1. Docs
  2. Reference
  3. API
  4. pulumi_openstack
  5. identity

This page documents the language specification for the openstack package. If you're looking for help working with the inputs, outputs, or functions of openstack resources in a Pulumi program, please see the resource documentation for examples and API reference.

identity

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

class pulumi_openstack.identity.ApplicationCredential(resource_name, opts=None, access_rules=None, description=None, expires_at=None, name=None, region=None, roles=None, secret=None, unrestricted=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Application Credential resource within OpenStack Keystone.

Note: All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Note: An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to compute.Keypair.

import pulumi
import pulumi_openstack as openstack

swift = openstack.identity.ApplicationCredential("swift",
    description="Swift technical application credential",
    expires_at="2019-02-13T12:12:12Z",
    roles=["swiftoperator"],
    secret="supersecret")

import pulumi
import pulumi_openstack as openstack

unrestricted = openstack.identity.ApplicationCredential("unrestricted",
    description="Unrestricted application credential",
    unrestricted=True)
pulumi.export("applicationCredentialSecret", unrestricted.secret)

import pulumi
import pulumi_openstack as openstack

monitoring = openstack.identity.ApplicationCredential("monitoring",
    access_rules=[
        {
            "method": "GET",
            "path": "/v2.0/metrics",
            "service": "monitoring",
        },
        {
            "method": "PUT",
            "path": "/v2.0/metrics",
            "service": "monitoring",
        },
    ],
    expires_at="2019-02-13T12:12:12Z")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_rules (pulumi.Input[list]) – A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.

  • description (pulumi.Input[str]) – A description of the application credential. Changing this creates a new application credential.

  • expires_at (pulumi.Input[str]) – The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

  • name (pulumi.Input[str]) – A name of the application credential. Changing this creates a new application credential.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

  • roles (pulumi.Input[list]) – A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

  • secret (pulumi.Input[str]) – The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

  • unrestricted (pulumi.Input[bool]) – A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

The access_rules object supports the following:

  • id (pulumi.Input[str]) - The ID of the existing access rule. The access rule ID of another application credential can be provided.

  • method (pulumi.Input[str]) - The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.

  • path (pulumi.Input[str]) - The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.

  • service (pulumi.Input[str]) - The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.

access_rules: pulumi.Output[list] = None

A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.

  • id (str) - The ID of the existing access rule. The access rule ID of another application credential can be provided.

  • method (str) - The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.

  • path (str) - The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.

  • service (str) - The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.

description: pulumi.Output[str] = None

A description of the application credential. Changing this creates a new application credential.

expires_at: pulumi.Output[str] = None

The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

name: pulumi.Output[str] = None

A name of the application credential. Changing this creates a new application credential.

project_id: pulumi.Output[str] = None

The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

roles: pulumi.Output[list] = None

A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

secret: pulumi.Output[str] = None

The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

unrestricted: pulumi.Output[bool] = None

A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

static get(resource_name, id, opts=None, access_rules=None, description=None, expires_at=None, name=None, project_id=None, region=None, roles=None, secret=None, unrestricted=None)

Get an existing ApplicationCredential resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • access_rules (pulumi.Input[list]) – A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.

  • description (pulumi.Input[str]) – A description of the application credential. Changing this creates a new application credential.

  • expires_at (pulumi.Input[str]) – The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

  • name (pulumi.Input[str]) – A name of the application credential. Changing this creates a new application credential.

  • project_id (pulumi.Input[str]) – The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

  • roles (pulumi.Input[list]) – A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

  • secret (pulumi.Input[str]) – The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

  • unrestricted (pulumi.Input[bool]) – A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

The access_rules object supports the following:

  • id (pulumi.Input[str]) - The ID of the existing access rule. The access rule ID of another application credential can be provided.

  • method (pulumi.Input[str]) - The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.

  • path (pulumi.Input[str]) - The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.

