Docs Home
Packages
OpenStack v4.1.3 published on Wednesday, Aug 21, 2024 by Pulumi
openstack.networking.RbacPolicyV2
Explore with Pulumi AI
The RBAC policy resource contains functionality for working with Neutron RBAC Policies. Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.
Sharing an object with a specific project is accomplished by creating a
policy entry that permits the target project the access_as_shared action
on that object.
To make a network available as an external network for specific projects
rather than all projects, use the access_as_external action.
If a network is marked as external during creation, it now implicitly creates
a wildcard RBAC policy granting everyone access to preserve previous behavior
before this feature was added.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const network1 = new openstack.networking.Network("network_1", {
name: "network_1",
adminStateUp: true,
});
const rbacPolicy1 = new openstack.networking.RbacPolicyV2("rbac_policy_1", {
action: "access_as_shared",
objectId: network1.id,
objectType: "network",
targetTenant: "20415a973c9e45d3917f078950644697",
});
import pulumi
import pulumi_openstack as openstack
network1 = openstack.networking.Network("network_1",
name="network_1",
admin_state_up=True)
rbac_policy1 = openstack.networking.RbacPolicyV2("rbac_policy_1",
action="access_as_shared",
object_id=network1.id,
object_type="network",
target_tenant="20415a973c9e45d3917f078950644697")
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v4/go/openstack/networking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
network1, err := networking.NewNetwork(ctx, "network_1", &networking.NetworkArgs{
Name: pulumi.String("network_1"),
AdminStateUp: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = networking.NewRbacPolicyV2(ctx, "rbac_policy_1", &networking.RbacPolicyV2Args{
Action: pulumi.String("access_as_shared"),
ObjectId: network1.ID(),
ObjectType: pulumi.String("network"),
TargetTenant: pulumi.String("20415a973c9e45d3917f078950644697"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var network1 = new OpenStack.Networking.Network("network_1", new()
{
Name = "network_1",
AdminStateUp = true,
});
var rbacPolicy1 = new OpenStack.Networking.RbacPolicyV2("rbac_policy_1", new()
{
Action = "access_as_shared",
ObjectId = network1.Id,
ObjectType = "network",
TargetTenant = "20415a973c9e45d3917f078950644697",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.networking.Network;
import com.pulumi.openstack.networking.NetworkArgs;
import com.pulumi.openstack.networking.RbacPolicyV2;
import com.pulumi.openstack.networking.RbacPolicyV2Args;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var network1 = new Network("network1", NetworkArgs.builder()
.name("network_1")
.adminStateUp("true")
.build());
var rbacPolicy1 = new RbacPolicyV2("rbacPolicy1", RbacPolicyV2Args.builder()
.action("access_as_shared")
.objectId(network1.id())
.objectType("network")
.targetTenant("20415a973c9e45d3917f078950644697")
.build());
}
}
resources:
network1:
type: openstack:networking:Network
name: network_1
properties:
name: network_1
adminStateUp: 'true'
rbacPolicy1:
type: openstack:networking:RbacPolicyV2
name: rbac_policy_1
properties:
action: access_as_shared
objectId: ${network1.id}
objectType: network
targetTenant: 20415a973c9e45d3917f078950644697
Create RbacPolicyV2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RbacPolicyV2(name: string, args: RbacPolicyV2Args, opts?: CustomResourceOptions);@overload
def RbacPolicyV2(resource_name: str,
args: RbacPolicyV2Args,
opts: Optional[ResourceOptions] = None)
@overload
def RbacPolicyV2(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
object_id: Optional[str] = None,
object_type: Optional[str] = None,
target_tenant: Optional[str] = None,
region: Optional[str] = None)func NewRbacPolicyV2(ctx *Context, name string, args RbacPolicyV2Args, opts ...ResourceOption) (*RbacPolicyV2, error)public RbacPolicyV2(string name, RbacPolicyV2Args args, CustomResourceOptions? opts = null)
public RbacPolicyV2(String name, RbacPolicyV2Args args)
public RbacPolicyV2(String name, RbacPolicyV2Args args, CustomResourceOptions options)
type: openstack:networking:RbacPolicyV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RbacPolicyV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RbacPolicyV2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RbacPolicyV2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RbacPolicyV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RbacPolicyV2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var rbacPolicyV2Resource = new OpenStack.Networking.RbacPolicyV2("rbacPolicyV2Resource", new()
{
Action = "string",
ObjectId = "string",
ObjectType = "string",
TargetTenant = "string",
Region = "string",
});
example, err := networking.NewRbacPolicyV2(ctx, "rbacPolicyV2Resource", &networking.RbacPolicyV2Args{
Action: pulumi.String("string"),
ObjectId: pulumi.String("string"),
ObjectType: pulumi.String("string"),
TargetTenant: pulumi.String("string"),
Region: pulumi.String("string"),
})
var rbacPolicyV2Resource = new RbacPolicyV2("rbacPolicyV2Resource", RbacPolicyV2Args.builder()
.action("string")
.objectId("string")
.objectType("string")
.targetTenant("string")
.region("string")
.build());
rbac_policy_v2_resource = openstack.networking.RbacPolicyV2("rbacPolicyV2Resource",
action="string",
object_id="string",
object_type="string",
target_tenant="string",
region="string")
const rbacPolicyV2Resource = new openstack.networking.RbacPolicyV2("rbacPolicyV2Resource", {
action: "string",
objectId: "string",
objectType: "string",
targetTenant: "string",
region: "string",
});
type: openstack:networking:RbacPolicyV2
properties:
