Module identity

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-openstack repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-openstack repo.

Resources

Data Sources

Others

Resources

Resource ApplicationCredential

class ApplicationCredential extends CustomResource

Manages a V3 Application Credential resource within OpenStack Keystone.

Note: All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Note: An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to openstack.compute.Keypair.

Example Usage

Predefined secret

Application credential below will have only one swiftoperator role.

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const swift = new openstack.identity.ApplicationCredential("swift", {
    description: "Swift technical application credential",
    expiresAt: "2019-02-13T12:12:12Z",
    roles: ["swiftoperator"],
    secret: "supersecret",
});
Unrestricted with autogenerated secret and unlimited TTL

Application credential below will inherit all the current user’s roles.

!> WARNING: Restrictions on these Identity operations are deliberately imposed as a safeguard to prevent a compromised application credential from regenerating itself. Disabling this restriction poses an inherent added risk.

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const unrestricted = new openstack.identity.ApplicationCredential("unrestricted", {
    description: "Unrestricted application credential",
    unrestricted: true,
});

export const applicationCredentialSecret = unrestricted.secret;

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_application_credential_v3.html.markdown.

constructor

new ApplicationCredential(name: string, args?: ApplicationCredentialArgs, opts?: pulumi.CustomResourceOptions)

Create a ApplicationCredential resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ApplicationCredentialState, opts?: pulumi.CustomResourceOptions): ApplicationCredential

Get an existing ApplicationCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ApplicationCredential. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A description of the application credential. Changing this creates a new application credential.

property expiresAt

public expiresAt: pulumi.Output<string | undefined>;

The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A name of the application credential. Changing this creates a new application credential.

property projectId

public projectId: pulumi.Output<string>;

The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

property roles

public roles: pulumi.Output<string[]>;

A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

property secret

public secret: pulumi.Output<string>;

The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

property unrestricted

public unrestricted: pulumi.Output<boolean | undefined>;

A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource EndpointV3

class EndpointV3 extends CustomResource

Manages a V3 Endpoint resource within OpenStack Keystone.

Note: This usually requires admin privileges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const service1 = new openstack.identity.ServiceV3("service1", {
    type: "my-service-type",
});
const endpoint1 = new openstack.identity.EndpointV3("endpoint1", {
    endpointRegion: service1.region,
    serviceId: service1.id,
    url: "http://my-endpoint",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_endpoint_v3.html.markdown.

constructor

new EndpointV3(name: string, args: EndpointV3Args, opts?: pulumi.CustomResourceOptions)

Create a EndpointV3 resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EndpointV3State, opts?: pulumi.CustomResourceOptions): EndpointV3

Get an existing EndpointV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of EndpointV3. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property endpointRegion

public endpointRegion: pulumi.Output<string>;

The endpoint region. The region and endpointRegion can be different.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property interface

public interface: pulumi.Output<string | undefined>;

The endpoint interface. Valid values are public, internal and admin. Default value is public

property name

public name: pulumi.Output<string>;

The endpoint name.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property serviceId

public serviceId: pulumi.Output<string>;

The endpoint service ID.

property serviceName

public serviceName: pulumi.Output<string>;

The service name of the endpoint.

property serviceType

public serviceType: pulumi.Output<string>;

The service type of the endpoint.

property url

public url: pulumi.Output<string>;

The endpoint url.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Project

class Project extends CustomResource

Manages a V3 Project resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = new openstack.identity.Project("project1", {
    description: "A project",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_project_v3.html.markdown.

constructor

new Project(name: string, args?: ProjectArgs, opts?: pulumi.CustomResourceOptions)

Create a Project resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProjectState, opts?: pulumi.CustomResourceOptions): Project

Get an existing Project resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Project. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A description of the project.

property domainId

public domainId: pulumi.Output<string>;

The domain this project belongs to.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Whether the project is enabled or disabled. Valid values are true and false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property isDomain

public isDomain: pulumi.Output<boolean | undefined>;

Whether this project is a domain. Valid values are true and false.

property name

public name: pulumi.Output<string>;

The name of the project.

property parentId

public parentId: pulumi.Output<string>;

The parent of this project.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Role

class Role extends CustomResource

Manages a V3 Role resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const role1 = new openstack.identity.Role("role1", {});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_role_v3.html.markdown.

constructor

new Role(name: string, args?: RoleArgs, opts?: pulumi.CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): Role