  • service (pulumi.Input[str]) - The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.AwaitableGetAuthScopeResult(domain_id=None, domain_name=None, id=None, name=None, project_domain_id=None, project_domain_name=None, project_id=None, project_name=None, region=None, roles=None, user_domain_id=None, user_domain_name=None, user_id=None, user_name=None)
class pulumi_openstack.identity.AwaitableGetEndpointResult(endpoint_region=None, id=None, interface=None, name=None, region=None, service_id=None, service_name=None, service_type=None, url=None)
class pulumi_openstack.identity.AwaitableGetGroupResult(description=None, domain_id=None, id=None, name=None, region=None)
class pulumi_openstack.identity.AwaitableGetProjectResult(description=None, domain_id=None, enabled=None, id=None, is_domain=None, name=None, parent_id=None, region=None, tags=None)
class pulumi_openstack.identity.AwaitableGetRoleResult(domain_id=None, id=None, name=None, region=None)
class pulumi_openstack.identity.AwaitableGetServiceResult(description=None, enabled=None, id=None, name=None, region=None, type=None)
class pulumi_openstack.identity.AwaitableGetUserResult(default_project_id=None, description=None, domain_id=None, enabled=None, id=None, idp_id=None, name=None, password_expires_at=None, protocol_id=None, region=None, unique_id=None)
class pulumi_openstack.identity.EndpointV3(resource_name, opts=None, endpoint_region=None, interface=None, name=None, region=None, service_id=None, url=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Endpoint resource within OpenStack Keystone.

Note: This usually requires admin privileges.

import pulumi
import pulumi_openstack as openstack

service1 = openstack.identity.ServiceV3("service1", type="my-service-type")
endpoint1 = openstack.identity.EndpointV3("endpoint1",
    endpoint_region=service1.region,
    service_id=service1.id,
    url="http://my-endpoint")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • endpoint_region (pulumi.Input[str]) – The endpoint region. The region and endpoint_region can be different.

  • interface (pulumi.Input[str]) – The endpoint interface. Valid values are public, internal and admin. Default value is public

  • name (pulumi.Input[str]) – The endpoint name.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • service_id (pulumi.Input[str]) – The endpoint service ID.

  • url (pulumi.Input[str]) – The endpoint url.

endpoint_region: pulumi.Output[str] = None

The endpoint region. The region and endpoint_region can be different.

interface: pulumi.Output[str] = None

The endpoint interface. Valid values are public, internal and admin. Default value is public

name: pulumi.Output[str] = None

The endpoint name.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

service_id: pulumi.Output[str] = None

The endpoint service ID.

service_name: pulumi.Output[str] = None

The service name of the endpoint.

service_type: pulumi.Output[str] = None

The service type of the endpoint.

url: pulumi.Output[str] = None

The endpoint url.

static get(resource_name, id, opts=None, endpoint_region=None, interface=None, name=None, region=None, service_id=None, service_name=None, service_type=None, url=None)

Get an existing EndpointV3 resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • endpoint_region (pulumi.Input[str]) – The endpoint region. The region and endpoint_region can be different.

  • interface (pulumi.Input[str]) – The endpoint interface. Valid values are public, internal and admin. Default value is public

  • name (pulumi.Input[str]) – The endpoint name.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • service_id (pulumi.Input[str]) – The endpoint service ID.

  • service_name (pulumi.Input[str]) – The service name of the endpoint.

  • service_type (pulumi.Input[str]) – The service type of the endpoint.

  • url (pulumi.Input[str]) – The endpoint url.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.GetAuthScopeResult(domain_id=None, domain_name=None, id=None, name=None, project_domain_id=None, project_domain_name=None, project_id=None, project_name=None, region=None, roles=None, user_domain_id=None, user_domain_name=None, user_id=None, user_name=None)

A collection of values returned by getAuthScope.

domain_id = None

The domain ID of the scope.

domain_name = None

The domain name of the scope.

id = None

The provider-assigned unique ID for this managed resource.

project_domain_id = None

The domain ID of the project.

project_domain_name = None

The domain name of the project.

project_id = None

The project ID of the scope.

project_name = None

The project name of the scope.

roles = None

A list of roles in the current scope. See reference below.

user_domain_id = None

The domain ID of the user.

user_domain_name = None

The domain name of the user.

user_id = None

The user ID the of the scope.

