Перейти к основному содержимому
selectel_iam_serviceuser_v1
Последнее изменение:

selectel_iam_serviceuser_v1

к сведению

Эта инструкция — копия документации Selectel Terraform-провайдера в Terraform Registry.

Creates and manages a service user using public API v1. Selectel products support Identity and Access Management (IAM). For more information about service users, see the official Selectel documentation.

The selectel_iam_serviceuser_v1 resource replaces the deprecated selectel_vpc_user_v2 and selectel_vpc_role_v2 resources. For additional information, see the Upgrading Terraform Selectel Provider to version 5.0.0 guide.

Only users with the User administrator role can manage other users.

к сведению

The password of the service user is stored as raw data in a plain-text file. Learn more about sensitive data in state.

Example Usage

resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
name = "username"
password = "password"
role {
role_name = "member"
scope = "account"
}
role {
role_name = "iam_admin"
scope = "account"
}
}

Argument Reference

  • name — (Required) Name of the service user.

  • password — (Required, Sensitive) Password of the service user.

  • role — (Optional) Manages service user roles. You can add multiple roles — each role in a separate block. For more information about roles, see the Roles section.

    • role_name — (Required) Role name. Available role names are iam_admin, member, reader, billing, object_storage:admin, and object_storage_user.

    • scope — (Required) Scope of the role. Available scopes are account and project. If scope is project, the project_id argument is required.

    • project_id — (Optional) Unique identifier of the associated project. Changing this creates a new service user. If scope is project, the project_id argument is required. Retrieved from the selectel_vpc_project_v2 resource. Learn more about Projects.

  • enabled — (Optional) Specifies if you can create a Keystone token for the service user. Boolean flag, the default value is true. Learn more about Keystone tokens.

Roles

To assign roles, use the following values for scope and role_name:

  • Account administrator — scope is account, role_name is member.

  • Billing administrator — scope is account, role_name is billing.

  • User administrator — scope is account, role_name is iam_admin.

  • Project administrator — scope is project, role_name is member.

  • Account viewer — scope is account, role_name is reader.

  • Project viewer — scope is project, role_name is reader.

  • Object storage admin — scope is project, role_name is object_storage:admin.

  • Object storage user — scope is project, role_name is object_storage_user.

Import

You can import a service user:

export OS_DOMAIN_NAME=<account_id>
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
terraform import selectel_iam_serviceuser_v1.serviceuser_1 <user_id>

where:

  • <account_id> — Selectel account ID. The account ID is in the top right corner of the Control panel. Learn more about Registration.

  • <username> — Name of the service user. To get the name, in the Control panel, go to Identity & Access ManagementUser management ⟶ the Service users tab ⟶ copy the name of the required user. Learn more about Service Users.

  • <password> — Password of the service user.

  • <user_id> — Unique identifier of the service user to import, for example, abc1bb378ac84e1234b869b77aadd2ab. To get the ID, in the Control panel, go to Identity & Access ManagementUser management ⟶ the Service users tab ⟶ copy the ID under the user name.