1. Docs
  2. Reference
  3. API
  4. Open Stack
  5. identity
  6. User

User

Manages a V3 User resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Example Usage

using Pulumi;
using OpenStack = Pulumi.OpenStack;

class MyStack : Stack
{
    public MyStack()
    {
        var project1 = new OpenStack.Identity.Project("project1", new OpenStack.Identity.ProjectArgs
        {
        });
        var user1 = new OpenStack.Identity.User("user1", new OpenStack.Identity.UserArgs
        {
            DefaultProjectId = project1.Id,
            Description = "A user",
            Extra = 
            {
                { "email", "user_1@foobar.com" },
            },
            IgnoreChangePasswordUponFirstUse = true,
            MultiFactorAuthEnabled = true,
            MultiFactorAuthRules = 
            {
                new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
                {
                    Rule = 
                    {
                        "password",
                        "totp",
                    },
                },
                new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
                {
                    Rule = 
                    {
                        "password",
                    },
                },
            },
            Password = "password123",
        });
    }

}

Coming soon!

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.Project("project1")
user1 = openstack.identity.User("user1",
    default_project_id=project1.id,
    description="A user",
    extra={
        "email": "user_1@foobar.com",
    },
    ignore_change_password_upon_first_use=True,
    multi_factor_auth_enabled=True,
    multi_factor_auth_rules=[
        {
            "rule": [
                "password",
                "totp",
            ],
        },
        {
            "rule": ["password"],
        },
    ],
    password="password123")
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = new openstack.identity.Project("project_1", {});
const user1 = new openstack.identity.User("user_1", {
    defaultProjectId: project1.id,
    description: "A user",
    extra: {
        email: "user_1@foobar.com",
    },
    ignoreChangePasswordUponFirstUse: true,
    multiFactorAuthEnabled: true,
    multiFactorAuthRules: [
        {
            rules: [
                "password",
                "totp",
            ],
        },
        {
            rules: ["password"],
        },
    ],
    password: "password123",
});

Create a User Resource

new User(name: string, args?: UserArgs, opts?: CustomResourceOptions);
def User(resource_name, opts=None, default_project_id=None, description=None, domain_id=None, enabled=None, extra=None, ignore_change_password_upon_first_use=None, ignore_lockout_failure_attempts=None, ignore_password_expiry=None, multi_factor_auth_enabled=None, multi_factor_auth_rules=None, name=None, password=None, region=None, __props__=None);
func NewUser(ctx *Context, name string, args *UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The User resource accepts the following input properties:

DefaultProjectId string

The default project this user belongs to.

Description string

A description of the user.

DomainId string

The domain this user belongs to.

Enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

Extra Dictionary<string, object>

Free-form key/value pairs of extra information.

IgnoreChangePasswordUponFirstUse bool

User will not have to change their password upon first use. Valid values are true and false.

IgnoreLockoutFailureAttempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

IgnorePasswordExpiry bool

User’s password will not expire. Valid values are true and false.

MultiFactorAuthEnabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

MultiFactorAuthRules List<Pulumi.OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs>

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

Name string

The name of the user.

Password string

The password for the user.

Region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

DefaultProjectId string

The default project this user belongs to.

Description string

A description of the user.

DomainId string

The domain this user belongs to.

Enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

Extra map[string]interface{}

Free-form key/value pairs of extra information.

IgnoreChangePasswordUponFirstUse bool

User will not have to change their password upon first use. Valid values are true and false.

IgnoreLockoutFailureAttempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

IgnorePasswordExpiry bool

User’s password will not expire. Valid values are true and false.

MultiFactorAuthEnabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

MultiFactorAuthRules []UserMultiFactorAuthRule

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

Name string

The name of the user.

Password string

The password for the user.

Region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId string

The default project this user belongs to.

description string

A description of the user.

domainId string

The domain this user belongs to.

enabled boolean

Whether the user is enabled or disabled. Valid values are true and false.

extra {[key: string]: any}

Free-form key/value pairs of extra information.

ignoreChangePasswordUponFirstUse boolean

User will not have to change their password upon first use. Valid values are true and false.

ignoreLockoutFailureAttempts boolean

User will not have a failure lockout placed on their account. Valid values are true and false.

ignorePasswordExpiry boolean

User’s password will not expire. Valid values are true and false.

multiFactorAuthEnabled boolean

Whether to enable multi-factor authentication. Valid values are true and false.

