Name or ID of role to delete. - -.. _keystone_role-get: - -keystone role-get -~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone role-get - -Display role details. - -**Arguments:** - -```` - Name or ID of role to display. - -.. _keystone_role-list: - -keystone role-list -~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone role-list - -List all roles. - -.. _keystone_service-create: - -keystone service-create -~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone service-create --type [--name ] - [--description ] - -Add service to Service Catalog. - -**Arguments:** - -``--type `` - Service type (one of: identity, compute, network, - image, object-store, or other service identifier - string). - -``--name `` - Name of new service (must be unique). - -``--description `` - Description of service. - -.. _keystone_service-delete: - -keystone service-delete -~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone service-delete - -Delete service from Service Catalog. - -**Arguments:** - -```` - Name or ID of service to delete. - -.. _keystone_service-get: - -keystone service-get -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone service-get - -Display service from Service Catalog. - -**Arguments:** - -```` - Name or ID of service to display. - -.. _keystone_service-list: - -keystone service-list -~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone service-list - -List all services in Service Catalog. - -.. _keystone_tenant-create: - -keystone tenant-create -~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone tenant-create --name - [--description ] - [--enabled ] - -Create new tenant. - -**Arguments:** - -``--name `` - New tenant name (must be unique). - -``--description `` - Description of new tenant. Default is none. - -``--enabled `` - Initial tenant enabled status. Default is true. - -.. _keystone_tenant-delete: - -keystone tenant-delete -~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone tenant-delete - -Delete tenant. - -**Arguments:** - -```` - Name or ID of tenant to delete. - -.. _keystone_tenant-get: - -keystone tenant-get -~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone tenant-get - -Display tenant details. - -**Arguments:** - -```` - Name or ID of tenant to display. - -.. _keystone_tenant-list: - -keystone tenant-list -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone tenant-list - -List all tenants. - -.. _keystone_tenant-update: - -keystone tenant-update -~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone tenant-update [--name ] - [--description ] - [--enabled ] - - -Update tenant name, description, enabled status. - -**Arguments:** - -``--name `` - Desired new name of tenant. - -``--description `` - Desired new description of tenant. - -``--enabled `` - Enable or disable tenant. - -```` - Name or ID of tenant to update. - -.. _keystone_token-get: - -keystone token-get -~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone token-get [--wrap ] - -Display the current user token. - -**Arguments:** - -``--wrap `` - Wrap PKI tokens to a specified length, or 0 to disable. - -.. _keystone_user-create: - -keystone user-create -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-create --name [--tenant ] - [--pass []] [--email ] - [--enabled ] - -Create new user. - -**Arguments:** - -``--name `` - New user name (must be unique). - -``--tenant , --tenant-id `` - New user default tenant. - -``--pass []`` - New user password; required for some auth backends. - -``--email `` - New user email address. - -``--enabled `` - Initial user enabled status. Default is true. - -.. _keystone_user-delete: - -keystone user-delete -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-delete - -Delete user. - -**Arguments:** - -```` - Name or ID of user to delete. - -.. _keystone_user-get: - -keystone user-get -~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-get - -Display user details. - -**Arguments:** - -```` - Name or ID of user to display. - -.. _keystone_user-list: - -keystone user-list -~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-list [--tenant ] - -List users. - -**Arguments:** - -``--tenant , --tenant-id `` - Tenant; lists all users if not specified. - -.. _keystone_user-password-update: - -keystone user-password-update -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-password-update [--pass ] - -Update user password. - -**Arguments:** - -``--pass `` - Desired new password. - -```` - Name or ID of user to update password. - -.. _keystone_user-role-add: - -keystone user-role-add -~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-role-add --user --role [--tenant ] - -Add role to user. - -**Arguments:** - -``--user , --user-id , --user_id `` - Name or ID of user. - -``--role , --role-id , --role_id `` - Name or ID of role. - -``--tenant , --tenant-id `` - Name or ID of tenant. - -.. _keystone_user-role-list: - -keystone user-role-list -~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-role-list [--user ] [--tenant ] - -List roles granted to a user. - -**Arguments:** - -``--user , --user-id `` - List roles granted to specified user. - -``--tenant , --tenant-id `` - List only roles granted on specified tenant. - -.. _keystone_user-role-remove: - -keystone user-role-remove -~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-role-remove --user --role - [--tenant ] - -Remove role from user. - -**Arguments:** - -``--user , --user-id , --user_id `` - Name or ID of user. - -``--role , --role-id , --role_id `` - Name or ID of role. - -``--tenant , --tenant-id `` - Name or ID of tenant. - -.. _keystone_user-update: - -keystone user-update -~~~~~~~~~~~~~~~~~~~~ - -.. code-block:: console - - usage: keystone user-update [--name ] [--email ] - [--enabled ] - - -Update user's name, email, and enabled status. - -**Arguments:** - -``--name `` - Desired new user name. - -``--email `` - Desired new email address. - -``--enabled `` - Enable or disable user. - -```` - Name or ID of user to update. - diff --git a/doc/user-guide/source/cli_cheat_sheet.rst b/doc/user-guide/source/cli_cheat_sheet.rst index 6ade8ba56b..6346f662cf 100644 --- a/doc/user-guide/source/cli_cheat_sheet.rst +++ b/doc/user-guide/source/cli_cheat_sheet.rst @@ -11,13 +11,13 @@ List all users .. code-block:: console - $ keystone user-list + $ openstack user list List Identity service catalog .. code-block:: console - $ keystone catalog + $ openstack catalog list Images (glance) ~~~~~~~~~~~~~~~