openstack_networking_rbac_policy_v2
These instructions are a copy of the official OpenStack Terraform provider documentation in the Terraform Registry.
The RBAC policy resource contains functionality for working with Neutron RBACPolicies. The Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.
Sharing an object with a specific project is accomplished by creating apolicy entry that permits the target project the access_as_shared
actionon that object.
To make a network available as an external network for specific projectsrather than all projects, use the access_as_external
action.If a network is marked as external during creation, it now implicitly createsa wildcard RBAC policy granting everyone access to preserve previous behaviorbefore this feature was added.
Example Usage
resource "openstack_networking_network_v2" "network_1" {
name = "network_1"
admin_state_up = "true"
}
resource "openstack_networking_rbac_policy_v2" "rbac_policy_1" {
action = "access_as_shared"
object_id = openstack_networking_network_v2.network_1.id
object_type = "network"
target_tenant = "20415a973c9e45d3917f078950644697"
}
Argument Reference
The following arguments are supported:
-
region
— (Optional) The region in which to obtain the V2 networking client.A networking client is needed to configure a routing entry on a subnet. If omitted, theregion
argument of the provider is used. Changing this creates a newrouting entry. -
action
— (Required) Action for the RBAC policy. Can either beaccess_as_external
oraccess_as_shared
. -
object_id
— (Required) The ID of theobject_type
resource. Anobject_type
ofnetwork
returns a network ID and anobject_type
ofqos_policy
returns a QoS ID. -
object_type
— (Required) The type of the object that the RBAC policyaffects. Can be one of the following:address_scope
,address_group
,network
,qos_policy
,security_group
orsubnetpool
. -
target_tenant
— (Required) The ID of the tenant to which the RBAC policywill be enforced.
Attributes Reference
The following attributes are exported:
region
— See Argument Reference above.action
— See Argument Reference above.object_id
— See Argument Reference above.object_type
— See Argument Reference above.target_tenant
— See Argument Reference above.tenant_id
— The owner of the RBAC policy.
Notes
Import
RBAC policies can be imported using the id
, e.g.
$ terraform import openstack_networking_rbac_policy_v2.rbac_policy_1 eae26a3e-1c33-4cc1-9c31-0cd729c438a1