multiFactorAuthRules UserMultiFactorAuthRule[]

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

name string

The name of the user.

password string

The password for the user.

region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

default_project_id str

The default project this user belongs to.

description str

A description of the user.

domain_id str

The domain this user belongs to.

enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

extra Dict[str, Any]

Free-form key/value pairs of extra information.

ignore_change_password_upon_first_use bool

User will not have to change their password upon first use. Valid values are true and false.

ignore_lockout_failure_attempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

ignore_password_expiry bool

User’s password will not expire. Valid values are true and false.

multi_factor_auth_enabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

multi_factor_auth_rules List[UserMultiFactorAuthRule]

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

name str

The name of the user.

password str

The password for the user.

region str

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
static get(resource_name, id, opts=None, default_project_id=None, description=None, domain_id=None, enabled=None, extra=None, ignore_change_password_upon_first_use=None, ignore_lockout_failure_attempts=None, ignore_password_expiry=None, multi_factor_auth_enabled=None, multi_factor_auth_rules=None, name=None, password=None, region=None, __props__=None);
func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

DefaultProjectId string

The default project this user belongs to.

Description string

A description of the user.

DomainId string

The domain this user belongs to.

Enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

Extra Dictionary<string, object>

Free-form key/value pairs of extra information.

IgnoreChangePasswordUponFirstUse bool

User will not have to change their password upon first use. Valid values are true and false.

IgnoreLockoutFailureAttempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

IgnorePasswordExpiry bool

User’s password will not expire. Valid values are true and false.

MultiFactorAuthEnabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

MultiFactorAuthRules List<Pulumi.OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs>

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

Name string

The name of the user.

Password string

The password for the user.

Region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

DefaultProjectId string

The default project this user belongs to.

Description string

A description of the user.

DomainId string

The domain this user belongs to.

Enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

Extra map[string]interface{}

Free-form key/value pairs of extra information.

IgnoreChangePasswordUponFirstUse bool

User will not have to change their password upon first use. Valid values are true and false.

IgnoreLockoutFailureAttempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

IgnorePasswordExpiry bool

User’s password will not expire. Valid values are true and false.

MultiFactorAuthEnabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

MultiFactorAuthRules []UserMultiFactorAuthRule

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

Name string

The name of the user.

Password string

The password for the user.

Region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

defaultProjectId string

The default project this user belongs to.

description string

A description of the user.

domainId string

The domain this user belongs to.

enabled boolean

Whether the user is enabled or disabled. Valid values are true and false.

extra {[key: string]: any}

Free-form key/value pairs of extra information.

ignoreChangePasswordUponFirstUse boolean

User will not have to change their password upon first use. Valid values are true and false.

ignoreLockoutFailureAttempts boolean

User will not have a failure lockout placed on their account. Valid values are true and false.

ignorePasswordExpiry boolean

User’s password will not expire. Valid values are true and false.

multiFactorAuthEnabled boolean

Whether to enable multi-factor authentication. Valid values are true and false.

multiFactorAuthRules UserMultiFactorAuthRule[]

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

name string

The name of the user.

password string

The password for the user.

region string

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

default_project_id str

The default project this user belongs to.

description str

A description of the user.

domain_id str

The domain this user belongs to.

enabled bool

Whether the user is enabled or disabled. Valid values are true and false.

extra Dict[str, Any]

Free-form key/value pairs of extra information.

ignore_change_password_upon_first_use bool

User will not have to change their password upon first use. Valid values are true and false.

ignore_lockout_failure_attempts bool

User will not have a failure lockout placed on their account. Valid values are true and false.

ignore_password_expiry bool

User’s password will not expire. Valid values are true and false.

multi_factor_auth_enabled bool

Whether to enable multi-factor authentication. Valid values are true and false.

multi_factor_auth_rules List[UserMultiFactorAuthRule]

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

name str

The name of the user.

password str

The password for the user.

region str

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

Supporting Types

UserMultiFactorAuthRule

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Rules List<string>

A list of authentication plugins that the user must authenticate with.

Rules []string

A list of authentication plugins that the user must authenticate with.

rules string[]

A list of authentication plugins that the user must authenticate with.

rules List[str]

A list of authentication plugins that the user must authenticate with.

Package Details

Repository
https://github.com/pulumi/pulumi-openstack
License
Apache-2.0
Notes
This Pulumi package is based on the openstack Terraform Provider.