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property domainId

public domainId: pulumi.Output<string>;

The domain the role belongs to.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the role.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RoleAssignment

class RoleAssignment extends CustomResource

Manages a V3 Role assignment within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = new openstack.identity.Project("project1", {});
const role1 = new openstack.identity.Role("role1", {});
const user1 = new openstack.identity.User("user1", {
    defaultProjectId: project1.id,
});
const roleAssignment1 = new openstack.identity.RoleAssignment("roleAssignment1", {
    projectId: project1.id,
    roleId: role1.id,
    userId: user1.id,
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_role_assignment_v3.html.markdown.

constructor

new RoleAssignment(name: string, args: RoleAssignmentArgs, opts?: pulumi.CustomResourceOptions)

Create a RoleAssignment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleAssignmentState, opts?: pulumi.CustomResourceOptions): RoleAssignment

Get an existing RoleAssignment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RoleAssignment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property domainId

public domainId: pulumi.Output<string | undefined>;

The domain to assign the role in.

property groupId

public groupId: pulumi.Output<string | undefined>;

The group to assign the role to.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property projectId

public projectId: pulumi.Output<string | undefined>;

The project to assign the role in.

property region

public region: pulumi.Output<string>;

property roleId

public roleId: pulumi.Output<string>;

The role to assign.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userId

public userId: pulumi.Output<string | undefined>;

The user to assign the role to.

Resource ServiceV3

class ServiceV3 extends CustomResource

Manages a V3 Service resource within OpenStack Keystone.

Note: This usually requires admin privileges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const service1 = new openstack.identity.ServiceV3("service1", {
    type: "custom",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_service_v3.html.markdown.

constructor

new ServiceV3(name: string, args: ServiceV3Args, opts?: pulumi.CustomResourceOptions)

Create a ServiceV3 resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceV3State, opts?: pulumi.CustomResourceOptions): ServiceV3

Get an existing ServiceV3 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ServiceV3. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The service description.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

The service status. Defaults to true.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The service name.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property type

public type: pulumi.Output<string>;

The service type.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource User

class User extends CustomResource

Manages a V3 User resource within OpenStack Keystone.

Note: You must have admin privileges in your OpenStack cloud to use this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = new openstack.identity.Project("project1", {});
const user1 = new openstack.identity.User("user1", {
    defaultProjectId: project1.id,
    description: "A user",
    extra: {
        email: "user_1@foobar.com",
    },
    ignoreChangePasswordUponFirstUse: true,
    multiFactorAuthEnabled: true,
    multiFactorAuthRules: [
        {
            rules: [
                "password",
                "totp",
            ],
        },
        {
            rules: ["password"],
        },
    ],
    password: "password123",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/r/identity_user_v3.html.markdown.

constructor

new User(name: string, args?: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property defaultProjectId

public defaultProjectId: pulumi.Output<string>;

The default project this user belongs to.

property description

public description: pulumi.Output<string | undefined>;

A description of the user.

property domainId

public domainId: pulumi.Output<string>;

The domain this user belongs to.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Whether the user is enabled or disabled. Valid values are true and false.

property extra

public extra: pulumi.Output<{[key: string]: any} | undefined>;

Free-form key/value pairs of extra information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ignoreChangePasswordUponFirstUse

public ignoreChangePasswordUponFirstUse: pulumi.Output<boolean | undefined>;

User will not have to change their password upon first use. Valid values are true and false.

property ignoreLockoutFailureAttempts

public ignoreLockoutFailureAttempts: pulumi.Output<boolean | undefined>;

User will not have a failure lockout placed on their account. Valid values are true and false.

property ignorePasswordExpiry

public ignorePasswordExpiry: pulumi.Output<boolean | undefined>;

User’s password will not expire. Valid values are true and false.

property multiFactorAuthEnabled

public multiFactorAuthEnabled: pulumi.Output<boolean | undefined>;

Whether to enable multi-factor authentication. Valid values are true and false.

property multiFactorAuthRules

public multiFactorAuthRules: pulumi.Output<outputs.identity.UserMultiFactorAuthRule[] | undefined>;

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

property name

public name: pulumi.Output<string>;

The name of the user.

property password

public password: pulumi.Output<string | undefined>;

The password for the user.

property region

public region: pulumi.Output<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Data Sources

Data Source getAuthScope

getAuthScope(args: GetAuthScopeArgs, opts?: pulumi.InvokeOptions): Promise<GetAuthScopeResult> & GetAuthScopeResult

Use this data source to get authentication information about the current auth scope in use. This can be used as self-discovery or introspection of the username or project name currently in use.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const scope = openstack.identity.getAuthScope({
    name: "myScope",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_auth_scope_v3.html.markdown.

