RbacPolicyV2

The RBAC policy resource contains functionality for working with Neutron RBAC Policies. Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.

Sharing an object with a specific project is accomplished by creating a policy entry that permits the target project the access_as_shared action on that object.

To make a network available as an external network for specific projects rather than all projects, use the access_as_external action. If a network is marked as external during creation, it now implicitly creates a wildcard RBAC policy granting everyone access to preserve previous behavior before this feature was added.

Example Usage

using Pulumi;
using OpenStack = Pulumi.OpenStack;

class MyStack : Stack
{
    public MyStack()
    {
        var network1 = new OpenStack.Networking.Network("network1", new OpenStack.Networking.NetworkArgs
        {
            AdminStateUp = true,
        });
        var rbacPolicy1 = new OpenStack.Networking.RbacPolicyV2("rbacPolicy1", new OpenStack.Networking.RbacPolicyV2Args
        {
            Action = "access_as_shared",
            ObjectId = network1.Id,
            ObjectType = "network",
            TargetTenant = "20415a973c9e45d3917f078950644697",
        });
    }

}

Coming soon!

import pulumi
import pulumi_openstack as openstack

network1 = openstack.networking.Network("network1", admin_state_up="true")
rbac_policy1 = openstack.networking.RbacPolicyV2("rbacPolicy1",
    action="access_as_shared",
    object_id=network1.id,
    object_type="network",
    target_tenant="20415a973c9e45d3917f078950644697")

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const network1 = new openstack.networking.Network("network_1", {
    adminStateUp: true,
});
const rbacPolicy1 = new openstack.networking.RbacPolicyV2("rbac_policy_1", {
    action: "access_as_shared",
    objectId: network1.id,
    objectType: "network",
    targetTenant: "20415a973c9e45d3917f078950644697",
});

Create a RbacPolicyV2 Resource

new RbacPolicyV2(name: string, args: RbacPolicyV2Args, opts?: CustomResourceOptions);

def RbacPolicyV2(resource_name, opts=None, action=None, object_id=None, object_type=None, region=None, target_tenant=None, __props__=None);

func NewRbacPolicyV2(ctx *Context, name string, args RbacPolicyV2Args, opts ...ResourceOption) (*RbacPolicyV2, error)

public RbacPolicyV2(string name, RbacPolicyV2Args args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args RbacPolicyV2Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RbacPolicyV2Args: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RbacPolicyV2Args: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

RbacPolicyV2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The RbacPolicyV2 resource accepts the following input properties:

Action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
ObjectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
ObjectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
TargetTenant string: The ID of the tenant to which the RBAC policy will be enforced.
Region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.

Action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
ObjectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
ObjectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
TargetTenant string: The ID of the tenant to which the RBAC policy will be enforced.
Region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.

action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
objectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
objectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
targetTenant string: The ID of the tenant to which the RBAC policy will be enforced.
region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.

action str: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
object_id str: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
object_type str: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
target_tenant str: The ID of the tenant to which the RBAC policy will be enforced.
region str: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.

Outputs

All input properties are implicitly available as output properties. Additionally, the RbacPolicyV2 resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
ProjectId string

Id string: The provider-assigned unique ID for this managed resource.
ProjectId string

id string: The provider-assigned unique ID for this managed resource.
projectId string

id str: The provider-assigned unique ID for this managed resource.
project_id str

Look up an Existing RbacPolicyV2 Resource

Get an existing RbacPolicyV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RbacPolicyV2State, opts?: CustomResourceOptions): RbacPolicyV2

static get(resource_name, id, opts=None, action=None, object_id=None, object_type=None, project_id=None, region=None, target_tenant=None, __props__=None);

func GetRbacPolicyV2(ctx *Context, name string, id IDInput, state *RbacPolicyV2State, opts ...ResourceOption) (*RbacPolicyV2, error)

public static RbacPolicyV2 Get(string name, Input<string> id, RbacPolicyV2State? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
ObjectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
ObjectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
ProjectId string
Region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
TargetTenant string: The ID of the tenant to which the RBAC policy will be enforced.

Action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
ObjectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
ObjectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
ProjectId string
Region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
TargetTenant string: The ID of the tenant to which the RBAC policy will be enforced.

action string: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
objectId string: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
objectType string: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
projectId string
region string: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
targetTenant string: The ID of the tenant to which the RBAC policy will be enforced.

action str: Action for the RBAC policy. Can either be access_as_external or access_as_shared.
object_id str: The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
object_type str: The type of the object that the RBAC policy affects. Can either be qos-policy or network.
project_id str
region str: The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
target_tenant str: The ID of the tenant to which the RBAC policy will be enforced.

Package Details

Repository: https://github.com/pulumi/pulumi-openstack
License: Apache-2.0
Notes: This Pulumi package is based on the openstack Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud