1. Packages
  2. Openstack Provider
  3. API Docs
  4. identity
  5. ApplicationCredential
OpenStack v5.0.0 published on Friday, Sep 27, 2024 by Pulumi

openstack.identity.ApplicationCredential

Explore with Pulumi AI

openstack logo
OpenStack v5.0.0 published on Friday, Sep 27, 2024 by Pulumi

    Manages a V3 Application Credential resource within OpenStack Keystone.

    Note: All arguments including the application credential name and secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

    Note: An Application Credential is created within the authenticated user project scope and is not visible by an admin or other accounts. The Application Credential visibility is similar to openstack.compute.Keypair.

    Example Usage

    Predefined secret

    Application credential below will have only one swiftoperator role.

    import * as pulumi from "@pulumi/pulumi";
    import * as openstack from "@pulumi/openstack";
    
    const swift = new openstack.identity.ApplicationCredential("swift", {
        name: "swift",
        description: "Swift technical application credential",
        secret: "supersecret",
        roles: ["swiftoperator"],
        expiresAt: "2019-02-13T12:12:12Z",
    });
    
    import pulumi
    import pulumi_openstack as openstack
    
    swift = openstack.identity.ApplicationCredential("swift",
        name="swift",
        description="Swift technical application credential",
        secret="supersecret",
        roles=["swiftoperator"],
        expires_at="2019-02-13T12:12:12Z")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := identity.NewApplicationCredential(ctx, "swift", &identity.ApplicationCredentialArgs{
    			Name:        pulumi.String("swift"),
    			Description: pulumi.String("Swift technical application credential"),
    			Secret:      pulumi.String("supersecret"),
    			Roles: pulumi.StringArray{
    				pulumi.String("swiftoperator"),
    			},
    			ExpiresAt: pulumi.String("2019-02-13T12:12:12Z"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using OpenStack = Pulumi.OpenStack;
    
    return await Deployment.RunAsync(() => 
    {
        var swift = new OpenStack.Identity.ApplicationCredential("swift", new()
        {
            Name = "swift",
            Description = "Swift technical application credential",
            Secret = "supersecret",
            Roles = new[]
            {
                "swiftoperator",
            },
            ExpiresAt = "2019-02-13T12:12:12Z",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.openstack.identity.ApplicationCredential;
    import com.pulumi.openstack.identity.ApplicationCredentialArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var swift = new ApplicationCredential("swift", ApplicationCredentialArgs.builder()
                .name("swift")
                .description("Swift technical application credential")
                .secret("supersecret")
                .roles("swiftoperator")
                .expiresAt("2019-02-13T12:12:12Z")
                .build());
    
        }
    }
    
    resources:
      swift:
        type: openstack:identity:ApplicationCredential
        properties:
          name: swift
          description: Swift technical application credential
          secret: supersecret
          roles:
            - swiftoperator
          expiresAt: 2019-02-13T12:12:12Z
    

    Unrestricted with autogenerated secret and unlimited TTL

    Application credential below will inherit all the current user’s roles.

    !> WARNING: Restrictions on these Identity operations are deliberately imposed as a safeguard to prevent a compromised application credential from regenerating itself. Disabling this restriction poses an inherent added risk.

    import * as pulumi from "@pulumi/pulumi";
    import * as openstack from "@pulumi/openstack";
    
    const unrestricted = new openstack.identity.ApplicationCredential("unrestricted", {
        name: "unrestricted",
        description: "Unrestricted application credential",
        unrestricted: true,
    });
    export const applicationCredentialSecret = unrestricted.secret;
    
    import pulumi
    import pulumi_openstack as openstack
    
    unrestricted = openstack.identity.ApplicationCredential("unrestricted",
        name="unrestricted",
        description="Unrestricted application credential",
        unrestricted=True)
    pulumi.export("applicationCredentialSecret", unrestricted.secret)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		unrestricted, err := identity.NewApplicationCredential(ctx, "unrestricted", &identity.ApplicationCredentialArgs{
    			Name:         pulumi.String("unrestricted"),
    			Description:  pulumi.String("Unrestricted application credential"),
    			Unrestricted: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		ctx.Export("applicationCredentialSecret", unrestricted.Secret)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using OpenStack = Pulumi.OpenStack;
    
    return await Deployment.RunAsync(() => 
    {
        var unrestricted = new OpenStack.Identity.ApplicationCredential("unrestricted", new()
        {
            Name = "unrestricted",
            Description = "Unrestricted application credential",
            Unrestricted = true,
        });
    
        return new Dictionary<string, object?>
        {
            ["applicationCredentialSecret"] = unrestricted.Secret,
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.openstack.identity.ApplicationCredential;
    import com.pulumi.openstack.identity.ApplicationCredentialArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var unrestricted = new ApplicationCredential("unrestricted", ApplicationCredentialArgs.builder()
                .name("unrestricted")
                .description("Unrestricted application credential")
                .unrestricted(true)
                .build());
    
            ctx.export("applicationCredentialSecret", unrestricted.secret());
        }
    }
    
    resources:
      unrestricted:
        type: openstack:identity:ApplicationCredential
        properties:
          name: unrestricted
          description: Unrestricted application credential
          unrestricted: true
    outputs:
      applicationCredentialSecret: ${unrestricted.secret}
    

    Application credential with access rules

    Note: Application Credential access rules are supported only in Keystone starting from Train release.

    import * as pulumi from "@pulumi/pulumi";
    import * as openstack from "@pulumi/openstack";
    
    const monitoring = new openstack.identity.ApplicationCredential("monitoring", {
        name: "monitoring",
        expiresAt: "2019-02-13T12:12:12Z",
        accessRules: [
            {
                path: "/v2.0/metrics",
                service: "monitoring",
                method: "GET",
            },
            {
                path: "/v2.0/metrics",
                service: "monitoring",
                method: "PUT",
            },
        ],
    });
    
    import pulumi
    import pulumi_openstack as openstack
    
    monitoring = openstack.identity.ApplicationCredential("monitoring",
        name="monitoring",
        expires_at="2019-02-13T12:12:12Z",
        access_rules=[
            {
                "path": "/v2.0/metrics",
                "service": "monitoring",
                "method": "GET",
            },
            {
                "path": "/v2.0/metrics",
                "service": "monitoring",
                "method": "PUT",
            },
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/identity"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := identity.NewApplicationCredential(ctx, "monitoring", &identity.ApplicationCredentialArgs{
    			Name:      pulumi.String("monitoring"),
    			ExpiresAt: pulumi.String("2019-02-13T12:12:12Z"),
    			AccessRules: identity.ApplicationCredentialAccessRuleArray{
    				&identity.ApplicationCredentialAccessRuleArgs{
    					Path:    pulumi.String("/v2.0/metrics"),
    					Service: pulumi.String("monitoring"),
    					Method:  pulumi.String("GET"),
    				},
    				&identity.ApplicationCredentialAccessRuleArgs{
    					Path:    pulumi.String("/v2.0/metrics"),
    					Service: pulumi.String("monitoring"),
    					Method:  pulumi.String("PUT"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using OpenStack = Pulumi.OpenStack;
    
    return await Deployment.RunAsync(() => 
    {
        var monitoring = new OpenStack.Identity.ApplicationCredential("monitoring", new()
        {
            Name = "monitoring",
            ExpiresAt = "2019-02-13T12:12:12Z",
            AccessRules = new[]
            {
                new OpenStack.Identity.Inputs.ApplicationCredentialAccessRuleArgs
                {
                    Path = "/v2.0/metrics",
                    Service = "monitoring",
                    Method = "GET",
                },
                new OpenStack.Identity.Inputs.ApplicationCredentialAccessRuleArgs
                {
                    Path = "/v2.0/metrics",
                    Service = "monitoring",
                    Method = "PUT",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.openstack.identity.ApplicationCredential;
    import com.pulumi.openstack.identity.ApplicationCredentialArgs;
    import com.pulumi.openstack.identity.inputs.ApplicationCredentialAccessRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var monitoring = new ApplicationCredential("monitoring", ApplicationCredentialArgs.builder()
                .name("monitoring")
                .expiresAt("2019-02-13T12:12:12Z")
                .accessRules(            
                    ApplicationCredentialAccessRuleArgs.builder()
                        .path("/v2.0/metrics")
                        .service("monitoring")
                        .method("GET")
                        .build(),
                    ApplicationCredentialAccessRuleArgs.builder()
                        .path("/v2.0/metrics")
                        .service("monitoring")
                        .method("PUT")
                        .build())
                .build());
    