Data Source getEndpoint

getEndpoint(args?: GetEndpointArgs, opts?: pulumi.InvokeOptions): Promise<GetEndpointResult> & GetEndpointResult

Use this data source to get the ID of an OpenStack endpoint.

Note: This usually requires admin privileges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const endpoint1 = openstack.identity.getEndpoint({
    serviceName: "demo",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_endpoint_v3.html.markdown.

Data Source getGroup

getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult> & GetGroupResult

Use this data source to get the ID of an OpenStack group.

Note: This usually requires admin privileges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const admins = openstack.identity.getGroup({
    name: "admins",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_group_v3.html.markdown.

Data Source getProject

getProject(args?: GetProjectArgs, opts?: pulumi.InvokeOptions): Promise<GetProjectResult> & GetProjectResult

Use this data source to get the ID of an OpenStack project.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const project1 = openstack.identity.getProject({
    name: "demo",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_project_v3.html.markdown.

Data Source getRole

getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleResult> & GetRoleResult

Use this data source to get the ID of an OpenStack role.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const admin = openstack.identity.getRole({
    name: "admin",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_role_v3.html.markdown.

Data Source getService

getService(args?: GetServiceArgs, opts?: pulumi.InvokeOptions): Promise<GetServiceResult> & GetServiceResult

Use this data source to get the ID of an OpenStack service.

Note: This usually requires admin privileges.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const service1 = openstack.identity.getService({
    name: "keystone",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_service_v3.html.markdown.

Data Source getUser

getUser(args?: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult> & GetUserResult

Use this data source to get the ID of an OpenStack user.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";

const user1 = openstack.identity.getUser({
    name: "user1",
});

This content is derived from https://github.com/terraform-providers/terraform-provider-openstack/blob/master/website/docs/d/identity_user_v3.html.markdown.

Others

interface ApplicationCredentialArgs

interface ApplicationCredentialArgs

The set of arguments for constructing a ApplicationCredential resource.

property description

description?: pulumi.Input<string>;

A description of the application credential. Changing this creates a new application credential.

property expiresAt

expiresAt?: pulumi.Input<string>;

The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

property name

name?: pulumi.Input<string>;

A name of the application credential. Changing this creates a new application credential.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

property roles

roles?: pulumi.Input<pulumi.Input<string>[]>;

A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

property secret

secret?: pulumi.Input<string>;

The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

property unrestricted

unrestricted?: pulumi.Input<boolean>;

A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

interface ApplicationCredentialState

interface ApplicationCredentialState

Input properties used for looking up and filtering ApplicationCredential resources.

property description

description?: pulumi.Input<string>;

A description of the application credential. Changing this creates a new application credential.

property expiresAt

expiresAt?: pulumi.Input<string>;

The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.

property name

name?: pulumi.Input<string>;

A name of the application credential. Changing this creates a new application credential.

property projectId

projectId?: pulumi.Input<string>;

The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.

property roles

roles?: pulumi.Input<pulumi.Input<string>[]>;

A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user’s roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.

property secret

secret?: pulumi.Input<string>;

The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.

property unrestricted

unrestricted?: pulumi.Input<boolean>;

A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

interface EndpointV3Args

interface EndpointV3Args

The set of arguments for constructing a EndpointV3 resource.

property endpointRegion

endpointRegion: pulumi.Input<string>;

The endpoint region. The region and endpointRegion can be different.

property interface

interface?: pulumi.Input<string>;

The endpoint interface. Valid values are public, internal and admin. Default value is public

property name

name?: pulumi.Input<string>;

The endpoint name.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property serviceId

serviceId: pulumi.Input<string>;

The endpoint service ID.

property url

url: pulumi.Input<string>;

The endpoint url.

interface EndpointV3State

interface EndpointV3State

Input properties used for looking up and filtering EndpointV3 resources.

property endpointRegion

endpointRegion?: pulumi.Input<string>;

The endpoint region. The region and endpointRegion can be different.

property interface

interface?: pulumi.Input<string>;

