# Policies

Policy management operations

## List policies

> Lists policies

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Policies","description":"Policy management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true},"limit":{"name":"limit","description":"Requests a page size of items","schema":{"minimum":1,"type":"integer"},"in":"query","required":false},"marker":{"name":"marker","description":"The ID of the last-seen item for pagination","schema":{"type":"string"},"in":"query","required":false}},"schemas":{"PoliciesResponse":{"required":["policies","links"],"type":"object","properties":{"policies":{"type":"array","items":{"$ref":"#/components/schemas/Policy"}},"links":{"$ref":"#/components/schemas/Links"}}},"Policy":{"required":["id","type","blob"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"blob":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"}}},"paths":{"/policies":{"get":{"tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"name":"type","description":"Filter by policy type","schema":{"type":"string"},"in":"query","required":false},{"$ref":"#/components/parameters/limit"},{"$ref":"#/components/parameters/marker"}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PoliciesResponse"}}},"description":"Policies listed successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"}},"summary":"List policies","description":"Lists policies"}}}}
```

## Create policy

> Creates a policy

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Policies","description":"Policy management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"schemas":{"PolicyRequest":{"required":["policy"],"type":"object","properties":{"policy":{"required":["type","blob"],"type":"object","properties":{"type":{"type":"string"},"blob":{"type":"object"}}}}},"PolicyResponse":{"required":["policy"],"type":"object","properties":{"policy":{"$ref":"#/components/schemas/Policy"}}},"Policy":{"required":["id","type","blob"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"blob":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"Conflict":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"This operation conflicted with another operation on this resource"}}},"paths":{"/policies":{"post":{"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyRequest"}}},"required":true},"tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"}],"responses":{"201":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyResponse"}}},"description":"Policy created successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"409":{"$ref":"#/components/responses/Conflict"}},"summary":"Create policy","description":"Creates a policy"}}}}
```

## Show policy details

> Shows details for a policy

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Policies","description":"Policy management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"schemas":{"PolicyResponse":{"required":["policy"],"type":"object","properties":{"policy":{"$ref":"#/components/schemas/Policy"}}},"Policy":{"required":["id","type","blob"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"blob":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}}},"paths":{"/policies/{policy_id}":{"get":{"tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"name":"policy_id","description":"The policy ID","schema":{"type":"string"},"in":"path","required":true}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyResponse"}}},"description":"Policy details retrieved successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Show policy details","description":"Shows details for a policy"}}}}
```

## Delete policy

> Deletes a policy

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Policies","description":"Policy management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"}},"schemas":{"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}}},"paths":{"/policies/{policy_id}":{"delete":{"tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"name":"policy_id","description":"The policy ID","schema":{"type":"string"},"in":"path","required":true}],"responses":{"204":{"description":"Policy deleted successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"}},"summary":"Delete policy","description":"Deletes a policy"}}}}
```

## Update policy

> Updates a policy

```json
{"openapi":"3.0.3","info":{"title":"OpenStack Identity API v3","version":"3.14"},"tags":[{"name":"Policies","description":"Policy management operations"}],"servers":[{"url":"https://{host}/keystone/v3","description":"PCD Identity API v3","variables":{"host":{"default":"example.platform9.com","description":"The PCD controlplane hostname"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","description":"Authentication token obtained from the authentication service","name":"X-Auth-Token","in":"header"}},"schemas":{"PolicyRequest":{"required":["policy"],"type":"object","properties":{"policy":{"required":["type","blob"],"type":"object","properties":{"type":{"type":"string"},"blob":{"type":"object"}}}}},"PolicyResponse":{"required":["policy"],"type":"object","properties":{"policy":{"$ref":"#/components/schemas/Policy"}}},"Policy":{"required":["id","type","blob"],"type":"object","properties":{"id":{"type":"string"},"type":{"type":"string"},"blob":{"type":"object"},"links":{"$ref":"#/components/schemas/Links"}}},"Links":{"required":["self"],"type":"object","properties":{"self":{"type":"string"},"previous":{"nullable":true,"type":"string"},"next":{"nullable":true,"type":"string"}}},"Error":{"required":["error"],"type":"object","properties":{"error":{"required":["code","message","title"],"type":"object","properties":{"code":{"type":"integer"},"message":{"type":"string"},"title":{"type":"string"}}}}}},"parameters":{"X-Auth-Token":{"name":"X-Auth-Token","description":"A valid authentication token","schema":{"type":"string"},"in":"header","required":true}},"responses":{"BadRequest":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Some content in the request was invalid"},"Unauthorized":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"User must authenticate before making a request"},"Forbidden":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"Policy does not allow current user to do this operation"},"NotFound":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"The requested resource could not be found"},"Conflict":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}},"description":"This operation conflicted with another operation on this resource"}}},"paths":{"/policies/{policy_id}":{"patch":{"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyRequest"}}},"required":true},"tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/X-Auth-Token"},{"name":"policy_id","description":"The policy ID","schema":{"type":"string"},"in":"path","required":true}],"responses":{"200":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyResponse"}}},"description":"Policy updated successfully"},"400":{"$ref":"#/components/responses/BadRequest"},"401":{"$ref":"#/components/responses/Unauthorized"},"403":{"$ref":"#/components/responses/Forbidden"},"404":{"$ref":"#/components/responses/NotFound"},"409":{"$ref":"#/components/responses/Conflict"}},"summary":"Update policy","description":"Updates a policy"}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.platform9.com/api-docs/identity-service/policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.