selectel_iam_serviceuser_v1
This instruction is a copy of the Selectel Terraform provider's documentation in the Terraform Registry.
Creates and manages a service user using public API v1. Selectel products support Identity and Access Management (IAM). For more information about service users, see the official Selectel documentation.
The selectel_iam_serviceuser_v1 resource replaces the deprecated selectel_vpc_user_v2 and selectel_vpc_role_v2 resources. For additional information, see the Upgrading Terraform Selectel Provider to version 5.0.0.0 guide.
Only users with the User administrator role can manage other users.
The password of the service user is stored as raw data in a plain-text file. Learn more about sensitive data in state.
Example Usage
resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
name = "username"
password = "password"
role {
role_name = "member"
scope = "account"
}
role {
role_name = "iam_admin"
scope = "account"
}
}
Argument Reference
-
name
— (Required) Name of the service user. -
password
— (Required, Sensitive) Password of the service user. -
role
— (Optional) Manages service user roles. You can add multiple roles — each role in a separate block. For more information about roles, see the Roles section.-
role_name
— (Required) Role name. Available role names areiam_admin
,member
,reader
,billing
,object_storage:admin
andobject_storage_user
. -
scope
— (Required) Scope of the role. Available scopes areaccount
andproject
. Ifscope
isproject
theproject_id
argument is required. -
project_id
— (Optional) Unique identifier of the associated project. Changing this creates a new service user. Ifscope
isproject
theproject_id
argument is required. Retrieved from the selectel_vpc_project_v2 resource. Learn more about Projects.
-
-
enabled
— (Optional) Specifies if you can create a Keystone token for the service user. Boolean flag, the default value istrue
. Learn more about Keystone tokens.
Roles
To assign roles, use the following values for scope
and role_name
:
-
Account administrator —
scope
isaccount
,role_name
ismember
. -
Billing administrator —
scope
isaccount
,role_name
isbilling
. -
User administrator —
scope
isaccount
,role_name
isiam_admin
. -
Project administrator —
scope
isproject
,role_name
ismember
. -
Account viewer —
scope
isaccount
,role_name
isreader
. -
Project viewer —
scope
isproject
,role_name
isreader
. -
Object storage admin —
scope
isproject
,role_name
isobject_storage:admin
. -
Object storage user —
scope
isproject
,role_name
isobject_storage_user
.
Import
You can import a service user:
export OS_DOMAIN_NAME=<account_id>
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
terraform import selectel_iam_serviceuser_v1.serviceuser_1 <user_id>
where:
-
<account_id>
— Selectel account ID. The account ID is in the top right corner of the Control panel. Learn more about Registration. -
<username>
— Name of the service user. To get the name, in the Control panel, go to Identity & Access Management ⟶ User management ⟶ the Service users tab ⟶ copy the name of the required user. Learn more about Service Users. -
<password>
— Password of the service user. -
<user_id>
— Unique identifier of the service user to import, for example,abc1bb378ac84e1234b869b77aadd2ab
. To get the ID, in the Control panel, go to Identity & Access Management ⟶ User management ⟶ the Service users tab ⟶ copy the ID under the user name.