The endpoint interface. Valid values are public, internal and admin. Default value is public

property name

name?: pulumi.Input<string>;

The endpoint name.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property serviceId

serviceId?: pulumi.Input<string>;

The endpoint service ID.

property serviceName

serviceName?: pulumi.Input<string>;

The service name of the endpoint.

property serviceType

serviceType?: pulumi.Input<string>;

The service type of the endpoint.

property url

url?: pulumi.Input<string>;

The endpoint url.

interface GetAuthScopeArgs

interface GetAuthScopeArgs

A collection of arguments for invoking getAuthScope.

property name

name: string;

The name of the scope. This is an arbitrary name which is only used as a unique identifier so an actual token isn’t used as the ID.

property region

region?: undefined | string;

The region in which to obtain the V3 Identity client. A Identity client is needed to retrieve tokens IDs. If omitted, the region argument of the provider is used.

interface GetAuthScopeResult

interface GetAuthScopeResult

A collection of values returned by getAuthScope.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

property projectDomainId

projectDomainId: string;

The domain ID of the project.

property projectDomainName

projectDomainName: string;

The domain name of the project.

property projectId

projectId: string;

The project ID of the scope.

property projectName

projectName: string;

The project name of the scope.

property region

region: string;

property roles

roles: outputs.identity.GetAuthScopeRole[];

A list of roles in the current scope. See reference below.

property userDomainId

userDomainId: string;

The domain ID of the user.

property userDomainName

userDomainName: string;

The domain name of the user.

property userId

userId: string;

The user ID the of the scope.

property userName

userName: string;

The username of the scope.

interface GetEndpointArgs

interface GetEndpointArgs

A collection of arguments for invoking getEndpoint.

property endpointRegion

endpointRegion?: undefined | string;

The region the endpoint is assigned to. The region and endpointRegion can be different.

property interface

interface?: undefined | string;

The endpoint interface. Valid values are public, internal, and admin. Default value is public

property name

name?: undefined | string;

The name of the endpoint.

property region

region?: undefined | string;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property serviceId

serviceId?: undefined | string;

The service id this endpoint belongs to.

property serviceName

serviceName?: undefined | string;

The service name of the endpoint.

property serviceType

serviceType?: undefined | string;

The service type of the endpoint.

interface GetEndpointResult

interface GetEndpointResult

A collection of values returned by getEndpoint.

property endpointRegion

endpointRegion?: undefined | string;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property interface

interface?: undefined | string;

See Argument Reference above.

property name

name?: undefined | string;

See Argument Reference above.

property region

region: string;

See Argument Reference above.

property serviceId

serviceId?: undefined | string;

See Argument Reference above.

property serviceName

serviceName?: undefined | string;

See Argument Reference above.

property serviceType

serviceType?: undefined | string;

See Argument Reference above.

property url

url: string;

The endpoint URL.

interface GetGroupArgs

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property domainId

domainId?: undefined | string;

The domain the group belongs to.

property name

name: string;

The name of the group.

property region

region?: undefined | string;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

interface GetGroupResult

interface GetGroupResult

A collection of values returned by getGroup.

property domainId

domainId: string;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

See Argument Reference above.

property region

region: string;

See Argument Reference above.

interface GetProjectArgs

interface GetProjectArgs

A collection of arguments for invoking getProject.

property domainId

domainId?: undefined | string;

The domain this project belongs to.

property enabled

enabled?: undefined | false | true;

Whether the project is enabled or disabled. Valid values are true and false.

property isDomain

isDomain?: undefined | false | true;

Whether this project is a domain. Valid values are true and false.

property name

name?: undefined | string;

The name of the project.

property parentId

parentId?: undefined | string;

The parent of this project.

property region

region?: undefined | string;

interface GetProjectResult

interface GetProjectResult

A collection of values returned by getProject.

property description

description: string;

The description of the project.

property domainId

domainId: string;

See Argument Reference above.

property enabled

enabled?: undefined | false | true;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property isDomain

isDomain?: undefined | false | true;

See Argument Reference above.

property name

name?: undefined | string;

See Argument Reference above.

property parentId

parentId?: undefined | string;

See Argument Reference above.

property region

region: string;

The region the project is located in.

interface GetRoleArgs

interface GetRoleArgs

A collection of arguments for invoking getRole.

property domainId

domainId?: undefined | string;

The domain the role belongs to.

property name

name: string;