user_name = None

The username of the scope.

class pulumi_openstack.identity.GetEndpointResult(endpoint_region=None, id=None, interface=None, name=None, region=None, service_id=None, service_name=None, service_type=None, url=None)

A collection of values returned by getEndpoint.

endpoint_region = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

interface = None

See Argument Reference above.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

service_id = None

See Argument Reference above.

service_name = None

See Argument Reference above.

service_type = None

See Argument Reference above.

url = None

The endpoint URL.

class pulumi_openstack.identity.GetGroupResult(description=None, domain_id=None, id=None, name=None, region=None)

A collection of values returned by getGroup.

description = None

A description of the group.

domain_id = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

class pulumi_openstack.identity.GetProjectResult(description=None, domain_id=None, enabled=None, id=None, is_domain=None, name=None, parent_id=None, region=None, tags=None)

A collection of values returned by getProject.

description = None

The description of the project.

domain_id = None

See Argument Reference above.

enabled = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

is_domain = None

See Argument Reference above.

name = None

See Argument Reference above.

parent_id = None

See Argument Reference above.

region = None

The region the project is located in.

tags = None

See Argument Reference above.

class pulumi_openstack.identity.GetRoleResult(domain_id=None, id=None, name=None, region=None)

A collection of values returned by getRole.

domain_id = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

class pulumi_openstack.identity.GetServiceResult(description=None, enabled=None, id=None, name=None, region=None, type=None)

A collection of values returned by getService.

description = None

The service description.

enabled = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

name = None

See Argument Reference above.

region = None

See Argument Reference above.

type = None

See Argument Reference above.

class pulumi_openstack.identity.GetUserResult(default_project_id=None, description=None, domain_id=None, enabled=None, id=None, idp_id=None, name=None, password_expires_at=None, protocol_id=None, region=None, unique_id=None)

A collection of values returned by getUser.

default_project_id = None

See Argument Reference above.

description = None

A description of the user.

domain_id = None

See Argument Reference above.

enabled = None

See Argument Reference above.

id = None

The provider-assigned unique ID for this managed resource.

idp_id = None

See Argument Reference above.

name = None

See Argument Reference above.

password_expires_at = None

See Argument Reference above.

protocol_id = None

See Argument Reference above.

region = None

The region the user is located in.

unique_id = None

See Argument Reference above.

class pulumi_openstack.identity.Project(resource_name, opts=None, description=None, domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, tags=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Project resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.Project("project1", description="A project")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – A description of the project.

  • domain_id (pulumi.Input[str]) – The domain this project belongs to.

  • enabled (pulumi.Input[bool]) – Whether the project is enabled or disabled. Valid values are true and false.

  • is_domain (pulumi.Input[bool]) – Whether this project is a domain. Valid values are true and false.

  • name (pulumi.Input[str]) – The name of the project.

  • parent_id (pulumi.Input[str]) – The parent of this project.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new project.

  • tags (pulumi.Input[list]) – Tags for the project. Changing this updates the existing project.

description: pulumi.Output[str] = None

A description of the project.

domain_id: pulumi.Output[str] = None

The domain this project belongs to.

enabled: pulumi.Output[bool] = None

Whether the project is enabled or disabled. Valid values are true and false.

is_domain: pulumi.Output[bool] = None

Whether this project is a domain. Valid values are true and false.

name: pulumi.Output[str] = None

The name of the project.

parent_id: pulumi.Output[str] = None

The parent of this project.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new project.

tags: pulumi.Output[list] = None

Tags for the project. Changing this updates the existing project.

static get(resource_name, id, opts=None, description=None, domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, tags=None)

Get an existing Project resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – A description of the project.

  • domain_id (pulumi.Input[str]) – The domain this project belongs to.

  • enabled (pulumi.Input[bool]) – Whether the project is enabled or disabled. Valid values are true and false.

  • is_domain (pulumi.Input[bool]) – Whether this project is a domain. Valid values are true and false.

  • name (pulumi.Input[str]) – The name of the project.

  • parent_id (pulumi.Input[str]) – The parent of this project.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new project.