        }
    }
    
    resources:
      monitoring:
        type: openstack:identity:ApplicationCredential
        properties:
          name: monitoring
          expiresAt: 2019-02-13T12:12:12Z
          accessRules:
            - path: /v2.0/metrics
              service: monitoring
              method: GET
            - path: /v2.0/metrics
              service: monitoring
              method: PUT
    

    Create ApplicationCredential Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ApplicationCredential(name: string, args?: ApplicationCredentialArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationCredential(resource_name: str,
                              args: Optional[ApplicationCredentialArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def ApplicationCredential(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              access_rules: Optional[Sequence[ApplicationCredentialAccessRuleArgs]] = None,
                              description: Optional[str] = None,
                              expires_at: Optional[str] = None,
                              name: Optional[str] = None,
                              region: Optional[str] = None,
                              roles: Optional[Sequence[str]] = None,
                              secret: Optional[str] = None,
                              unrestricted: Optional[bool] = None)
    func NewApplicationCredential(ctx *Context, name string, args *ApplicationCredentialArgs, opts ...ResourceOption) (*ApplicationCredential, error)
    public ApplicationCredential(string name, ApplicationCredentialArgs? args = null, CustomResourceOptions? opts = null)
    public ApplicationCredential(String name, ApplicationCredentialArgs args)
    public ApplicationCredential(String name, ApplicationCredentialArgs args, CustomResourceOptions options)
    
    type: openstack:identity:ApplicationCredential
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ApplicationCredentialArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationCredentialArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationCredentialArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationCredentialArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationCredentialArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var applicationCredentialResource = new OpenStack.Identity.ApplicationCredential("applicationCredentialResource", new()
    {
        AccessRules = new[]
        {
            new OpenStack.Identity.Inputs.ApplicationCredentialAccessRuleArgs
            {
                Method = "string",
                Path = "string",
                Service = "string",
                Id = "string",
            },
        },
        Description = "string",
        ExpiresAt = "string",
        Name = "string",
        Region = "string",
        Roles = new[]
        {
            "string",
        },
        Secret = "string",
        Unrestricted = false,
    });
    
    example, err := identity.NewApplicationCredential(ctx, "applicationCredentialResource", &identity.ApplicationCredentialArgs{
    	AccessRules: identity.ApplicationCredentialAccessRuleArray{
    		&identity.ApplicationCredentialAccessRuleArgs{
    			Method:  pulumi.String("string"),
    			Path:    pulumi.String("string"),
    			Service: pulumi.String("string"),
    			Id:      pulumi.String("string"),
    		},
    	},
    	Description: pulumi.String("string"),
    	ExpiresAt:   pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Region:      pulumi.String("string"),
    	Roles: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Secret:       pulumi.String("string"),
    	Unrestricted: pulumi.Bool(false),
    })
    
    var applicationCredentialResource = new ApplicationCredential("applicationCredentialResource", ApplicationCredentialArgs.builder()
        .accessRules(ApplicationCredentialAccessRuleArgs.builder()
            .method("string")
            .path("string")
            .service("string")
            .id("string")
            .build())
        .description("string")
        .expiresAt("string")
        .name("string")
        .region("string")
        .roles("string")
        .secret("string")
        .unrestricted(false)
        .build());
    
    application_credential_resource = openstack.identity.ApplicationCredential("applicationCredentialResource",
        access_rules=[{
            "method": "string",
            "path": "string",
            "service": "string",
            "id": "string",
        }],
        description="string",
        expires_at="string",
        name="string",
        region="string",
        roles=["string"],
        secret="string",
        unrestricted=False)
    