The name of the role.

property region

region?: undefined | string;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

interface GetRoleResult

interface GetRoleResult

A collection of values returned by getRole.

property domainId

domainId: string;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

See Argument Reference above.

property region

region: string;

See Argument Reference above.

interface GetServiceArgs

interface GetServiceArgs

A collection of arguments for invoking getService.

property enabled

enabled?: undefined | false | true;

The service status.

property name

name?: undefined | string;

The service name.

property region

region?: undefined | string;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property type

type?: undefined | string;

The service type.

interface GetServiceResult

interface GetServiceResult

A collection of values returned by getService.

property description

description: string;

The service description.

property enabled

enabled?: undefined | false | true;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name?: undefined | string;

See Argument Reference above.

property region

region: string;

See Argument Reference above.

property type

type?: undefined | string;

See Argument Reference above.

interface GetUserArgs

interface GetUserArgs

A collection of arguments for invoking getUser.

property domainId

domainId?: undefined | string;

The domain this user belongs to.

property enabled

enabled?: undefined | false | true;

Whether the user is enabled or disabled. Valid values are true and false.

property idpId

idpId?: undefined | string;

The identity provider ID of the user.

property name

name?: undefined | string;

The name of the user.

property passwordExpiresAt

passwordExpiresAt?: undefined | string;

Query for expired passwords. See the OpenStack API docs for more information on the query format.

property protocolId

protocolId?: undefined | string;

The protocol ID of the user.

property region

region?: undefined | string;

property uniqueId

uniqueId?: undefined | string;

The unique ID of the user.

interface GetUserResult

interface GetUserResult

A collection of values returned by getUser.

property defaultProjectId

defaultProjectId: string;

See Argument Reference above.

property domainId

domainId: string;

See Argument Reference above.

property enabled

enabled?: undefined | false | true;

See Argument Reference above.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property idpId

idpId?: undefined | string;

See Argument Reference above.

property name

name?: undefined | string;

See Argument Reference above.

property passwordExpiresAt

passwordExpiresAt?: undefined | string;

See Argument Reference above.

property protocolId

protocolId?: undefined | string;

See Argument Reference above.

property region

region: string;

The region the user is located in.

property uniqueId

uniqueId?: undefined | string;

See Argument Reference above.

interface ProjectArgs

interface ProjectArgs

The set of arguments for constructing a Project resource.

property description

description?: pulumi.Input<string>;

A description of the project.

property domainId

domainId?: pulumi.Input<string>;

The domain this project belongs to.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the project is enabled or disabled. Valid values are true and false.

property isDomain

isDomain?: pulumi.Input<boolean>;

Whether this project is a domain. Valid values are true and false.

property name

name?: pulumi.Input<string>;

The name of the project.

property parentId

parentId?: pulumi.Input<string>;

The parent of this project.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

interface ProjectState

interface ProjectState

Input properties used for looking up and filtering Project resources.

property description

description?: pulumi.Input<string>;

A description of the project.

property domainId

domainId?: pulumi.Input<string>;

The domain this project belongs to.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the project is enabled or disabled. Valid values are true and false.

property isDomain

isDomain?: pulumi.Input<boolean>;

Whether this project is a domain. Valid values are true and false.

property name

name?: pulumi.Input<string>;

The name of the project.

property parentId

parentId?: pulumi.Input<string>;

The parent of this project.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

interface RoleArgs

interface RoleArgs

The set of arguments for constructing a Role resource.

property domainId

domainId?: pulumi.Input<string>;

The domain the role belongs to.

property name

name?: pulumi.Input<string>;

The name of the role.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

interface RoleAssignmentArgs

interface RoleAssignmentArgs

The set of arguments for constructing a RoleAssignment resource.

property domainId

domainId?: pulumi.Input<string>;

The domain to assign the role in.

property groupId

groupId?: pulumi.Input<string>;

The group to assign the role to.

property projectId

projectId?: pulumi.Input<string>;

The project to assign the role in.

property region

region?: pulumi.Input<string>;

property roleId

roleId: pulumi.Input<string>;

The role to assign.

property userId

userId?: pulumi.Input<string>;

The user to assign the role to.

interface RoleAssignmentState

interface RoleAssignmentState

Input properties used for looking up and filtering RoleAssignment resources.

property domainId

domainId?: pulumi.Input<string>;

The domain to assign the role in.