  • tags (pulumi.Input[list]) – Tags for the project. Changing this updates the existing project.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.Role(resource_name, opts=None, domain_id=None, name=None, region=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Role resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

import pulumi
import pulumi_openstack as openstack

role1 = openstack.identity.Role("role1")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain_id (pulumi.Input[str]) – The domain the role belongs to.

  • name (pulumi.Input[str]) – The name of the role.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

domain_id: pulumi.Output[str] = None

The domain the role belongs to.

name: pulumi.Output[str] = None

The name of the role.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

static get(resource_name, id, opts=None, domain_id=None, name=None, region=None)

Get an existing Role resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain_id (pulumi.Input[str]) – The domain the role belongs to.

  • name (pulumi.Input[str]) – The name of the role.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.RoleAssignment(resource_name, opts=None, domain_id=None, group_id=None, project_id=None, region=None, role_id=None, user_id=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Role assignment within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.Project("project1")
user1 = openstack.identity.User("user1", default_project_id=project1.id)
role1 = openstack.identity.Role("role1")
role_assignment1 = openstack.identity.RoleAssignment("roleAssignment1",
    project_id=project1.id,
    role_id=role1.id,
    user_id=user1.id)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain_id (pulumi.Input[str]) – The domain to assign the role in.

  • group_id (pulumi.Input[str]) – The group to assign the role to.

  • project_id (pulumi.Input[str]) – The project to assign the role in.

  • role_id (pulumi.Input[str]) – The role to assign.

  • user_id (pulumi.Input[str]) – The user to assign the role to.

domain_id: pulumi.Output[str] = None

The domain to assign the role in.

group_id: pulumi.Output[str] = None

The group to assign the role to.

project_id: pulumi.Output[str] = None

The project to assign the role in.

role_id: pulumi.Output[str] = None

The role to assign.

user_id: pulumi.Output[str] = None

The user to assign the role to.

static get(resource_name, id, opts=None, domain_id=None, group_id=None, project_id=None, region=None, role_id=None, user_id=None)

Get an existing RoleAssignment resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain_id (pulumi.Input[str]) – The domain to assign the role in.

  • group_id (pulumi.Input[str]) – The group to assign the role to.

  • project_id (pulumi.Input[str]) – The project to assign the role in.

  • role_id (pulumi.Input[str]) – The role to assign.

  • user_id (pulumi.Input[str]) – The user to assign the role to.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.ServiceV3(resource_name, opts=None, description=None, enabled=None, name=None, region=None, type=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 Service resource within OpenStack Keystone.

Note: This usually requires admin privileges.

import pulumi
import pulumi_openstack as openstack

service1 = openstack.identity.ServiceV3("service1", type="custom")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – The service description.

  • enabled (pulumi.Input[bool]) – The service status. Defaults to true.

  • name (pulumi.Input[str]) – The service name.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • type (pulumi.Input[str]) – The service type.

description: pulumi.Output[str] = None

The service description.

enabled: pulumi.Output[bool] = None

The service status. Defaults to true.

name: pulumi.Output[str] = None

The service name.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

type: pulumi.Output[str] = None

The service type.

static get(resource_name, id, opts=None, description=None, enabled=None, name=None, region=None, type=None)

Get an existing ServiceV3 resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – The service description.

  • enabled (pulumi.Input[bool]) – The service status. Defaults to true.

  • name (pulumi.Input[str]) – The service name.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • type (pulumi.Input[str]) – The service type.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_openstack.identity.User(resource_name, opts=None, default_project_id=None, description=None, domain_id=None, enabled=None, extra=None, ignore_change_password_upon_first_use=None, ignore_lockout_failure_attempts=None, ignore_password_expiry=None, multi_factor_auth_enabled=None, multi_factor_auth_rules=None, name=None, password=None, region=None, __props__=None, __name__=None, __opts__=None)

Manages a V3 User resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.Project("project1")
user1 = openstack.identity.User("user1",
    default_project_id=project1.id,
    description="A user",
    extra={
        "email": "user_1@foobar.com",
    },
    ignore_change_password_upon_first_use=True,
    multi_factor_auth_enabled=True,
    multi_factor_auth_rules=[
        {
            "rule": [
                "password",
                "totp",
            ],
        },
        {
            "rule": ["password"],
        },
    ],
    password="password123")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • default_project_id (pulumi.Input[str]) – The default project this user belongs to.