action: string
objectId: string
objectType: string
region: string
targetTenant: string
RbacPolicyV2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RbacPolicyV2 resource accepts the following input properties:
- Action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - Object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - Object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - Target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
- Action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - Object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - Object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - Target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
- action String
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id String - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type String - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - target
Tenant String - The ID of the tenant to which the RBAC policy will be enforced.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
- action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
- action str
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object_
id str - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object_
type str - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - target_
tenant str - The ID of the tenant to which the RBAC policy will be enforced.
- region str
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
- action String
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id String - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type String - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - target
Tenant String - The ID of the tenant to which the RBAC policy will be enforced.
- region String
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry.
Outputs
All input properties are implicitly available as output properties. Additionally, the RbacPolicyV2 resource produces the following output properties:
- id str
- The provider-assigned unique ID for this managed resource.
- project_
id str
Look up Existing RbacPolicyV2 Resource
Get an existing RbacPolicyV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RbacPolicyV2State, opts?: CustomResourceOptions): RbacPolicyV2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
object_id: Optional[str] = None,
object_type: Optional[str] = None,
project_id: Optional[str] = None,
region: Optional[str] = None,
target_tenant: Optional[str] = None) -> RbacPolicyV2func GetRbacPolicyV2(ctx *Context, name string, id IDInput, state *RbacPolicyV2State, opts ...ResourceOption) (*RbacPolicyV2, error)public static RbacPolicyV2 Get(string name, Input<string> id, RbacPolicyV2State? state, CustomResourceOptions? opts = null)public static RbacPolicyV2 get(String name, Output<String> id, RbacPolicyV2State state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - Object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - Object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - Project
Id string - Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - Target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- Action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - Object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - Object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - Project
Id string - Region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - Target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- action String
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id String - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type String - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - project
Id String - region String
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - target
Tenant String - The ID of the tenant to which the RBAC policy will be enforced.
- action string
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id string - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type string - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - project
Id string - region string
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - target
Tenant string - The ID of the tenant to which the RBAC policy will be enforced.
- action str
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object_
id str - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object_
type str - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - project_
id str - region str
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - target_
tenant str - The ID of the tenant to which the RBAC policy will be enforced.
- action String
- Action for the RBAC policy. Can either be
access_as_externaloraccess_as_shared. - object
Id String - The ID of the
object_typeresource. Anobject_typeofnetworkreturns a network ID and anobject_typeofqos_policyreturns a QoS ID. - object
Type String - The type of the object that the RBAC policy
affects. Can be one of the following:
address_scope,address_group,network,qos_policy,security_group,subnetpoolorbgpvpn. - project
Id String - region String
- The region in which to obtain the V2 networking client.
A networking client is needed to configure a routing entry on a subnet. If omitted, the
regionargument of the provider is used. Changing this creates a new routing entry. - target
Tenant String - The ID of the tenant to which the RBAC policy will be enforced.
Import
RBAC policies can be imported using the id, e.g.
$ pulumi import openstack:networking/rbacPolicyV2:RbacPolicyV2 rbac_policy_1 eae26a3e-1c33-4cc1-9c31-0cd729c438a1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- OpenStack pulumi/pulumi-openstack
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
openstackTerraform Provider.