property groupId

groupId?: pulumi.Input<string>;

The group to assign the role to.

property projectId

projectId?: pulumi.Input<string>;

The project to assign the role in.

property region

region?: pulumi.Input<string>;

property roleId

roleId?: pulumi.Input<string>;

The role to assign.

property userId

userId?: pulumi.Input<string>;

The user to assign the role to.

interface RoleState

interface RoleState

Input properties used for looking up and filtering Role resources.

property domainId

domainId?: pulumi.Input<string>;

The domain the role belongs to.

property name

name?: pulumi.Input<string>;

The name of the role.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new Role.

interface ServiceV3Args

interface ServiceV3Args

The set of arguments for constructing a ServiceV3 resource.

property description

description?: pulumi.Input<string>;

The service description.

property enabled

enabled?: pulumi.Input<boolean>;

The service status. Defaults to true.

property name

name?: pulumi.Input<string>;

The service name.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property type

type: pulumi.Input<string>;

The service type.

interface ServiceV3State

interface ServiceV3State

Input properties used for looking up and filtering ServiceV3 resources.

property description

description?: pulumi.Input<string>;

The service description.

property enabled

enabled?: pulumi.Input<boolean>;

The service status. Defaults to true.

property name

name?: pulumi.Input<string>;

The service name.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used.

property type

type?: pulumi.Input<string>;

The service type.

interface UserArgs

interface UserArgs

The set of arguments for constructing a User resource.

property defaultProjectId

defaultProjectId?: pulumi.Input<string>;

The default project this user belongs to.

property description

description?: pulumi.Input<string>;

A description of the user.

property domainId

domainId?: pulumi.Input<string>;

The domain this user belongs to.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the user is enabled or disabled. Valid values are true and false.

property extra

extra?: pulumi.Input<{[key: string]: any}>;

Free-form key/value pairs of extra information.

property ignoreChangePasswordUponFirstUse

ignoreChangePasswordUponFirstUse?: pulumi.Input<boolean>;

User will not have to change their password upon first use. Valid values are true and false.

property ignoreLockoutFailureAttempts

ignoreLockoutFailureAttempts?: pulumi.Input<boolean>;

User will not have a failure lockout placed on their account. Valid values are true and false.

property ignorePasswordExpiry

ignorePasswordExpiry?: pulumi.Input<boolean>;

User’s password will not expire. Valid values are true and false.

property multiFactorAuthEnabled

multiFactorAuthEnabled?: pulumi.Input<boolean>;

Whether to enable multi-factor authentication. Valid values are true and false.

property multiFactorAuthRules

multiFactorAuthRules?: pulumi.Input<pulumi.Input<inputs.identity.UserMultiFactorAuthRule>[]>;

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

property name

name?: pulumi.Input<string>;

The name of the user.

property password

password?: pulumi.Input<string>;

The password for the user.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.

interface UserState

interface UserState

Input properties used for looking up and filtering User resources.

property defaultProjectId

defaultProjectId?: pulumi.Input<string>;

The default project this user belongs to.

property description

description?: pulumi.Input<string>;

A description of the user.

property domainId

domainId?: pulumi.Input<string>;

The domain this user belongs to.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the user is enabled or disabled. Valid values are true and false.

property extra

extra?: pulumi.Input<{[key: string]: any}>;

Free-form key/value pairs of extra information.

property ignoreChangePasswordUponFirstUse

ignoreChangePasswordUponFirstUse?: pulumi.Input<boolean>;

User will not have to change their password upon first use. Valid values are true and false.

property ignoreLockoutFailureAttempts

ignoreLockoutFailureAttempts?: pulumi.Input<boolean>;

User will not have a failure lockout placed on their account. Valid values are true and false.

property ignorePasswordExpiry

ignorePasswordExpiry?: pulumi.Input<boolean>;

User’s password will not expire. Valid values are true and false.

property multiFactorAuthEnabled

multiFactorAuthEnabled?: pulumi.Input<boolean>;

Whether to enable multi-factor authentication. Valid values are true and false.

property multiFactorAuthRules

multiFactorAuthRules?: pulumi.Input<pulumi.Input<inputs.identity.UserMultiFactorAuthRule>[]>;

A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.

property name

name?: pulumi.Input<string>;

The name of the user.

property password

password?: pulumi.Input<string>;

The password for the user.

property region

region?: pulumi.Input<string>;

The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new User.