  • description (pulumi.Input[str]) – A description of the user.

  • domain_id (pulumi.Input[str]) – The domain this user belongs to.

  • enabled (pulumi.Input[bool]) – Whether the user is enabled or disabled. Valid values are true and false.

  • extra (pulumi.Input[dict]) – Free-form key/value pairs of extra information.

  • ignore_change_password_upon_first_use (pulumi.Input[bool]) – User will not have to change their password upon first use. Valid values are true and false.

  • ignore_lockout_failure_attempts (pulumi.Input[bool]) – User will not have a failure lockout placed on their account. Valid values are true and false.

  • ignore_password_expiry (pulumi.Input[bool]) – User’s password will not expire. Valid values are true and false.

  • multi_factor_auth_enabled (pulumi.Input[bool]) – Whether to enable multi-factor authentication. Valid values are true and false.

  • multi_factor_auth_rules (pulumi.Input[list]) – A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

  • name (pulumi.Input[str]) – The name of the user.

  • password (pulumi.Input[str]) – The password for the user.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

The multi_factor_auth_rules object supports the following:

  • rules (pulumi.Input[list]) - A list of authentication plugins that the user must authenticate with.

default_project_id: pulumi.Output[str] = None

The default project this user belongs to.

description: pulumi.Output[str] = None

A description of the user.

domain_id: pulumi.Output[str] = None

The domain this user belongs to.

enabled: pulumi.Output[bool] = None

Whether the user is enabled or disabled. Valid values are true and false.

extra: pulumi.Output[dict] = None

Free-form key/value pairs of extra information.

ignore_change_password_upon_first_use: pulumi.Output[bool] = None

User will not have to change their password upon first use. Valid values are true and false.

ignore_lockout_failure_attempts: pulumi.Output[bool] = None

User will not have a failure lockout placed on their account. Valid values are true and false.

ignore_password_expiry: pulumi.Output[bool] = None

User’s password will not expire. Valid values are true and false.

multi_factor_auth_enabled: pulumi.Output[bool] = None

Whether to enable multi-factor authentication. Valid values are true and false.

multi_factor_auth_rules: pulumi.Output[list] = None

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

  • rules (list) - A list of authentication plugins that the user must authenticate with.

name: pulumi.Output[str] = None

The name of the user.

password: pulumi.Output[str] = None

The password for the user.

region: pulumi.Output[str] = None

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

static get(resource_name, id, opts=None, default_project_id=None, description=None, domain_id=None, enabled=None, extra=None, ignore_change_password_upon_first_use=None, ignore_lockout_failure_attempts=None, ignore_password_expiry=None, multi_factor_auth_enabled=None, multi_factor_auth_rules=None, name=None, password=None, region=None)

Get an existing User resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • default_project_id (pulumi.Input[str]) – The default project this user belongs to.

  • description (pulumi.Input[str]) – A description of the user.

  • domain_id (pulumi.Input[str]) – The domain this user belongs to.

  • enabled (pulumi.Input[bool]) – Whether the user is enabled or disabled. Valid values are true and false.

  • extra (pulumi.Input[dict]) – Free-form key/value pairs of extra information.

  • ignore_change_password_upon_first_use (pulumi.Input[bool]) – User will not have to change their password upon first use. Valid values are true and false.

  • ignore_lockout_failure_attempts (pulumi.Input[bool]) – User will not have a failure lockout placed on their account. Valid values are true and false.

  • ignore_password_expiry (pulumi.Input[bool]) – User’s password will not expire. Valid values are true and false.

  • multi_factor_auth_enabled (pulumi.Input[bool]) – Whether to enable multi-factor authentication. Valid values are true and false.

  • multi_factor_auth_rules (pulumi.Input[list]) –

    A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

  • name (pulumi.Input[str]) – The name of the user.

  • password (pulumi.Input[str]) – The password for the user.