    const applicationCredentialResource = new openstack.identity.ApplicationCredential("applicationCredentialResource", {
        accessRules: [{
            method: "string",
            path: "string",
            service: "string",
            id: "string",
        }],
        description: "string",
        expiresAt: "string",
        name: "string",
        region: "string",
        roles: ["string"],
        secret: "string",
        unrestricted: false,
    });
    
    type: openstack:identity:ApplicationCredential
    properties:
        accessRules:
            - id: string
              method: string
              path: string
              service: string
        description: string
        expiresAt: string
        name: string
        region: string
        roles:
            - string
        secret: string
        unrestricted: false
    

    ApplicationCredential Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ApplicationCredential resource accepts the following input properties:

    AccessRules List<Pulumi.OpenStack.Identity.Inputs.ApplicationCredentialAccessRule>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    Description string
    A description of the application credential. Changing this creates a new application credential.
    ExpiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    Name string
    A name of the application credential. Changing this creates a new application credential.
    Region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    Roles List<string>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    Secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    Unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    AccessRules []ApplicationCredentialAccessRuleArgs
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    Description string
    A description of the application credential. Changing this creates a new application credential.
    ExpiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    Name string
    A name of the application credential. Changing this creates a new application credential.
    Region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    Roles []string
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    Secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    Unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules List<ApplicationCredentialAccessRule>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description String
    A description of the application credential. Changing this creates a new application credential.
    expiresAt String
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name String
    A name of the application credential. Changing this creates a new application credential.
    region String
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles List<String>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret String
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted Boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules ApplicationCredentialAccessRule[]
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description string
    A description of the application credential. Changing this creates a new application credential.
    expiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name string
    A name of the application credential. Changing this creates a new application credential.
    region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles string[]
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    access_rules Sequence[ApplicationCredentialAccessRuleArgs]
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description str
    A description of the application credential. Changing this creates a new application credential.
    expires_at str
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name str
    A name of the application credential. Changing this creates a new application credential.
    region str
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles Sequence[str]
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret str
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules List<Property Map>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description String
    A description of the application credential. Changing this creates a new application credential.
    expiresAt String
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name String
    A name of the application credential. Changing this creates a new application credential.
    region String
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles List<String>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret String
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted Boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationCredential resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ProjectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    Id string
    The provider-assigned unique ID for this managed resource.
    ProjectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    id String
    The provider-assigned unique ID for this managed resource.
    projectId String
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    id string
    The provider-assigned unique ID for this managed resource.
    projectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    id str
    The provider-assigned unique ID for this managed resource.
    project_id str
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    id String
    The provider-assigned unique ID for this managed resource.
    projectId String
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.

