Creating users in a domain
POST /v3/users
Create a user in the domain with the specified ID.
Source: https://docs.openstack.org/api-ref/identity/v3/index.html?expanded=create-user-detail#create-user
Request
Parameters
Name | In | Type | Description |
---|---|---|---|
user
|
body | object | A user object. |
default_project_id (Optional) |
body | string |
The ID of the default project for the user. A user’s default project must not be a domain. Setting this attribute does not grant any actual authorization on the project, and is merely provided for convenience. Therefore, the referenced project does not need to exist within the user domain. (Since v3.1) If the user does not have authorization to their default project, the default project is ignored at token creation. (Since v3.1) Additionally, if your default project is not valid, a token is issued without an explicit scope of authorization. |
domain_id (Optional) |
body | string | The ID of the domain of the user. If the domain ID is not provided in the request, the Identity service will attempt to pull the domain ID from the token used in the request. Note that this requires the use of a domain-scoped token. |
enabled (Optional) |
body | boolean | If the user is enabled, this value is true .
If the user is disabled, this value is false . |
password (Optional) |
body | string | The password for the user. |
extra (Optional) |
body | string | The extra attributes of a resource.
The actual name extra is not the key name in the request body,
but rather a collection of any attributes that a resource may contain
that are not part of the resource’s default attributes.
Generally these are custom fields that are added to a resource in keystone
by operators for their own specific uses,
such as email and description for users. |
options (Optional) |
body | object | The resource options for the user. Available resource options are
ignore_change_password_upon_first_use , ignore_password_expiry ,
ignore_lockout_failure_attempts , lock_password ,
multi_factor_auth_enabled , and multi_factor_auth_rules ignore_user_inactivity . |
Example
# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \ -d '{ "user": { "domain_id": "f2eeaaf15c254d4fa10255796122c8ec", "enabled": true, "name": "user1", "password": "passwd", "description": "A new user", "email": "user1@example.com" } }' https://<node_IP_addr>:5000/v3/users
Response
Parameters
Name | In | Type | Description |
---|---|---|---|
user
|
body | object | A user object. |
default_project_id (Optional) |
body | string |
The ID of the default project for the user. |
domain_id
|
body | string | The ID of the domain. |
enabled
|
body | boolean | If the user is enabled, this value is true .
If the user is disabled, this value is false . |
id
|
body | string | The user ID. |
links
|
body | object | The links for the user resource. |
name
|
body | string | The user name. Must be unique within the owning domain. |
password_expires_at
|
body | string |
The date and time when the password expires. The time zone is UTC. This is a response object attribute; not valid for requests.
A New in version 3.7 |
options
|
body | object | The resource options for the user. Available resource options are
ignore_change_password_upon_first_use , ignore_password_expiry ,
ignore_lockout_failure_attempts , lock_password ,
multi_factor_auth_enabled , and multi_factor_auth_rules ignore_user_inactivity . |
Status codes
Success
Code | Reason |
---|---|
201 - Created
|
Resource was created and is ready to use. |
Error
Code | Reason |
---|---|
400 - Bad Request
|
Some content in the request was invalid. |
401 - Unauthorized
|
User must authenticate before making a request. |
403 - Forbidden
|
Policy does not allow current user to do this operation. |
409 - Conflict
|
This operation conflicted with another operation on this resource. |
Example
{ "user": { "name": "user1", "links": { "self": "https://<node_IP_addr>:5000/v3/users/8615e3ece62c44ffa9174c809664bd68" }, "description": "A new user", "enabled": true, "email": "user1@example.com", "options": {}, "id": "8615e3ece62c44ffa9174c809664bd68", "domain_id": "f2eeaaf15c254d4fa10255796122c8ec", "password_expires_at": null } }