  • region (pulumi.Input[str]) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

The multi_factor_auth_rules object supports the following:

  • rules (pulumi.Input[list]) - A list of authentication plugins that the user must authenticate with.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_openstack.identity.get_auth_scope(name=None, region=None, opts=None)

Use this data source to get authentication information about the current auth scope in use. This can be used as self-discovery or introspection of the username or project name currently in use.

import pulumi
import pulumi_openstack as openstack

scope = openstack.identity.get_auth_scope(name="my_scope")
Parameters

  • name (str) – The name of the scope. This is an arbitrary name which is only used as a unique identifier so an actual token isn’t used as the ID.

  • region (str) – The region in which to obtain the V3 Identity client. A Identity client is needed to retrieve tokens IDs. If omitted, the region argument of the provider is used.

pulumi_openstack.identity.get_endpoint(endpoint_region=None, interface=None, name=None, region=None, service_id=None, service_name=None, service_type=None, opts=None)

Use this data source to get the ID of an OpenStack endpoint.

Note: This usually requires admin privileges.

import pulumi
import pulumi_openstack as openstack

endpoint1 = openstack.identity.get_endpoint(service_name="demo")
Parameters

  • endpoint_region (str) – The region the endpoint is assigned to. The region and endpoint_region can be different.

  • interface (str) – The endpoint interface. Valid values are public, internal, and admin. Default value is public

  • name (str) – The name of the endpoint.

  • region (str) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • service_id (str) – The service id this endpoint belongs to.

  • service_name (str) – The service name of the endpoint.

  • service_type (str) – The service type of the endpoint.

pulumi_openstack.identity.get_group(domain_id=None, name=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack group.

Note: This usually requires admin privileges.

import pulumi
import pulumi_openstack as openstack

admins = openstack.identity.get_group(name="admins")
Parameters

  • domain_id (str) – The domain the group belongs to.

  • name (str) – The name of the group.

  • region (str) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

pulumi_openstack.identity.get_project(domain_id=None, enabled=None, is_domain=None, name=None, parent_id=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack project.

import pulumi
import pulumi_openstack as openstack

project1 = openstack.identity.get_project(name="demo")
Parameters

  • domain_id (str) – The domain this project belongs to.

  • enabled (bool) – Whether the project is enabled or disabled. Valid values are true and false.

  • is_domain (bool) – Whether this project is a domain. Valid values are true and false.

  • name (str) – The name of the project.

  • parent_id (str) – The parent of this project.

  • region (str) – The region the project is located in.

pulumi_openstack.identity.get_role(domain_id=None, name=None, region=None, opts=None)

Use this data source to get the ID of an OpenStack role.

import pulumi
import pulumi_openstack as openstack

admin = openstack.identity.get_role(name="admin")
Parameters

  • domain_id (str) – The domain the role belongs to.

  • name (str) – The name of the role.

  • region (str) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

pulumi_openstack.identity.get_service(enabled=None, name=None, region=None, type=None, opts=None)

Use this data source to get the ID of an OpenStack service.

Note: This usually requires admin privileges.

import pulumi
import pulumi_openstack as openstack

service1 = openstack.identity.get_service(name="keystone")
Parameters

  • enabled (bool) – The service status.

  • name (str) – The service name.

  • region (str) – The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

  • type (str) – The service type.

pulumi_openstack.identity.get_user(domain_id=None, enabled=None, idp_id=None, name=None, password_expires_at=None, protocol_id=None, region=None, unique_id=None, opts=None)

Use this data source to get the ID of an OpenStack user.

import pulumi
import pulumi_openstack as openstack

user1 = openstack.identity.get_user(name="user_1")
Parameters

  • domain_id (str) – The domain this user belongs to.

  • enabled (bool) – Whether the user is enabled or disabled. Valid values are true and false.

  • idp_id (str) – The identity provider ID of the user.

  • name (str) – The name of the user.

  • password_expires_at (str) – Query for expired passwords. See the OpenStack API docs for more information on the query format.

  • protocol_id (str) – The protocol ID of the user.

  • region (str) – The region the user is located in.

  • unique_id (str) – The unique ID of the user.