selectel_iam_serviceuser_v1
Creates and manages a service user using public API v1. Selectel products support Identity and Access Management (IAM). For more information about service users, see the official Selectel documentation.
The selectel_iam_serviceuser_v1 resource replaces the deprecated selectel_vpc_user_v2 and selectel_vpc_role_v2 resources. For additional information, see the Upgrading Terraform Selectel Provider to version 5.0.0 guide.
The password of the service user is stored as raw data in a plain-text file. Learn more about sensitive data in state.
Example Usage
resource "selectel_iam_serviceuser_v1" "serviceuser_1" {
name = "username"
password = "password"
role {
role_name = "member"
scope = "account"
}
role {
role_name = "iam_admin"
scope = "account"
}
}
Argument Reference
-
name
- (Required) Name of the service user. -
password
- (Required, Sensitive) Password of the service user. -
role
- (Optional) Manages service user roles. You can add multiple roles – each role in a separate block. For more information about roles, see the Roles section.-
role_name
- (Required) Role name. Available role names areiam_admin
,member
,reader
,billing
,object_storage:admin
, andobject_storage_user
. -
scope
- (Required) Scope of the role. Available scopes areaccount
andproject
. Ifscope
isproject
, theproject_id
argument is required. -
project_id
- (Optional) Unique identifier of the associated Cloud Platform project. Changing this creates a new service user. Ifscope
isproject
, theproject_id
argument is required. Retrieved from the selectel_vpc_project_v2 resource. Learn more about Cloud Platform projects.
-
-
enabled
- (Optional) Specifies if you can create a Cloud Platform Keystone token for the service user. Boolean flag, the default value istrue
. Learn more about Cloud Platform Keystone tokens.
Roles
To assign roles, use the following values for scope
and role_name
:
- Account administrator -
scope
isaccount
,role_name
ismember
. - Billing administrator -
scope
isaccount
,role_name
isbilling
. - User administrator -
scope
isaccount
,role_name
isiam_admin
. - Project administrator -
scope
isproject
,role_name
ismember
. - Account viewer -
scope
isaccount
,role_name
isreader
. - Project viewer -
scope
isproject
,role_name
isreader
. - Object storage admin -
scope
isproject
,role_name
isobject_storage:admin
. - Object storage user -
scope
isproject
,role_name
isobject_storage_user
.
Import
You can import a service user:
export OS_DOMAIN_NAME=<account_id>
export OS_USERNAME=<username>
export OS_PASSWORD=<password>
terraform import selectel_iam_serviceuser_v1.serviceuser_1 <user_id>
where:
-
<account_id>
— Selectel account ID. The account ID is in the top right corner of the Control panel. Learn more about Registration. -
<username>
— Name of the service user. To get the name, in the top right corner of the Control panel, go to the account menu ⟶ Profile and Settings ⟶ User management ⟶ the Service users tab ⟶ copy the name of the user. Learn more about Service Users. -
<password>
— Password of the service user. -
<user_id>
— Unique identifier of the service user to import, for example,abc1bb378ac84e1234b869b77aadd2ab
. To get the ID, in the top right corner of the Control panel, go to the account menu ⟶ Profile and Settings ⟶ User management ⟶ the Service users tab ⟶ copy the ID under the user name.