    Look up Existing ApplicationCredential Resource

    Get an existing ApplicationCredential resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationCredentialState, opts?: CustomResourceOptions): ApplicationCredential
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_rules: Optional[Sequence[ApplicationCredentialAccessRuleArgs]] = None,
            description: Optional[str] = None,
            expires_at: Optional[str] = None,
            name: Optional[str] = None,
            project_id: Optional[str] = None,
            region: Optional[str] = None,
            roles: Optional[Sequence[str]] = None,
            secret: Optional[str] = None,
            unrestricted: Optional[bool] = None) -> ApplicationCredential
    func GetApplicationCredential(ctx *Context, name string, id IDInput, state *ApplicationCredentialState, opts ...ResourceOption) (*ApplicationCredential, error)
    public static ApplicationCredential Get(string name, Input<string> id, ApplicationCredentialState? state, CustomResourceOptions? opts = null)
    public static ApplicationCredential get(String name, Output<String> id, ApplicationCredentialState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessRules List<Pulumi.OpenStack.Identity.Inputs.ApplicationCredentialAccessRule>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    Description string
    A description of the application credential. Changing this creates a new application credential.
    ExpiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    Name string
    A name of the application credential. Changing this creates a new application credential.
    ProjectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    Region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    Roles List<string>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    Secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    Unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    AccessRules []ApplicationCredentialAccessRuleArgs
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    Description string
    A description of the application credential. Changing this creates a new application credential.
    ExpiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    Name string
    A name of the application credential. Changing this creates a new application credential.
    ProjectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    Region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    Roles []string
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    Secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    Unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules List<ApplicationCredentialAccessRule>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description String
    A description of the application credential. Changing this creates a new application credential.
    expiresAt String
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name String
    A name of the application credential. Changing this creates a new application credential.
    projectId String
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    region String
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles List<String>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret String
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted Boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules ApplicationCredentialAccessRule[]
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description string
    A description of the application credential. Changing this creates a new application credential.
    expiresAt string
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name string
    A name of the application credential. Changing this creates a new application credential.
    projectId string
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    region string
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles string[]
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret string
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    access_rules Sequence[ApplicationCredentialAccessRuleArgs]
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description str
    A description of the application credential. Changing this creates a new application credential.
    expires_at str
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name str
    A name of the application credential. Changing this creates a new application credential.
    project_id str
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    region str
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles Sequence[str]
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret str
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted bool
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.
    accessRules List<Property Map>
    A collection of one or more access rules, which this application credential allows to follow. The structure is described below. Changing this creates a new application credential.
    description String
    A description of the application credential. Changing this creates a new application credential.
    expiresAt String
    The expiration time of the application credential in the RFC3339 timestamp format (e.g. 2019-03-09T12:58:49Z). If omitted, an application credential will never expire. Changing this creates a new application credential.
    name String
    A name of the application credential. Changing this creates a new application credential.
    projectId String
    The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.
    region String
    The region in which to obtain the V3 Keystone client. If omitted, the region argument of the provider is used. Changing this creates a new application credential.
    roles List<String>
    A collection of one or more role names, which this application credential has to be associated with its project. If omitted, all the current user's roles within the scoped project will be inherited by a new application credential. Changing this creates a new application credential.
    secret String
    The secret for the application credential. If omitted, it will be generated by the server. Changing this creates a new application credential.
    unrestricted Boolean
    A flag indicating whether the application credential may be used for creation or destruction of other application credentials or trusts. Changing this creates a new application credential.

    Supporting Types

    ApplicationCredentialAccessRule, ApplicationCredentialAccessRuleArgs

    Method string
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    Path string
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    Service string
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    Id string
    The ID of the existing access rule. The access rule ID of another application credential can be provided.
    Method string
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    Path string
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    Service string
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    Id string
    The ID of the existing access rule. The access rule ID of another application credential can be provided.
    method String
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    path String
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    service String
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    id String
    The ID of the existing access rule. The access rule ID of another application credential can be provided.
    method string
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    path string
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    service string
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    id string
    The ID of the existing access rule. The access rule ID of another application credential can be provided.
    method str
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    path str
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    service str
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    id str
    The ID of the existing access rule. The access rule ID of another application credential can be provided.
    method String
    The request method that the application credential is permitted to use for a given API endpoint. Allowed values: POST, GET, HEAD, PATCH, PUT and DELETE.
    path String
    The API path that the application credential is permitted to access. May use named wildcards such as {tag} or the unnamed wildcard * to match against any string in the path up to a /, or the recursive wildcard ** to include / in the matched path.
    service String
    The service type identifier for the service that the application credential is granted to access. Must be a service type that is listed in the service catalog and not a code name for a service. E.g. identity, compute, volumev3, image, network, object-store, sharev2, dns, key-manager, monitoring, etc.
    id String
    The ID of the existing access rule. The access rule ID of another application credential can be provided.

    Import

    Application Credentials can be imported using the id, e.g.

    $ pulumi import openstack:identity/applicationCredential:ApplicationCredential application_credential_1 c17304b7-0953-4738-abb0-67005882b0a0
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    OpenStack pulumi/pulumi-openstack
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the openstack Terraform Provider.
    openstack logo
    OpenStack v5.0.0 published on Friday, Sep 27, 2024 by Pulumi