identity

class pulumi_openstack.identity.ApplicationCredential(resource_name, opts=None, description=None, expires_at=None, name=None, region=None, roles=None, secret=None, unrestricted=None, __name__=None, __opts__=None)

Manages a V3 Application Credential resource within OpenStack Keystone.

Note: All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Note: An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to openstack_compute_keypair_v2.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – A description of the application credential. Changing this creates a new application credential.
  • expires_at (pulumi.Input[str]) – The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
  • name (pulumi.Input[str]) – A name of the application credential. Changing this creates a new application credential.
  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
  • roles (pulumi.Input[list]) – A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
  • secret (pulumi.Input[str]) – The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
  • unrestricted (pulumi.Input[bool]) – A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
description = None

A description of the application credential. Changing this creates a new application credential.

expires_at = None

The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

name = None

A name of the application credential. Changing this creates a new application credential.

project_id = None

The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

region = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

roles = None

A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

secret = None

The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

unrestricted = None

A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_openstack.identity.GetAuthScopeResult(name=None, project_domain_id=None, project_domain_name=None, project_id=None, project_name=None, region=None, roles=None, user_domain_id=None, user_domain_name=None, user_id=None, user_name=None, id=None)

A collection of values returned by getAuthScope.

project_domain_id = None

The domain ID of the project.

project_domain_name = None

The domain name of the project.

project_id = None

The project ID of the scope.

project_name = None

The project name of the scope.

roles = None

A list of roles in the current scope. See reference below.

user_domain_id = None

The domain ID of the user.

user_domain_name = None

The domain name of the user.

user_id = None

The user ID the of the scope.

user_name = None

The username of the scope.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.GetEndpointResult(interface=None, region=None, service_id=None, service_name=None, url=None, id=None)

A collection of values returned by getEndpoint.

interface = None

See Argument Reference above.

region = None

The region the endpoint is located in.

service_id = None

See Argument Reference above.

service_name = None

See Argument Reference above.

url = None

The endpoint URL

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.GetGroupResult(domain_id=None, name=None, region=None, id=None)

A collection of values returned by getGroup.

domain_id = None

See Argument Reference above.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.GetProjectResult(description=None, domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, id=None)

A collection of values returned by getProject.

description = None

The description of the project.

domain_id = None

See Argument Reference above.

enabled = None

See Argument Reference above.

is_domain = None

See Argument Reference above.

name = None

See Argument Reference above.

parent_id = None

See Argument Reference above.

region = None

The region the project is located in.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.GetRoleResult(domain_id=None, name=None, region=None, id=None)

A collection of values returned by getRole.

domain_id = None

See Argument Reference above.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.GetUserResult(default_project_id=None, domain_id=None, enabled=None, idp_id=None, name=None, password_expires_at=None, protocol_id=None, region=None, unique_id=None, id=None)

A collection of values returned by getUser.

default_project_id = None

See Argument Reference above.

domain_id = None

See Argument Reference above.

enabled = None

See Argument Reference above.

idp_id = None

See Argument Reference above.

name = None

See Argument Reference above.

password_expires_at = None

See Argument Reference above.

protocol_id = None

See Argument Reference above.

region = None

The region the user is located in.

unique_id = None

See Argument Reference above.

id = None

id is the provider-assigned unique ID for this managed resource.

class pulumi_openstack.identity.Project(resource_name, opts=None, description=None, domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, __name__=None, __opts__=None)

Manages a V3 Project resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • description (pulumi.Input[str]) – A description of the project.
  • domain_id (pulumi.Input[str]) – The domain this project belongs to.
  • enabled (pulumi.Input[bool]) – Whether the project is enabled or disabled. Valid values are true and false.
  • is_domain (pulumi.Input[bool]) – Whether this project is a domain. Valid values are true and false.
  • name (pulumi.Input[str]) – The name of the project.
  • parent_id (pulumi.Input[str]) – The parent of this project.
  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.
description = None

A description of the project.

domain_id = None

The domain this project belongs to.

enabled = None

Whether the project is enabled or disabled. Valid values are true and false.

is_domain = None

Whether this project is a domain. Valid values are true and false.

name = None

The name of the project.

parent_id = None

The parent of this project.

region = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_openstack.identity.Role(resource_name, opts=None, domain_id=None, name=None, region=None, __name__=None, __opts__=None)

Manages a V3 Role resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • domain_id (pulumi.Input[str]) – The domain the role belongs to.
  • name (pulumi.Input[str]) – The name of the role.
  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.
domain_id = None

The domain the role belongs to.

name = None

The name of the role.

region = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_openstack.identity.RoleAssignment(resource_name, opts=None, domain_id=None, group_id=None, project_id=None, region=None, role_id=None, user_id=None, __name__=None, __opts__=None)

Manages a V3 Role assignment within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • domain_id (pulumi.Input[str]) – The domain to assign the role in.
  • group_id (pulumi.Input[str]) – The group to assign the role to.
  • project_id (pulumi.Input[str]) – The project to assign the role in.
  • role_id (pulumi.Input[str]) – The role to assign.
  • user_id (pulumi.Input[str]) – The user to assign the role to.
domain_id = None

The domain to assign the role in.

group_id = None

The group to assign the role to.

project_id = None

The project to assign the role in.

role_id = None

The role to assign.

user_id = None

The user to assign the role to.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_openstack.identity.User(resource_name, opts=None, default_project_id=None, description=None, domain_id=None, enabled=None, extra=None, ignore_change_password_upon_first_use=None, ignore_lockout_failure_attempts=None, ignore_password_expiry=None, multi_factor_auth_enabled=None, multi_factor_auth_rules=None, name=None, password=None, region=None, __name__=None, __opts__=None)

Manages a V3 User resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • default_project_id (pulumi.Input[str]) – The default project this user belongs to.
  • description (pulumi.Input[str]) – A description of the user.
  • domain_id (pulumi.Input[str]) – The domain this user belongs to.
  • enabled (pulumi.Input[bool]) – Whether the user is enabled or disabled. Valid values are true and false.
  • extra (pulumi.Input[dict]) – Free-form key/value pairs of extra information.
  • ignore_change_password_upon_first_use (pulumi.Input[bool]) – User will not have to change their password upon first use. Valid values are true and false.
  • ignore_lockout_failure_attempts (pulumi.Input[bool]) – User will not have a failure lockout placed on their account. Valid values are true and false.
  • ignore_password_expiry (pulumi.Input[bool]) – User’s password will not expire. Valid values are true and false.
  • multi_factor_auth_enabled (pulumi.Input[bool]) – Whether to enable multi-factor authentication. Valid values are true and false.
  • multi_factor_auth_rules (pulumi.Input[list]) – A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
  • name (pulumi.Input[str]) – The name of the user.
  • password (pulumi.Input[str]) – The password for the user.
  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.
default_project_id = None

The default project this user belongs to.

description = None

A description of the user.

domain_id = None

The domain this user belongs to.

enabled = None

Whether the user is enabled or disabled. Valid values are true and false.

extra = None

Free-form key/value pairs of extra information.

ignore_change_password_upon_first_use = None

User will not have to change their password upon first use. Valid values are true and false.

ignore_lockout_failure_attempts = None

User will not have a failure lockout placed on their account. Valid values are true and false.

ignore_password_expiry = None

User’s password will not expire. Valid values are true and false.

multi_factor_auth_enabled = None

Whether to enable multi-factor authentication. Valid values are true and false.

multi_factor_auth_rules = None

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

name = None

The name of the user.

password = None

The password for the user.

region = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
pulumi_openstack.identity.get_auth_scope(name=None, region=None, opts=None)

Use this data source to get authentication information about the current auth scope in use. This can be used as self-discovery or introspection of the username or project name currently in use.

pulumi_openstack.identity.get_endpoint(interface=None, region=None, service_id=None, service_name=None, opts=None)

Use this data source to get the ID of an OpenStack endpoint.

Note: This usually requires admin privileges.

pulumi_openstack.identity.get_group(domain_id=None, name=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack group.

Note: This usually requires admin privileges.

pulumi_openstack.identity.get_project(domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack project.

pulumi_openstack.identity.get_role(domain_id=None, name=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack role.

pulumi_openstack.identity.get_user(domain_id=None, enabled=None, idp_id=None, name=None, password_expires_at=None, protocol_id=None, region=None, unique_id=None, opts=None)

Use this data source to get the ID of an OpenStack user.