openstack.identity.User
Explore with Pulumi AI
Manages a V3 User resource within OpenStack Keystone.
Note: All arguments including the user password will be stored in the raw state as plain-text. Read more about sensitive data in state.
Note: You must have admin privileges in your OpenStack cloud to use this resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as openstack from "@pulumi/openstack";
const project1 = new openstack.identity.Project("project_1", {name: "project_1"});
const user1 = new openstack.identity.User("user_1", {
defaultProjectId: project1.id,
name: "user_1",
description: "A user",
password: "password123",
ignoreChangePasswordUponFirstUse: true,
multiFactorAuthEnabled: true,
multiFactorAuthRules: [
{
rules: [
"password",
"totp",
],
},
{
rules: ["password"],
},
],
extra: {
email: "user_1@foobar.com",
},
});
import pulumi
import pulumi_openstack as openstack
project1 = openstack.identity.Project("project_1", name="project_1")
user1 = openstack.identity.User("user_1",
default_project_id=project1.id,
name="user_1",
description="A user",
password="password123",
ignore_change_password_upon_first_use=True,
multi_factor_auth_enabled=True,
multi_factor_auth_rules=[
{
"rules": [
"password",
"totp",
],
},
{
"rules": ["password"],
},
],
extra={
"email": "user_1@foobar.com",
})
package main
import (
"github.com/pulumi/pulumi-openstack/sdk/v5/go/openstack/identity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project1, err := identity.NewProject(ctx, "project_1", &identity.ProjectArgs{
Name: pulumi.String("project_1"),
})
if err != nil {
return err
}
_, err = identity.NewUser(ctx, "user_1", &identity.UserArgs{
DefaultProjectId: project1.ID(),
Name: pulumi.String("user_1"),
Description: pulumi.String("A user"),
Password: pulumi.String("password123"),
IgnoreChangePasswordUponFirstUse: pulumi.Bool(true),
MultiFactorAuthEnabled: pulumi.Bool(true),
MultiFactorAuthRules: identity.UserMultiFactorAuthRuleArray{
&identity.UserMultiFactorAuthRuleArgs{
Rules: pulumi.StringArray{
pulumi.String("password"),
pulumi.String("totp"),
},
},
&identity.UserMultiFactorAuthRuleArgs{
Rules: pulumi.StringArray{
pulumi.String("password"),
},
},
},
Extra: pulumi.StringMap{
"email": pulumi.String("user_1@foobar.com"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using OpenStack = Pulumi.OpenStack;
return await Deployment.RunAsync(() =>
{
var project1 = new OpenStack.Identity.Project("project_1", new()
{
Name = "project_1",
});
var user1 = new OpenStack.Identity.User("user_1", new()
{
DefaultProjectId = project1.Id,
Name = "user_1",
Description = "A user",
Password = "password123",
IgnoreChangePasswordUponFirstUse = true,
MultiFactorAuthEnabled = true,
MultiFactorAuthRules = new[]
{
new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
{
Rules = new[]
{
"password",
"totp",
},
},
new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
{
Rules = new[]
{
"password",
},
},
},
Extra =
{
{ "email", "user_1@foobar.com" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.openstack.identity.Project;
import com.pulumi.openstack.identity.ProjectArgs;
import com.pulumi.openstack.identity.User;
import com.pulumi.openstack.identity.UserArgs;
import com.pulumi.openstack.identity.inputs.UserMultiFactorAuthRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var project1 = new Project("project1", ProjectArgs.builder()
.name("project_1")
.build());
var user1 = new User("user1", UserArgs.builder()
.defaultProjectId(project1.id())
.name("user_1")
.description("A user")
.password("password123")
.ignoreChangePasswordUponFirstUse(true)
.multiFactorAuthEnabled(true)
.multiFactorAuthRules(
UserMultiFactorAuthRuleArgs.builder()
.rules(
"password",
"totp")
.build(),
UserMultiFactorAuthRuleArgs.builder()
.rules("password")
.build())
.extra(Map.of("email", "user_1@foobar.com"))
.build());
}
}
resources:
project1:
type: openstack:identity:Project
name: project_1
properties:
name: project_1
user1:
type: openstack:identity:User
name: user_1
properties:
defaultProjectId: ${project1.id}
name: user_1
description: A user
password: password123
ignoreChangePasswordUponFirstUse: true
multiFactorAuthEnabled: true
multiFactorAuthRules:
- rules:
- password
- totp
- rules:
- password
extra:
email: user_1@foobar.com
Create User Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new User(name: string, args?: UserArgs, opts?: CustomResourceOptions);
@overload
def User(resource_name: str,
args: Optional[UserArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def User(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_project_id: Optional[str] = None,
description: Optional[str] = None,
domain_id: Optional[str] = None,
enabled: Optional[bool] = None,
extra: Optional[Mapping[str, str]] = None,
ignore_change_password_upon_first_use: Optional[bool] = None,
ignore_lockout_failure_attempts: Optional[bool] = None,
ignore_password_expiry: Optional[bool] = None,
multi_factor_auth_enabled: Optional[bool] = None,
multi_factor_auth_rules: Optional[Sequence[UserMultiFactorAuthRuleArgs]] = None,
name: Optional[str] = None,
password: Optional[str] = None,
region: Optional[str] = None)
func NewUser(ctx *Context, name string, args *UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs? args = null, CustomResourceOptions? opts = null)
type: openstack:identity:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var openstackUserResource = new OpenStack.Identity.User("openstackUserResource", new()
{
DefaultProjectId = "string",
Description = "string",
DomainId = "string",
Enabled = false,
Extra =
{
{ "string", "string" },
},
IgnoreChangePasswordUponFirstUse = false,
IgnoreLockoutFailureAttempts = false,
IgnorePasswordExpiry = false,
MultiFactorAuthEnabled = false,
MultiFactorAuthRules = new[]
{
new OpenStack.Identity.Inputs.UserMultiFactorAuthRuleArgs
{
Rules = new[]
{
"string",
},
},
},
Name = "string",
Password = "string",
Region = "string",
});
example, err := identity.NewUser(ctx, "openstackUserResource", &identity.UserArgs{
DefaultProjectId: pulumi.String("string"),
Description: pulumi.String("string"),
DomainId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Extra: pulumi.StringMap{
"string": pulumi.String("string"),
},
IgnoreChangePasswordUponFirstUse: pulumi.Bool(false),
IgnoreLockoutFailureAttempts: pulumi.Bool(false),
IgnorePasswordExpiry: pulumi.Bool(false),
MultiFactorAuthEnabled: pulumi.Bool(false),
MultiFactorAuthRules: identity.UserMultiFactorAuthRuleArray{
&identity.UserMultiFactorAuthRuleArgs{
Rules: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
Password: pulumi.String("string"),
Region: pulumi.String("string"),
})
var openstackUserResource = new User("openstackUserResource", UserArgs.builder()
.defaultProjectId("string")
.description("string")
.domainId("string")
.enabled(false)
.extra(Map.of("string", "string"))
.ignoreChangePasswordUponFirstUse(false)
.ignoreLockoutFailureAttempts(false)
.ignorePasswordExpiry(false)
.multiFactorAuthEnabled(false)
.multiFactorAuthRules(UserMultiFactorAuthRuleArgs.builder()
.rules("string")
.build())
.name("string")
.password("string")
.region("string")
.build());
openstack_user_resource = openstack.identity.User("openstackUserResource",
default_project_id="string",
description="string",
domain_id="string",
enabled=False,
extra={
"string": "string",
},
ignore_change_password_upon_first_use=False,
ignore_lockout_failure_attempts=False,
ignore_password_expiry=False,
multi_factor_auth_enabled=False,
multi_factor_auth_rules=[{
"rules": ["string"],
}],
name="string",
password="string",
region="string")
const openstackUserResource = new openstack.identity.User("openstackUserResource", {
defaultProjectId: "string",
description: "string",
domainId: "string",
enabled: false,
extra: {
string: "string",
},
ignoreChangePasswordUponFirstUse: false,
ignoreLockoutFailureAttempts: false,
ignorePasswordExpiry: false,
multiFactorAuthEnabled: false,
multiFactorAuthRules: [{
rules: ["string"],
}],
name: "string",
password: "string",
region: "string",
});
type: openstack:identity:User
properties:
defaultProjectId: string
description: string
domainId: string
enabled: false
extra:
string: string
ignoreChangePasswordUponFirstUse: false
ignoreLockoutFailureAttempts: false
ignorePasswordExpiry: false
multiFactorAuthEnabled: false
multiFactorAuthRules:
- rules:
- string
name: string
password: string
region: string
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The User resource accepts the following input properties:
- Default
Project stringId - The default project this user belongs to.
- Description string
- A description of the user.
- Domain
Id string - The domain this user belongs to.
- Enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - Extra Dictionary<string, string>
- Free-form key/value pairs of extra information.
- Ignore
Change boolPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - Ignore
Lockout boolFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - Ignore
Password boolExpiry - User's password will not expire.
Valid values are
true
andfalse
. - Multi
Factor boolAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - Multi
Factor List<Pulumi.Auth Rules Open Stack. Identity. Inputs. User Multi Factor Auth Rule> - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- Name string
- The name of the user.
- Password string
- The password for the user.
- Region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- Default
Project stringId - The default project this user belongs to.
- Description string
- A description of the user.
- Domain
Id string - The domain this user belongs to.
- Enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - Extra map[string]string
- Free-form key/value pairs of extra information.
- Ignore
Change boolPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - Ignore
Lockout boolFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - Ignore
Password boolExpiry - User's password will not expire.
Valid values are
true
andfalse
. - Multi
Factor boolAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - Multi
Factor []UserAuth Rules Multi Factor Auth Rule Args - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- Name string
- The name of the user.
- Password string
- The password for the user.
- Region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project StringId - The default project this user belongs to.
- description String
- A description of the user.
- domain
Id String - The domain this user belongs to.
- enabled Boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Map<String,String>
- Free-form key/value pairs of extra information.
- ignore
Change BooleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout BooleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password BooleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor BooleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor List<UserAuth Rules Multi Factor Auth Rule> - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name String
- The name of the user.
- password String
- The password for the user.
- region String
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project stringId - The default project this user belongs to.
- description string
- A description of the user.
- domain
Id string - The domain this user belongs to.
- enabled boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra {[key: string]: string}
- Free-form key/value pairs of extra information.
- ignore
Change booleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout booleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password booleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor booleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor UserAuth Rules Multi Factor Auth Rule[] - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name string
- The name of the user.
- password string
- The password for the user.
- region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default_
project_ strid - The default project this user belongs to.
- description str
- A description of the user.
- domain_
id str - The domain this user belongs to.
- enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Mapping[str, str]
- Free-form key/value pairs of extra information.
- ignore_
change_ boolpassword_ upon_ first_ use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore_
lockout_ boolfailure_ attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore_
password_ boolexpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi_
factor_ boolauth_ enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi_
factor_ Sequence[Userauth_ rules Multi Factor Auth Rule Args] - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name str
- The name of the user.
- password str
- The password for the user.
- region str
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project StringId - The default project this user belongs to.
- description String
- A description of the user.
- domain
Id String - The domain this user belongs to.
- enabled Boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Map<String>
- Free-form key/value pairs of extra information.
- ignore
Change BooleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout BooleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password BooleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor BooleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor List<Property Map>Auth Rules - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name String
- The name of the user.
- password String
- The password for the user.
- region String
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing User Resource
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
default_project_id: Optional[str] = None,
description: Optional[str] = None,
domain_id: Optional[str] = None,
enabled: Optional[bool] = None,
extra: Optional[Mapping[str, str]] = None,
ignore_change_password_upon_first_use: Optional[bool] = None,
ignore_lockout_failure_attempts: Optional[bool] = None,
ignore_password_expiry: Optional[bool] = None,
multi_factor_auth_enabled: Optional[bool] = None,
multi_factor_auth_rules: Optional[Sequence[UserMultiFactorAuthRuleArgs]] = None,
name: Optional[str] = None,
password: Optional[str] = None,
region: Optional[str] = None) -> User
func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
public static User get(String name, Output<String> id, UserState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Default
Project stringId - The default project this user belongs to.
- Description string
- A description of the user.
- Domain
Id string - The domain this user belongs to.
- Enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - Extra Dictionary<string, string>
- Free-form key/value pairs of extra information.
- Ignore
Change boolPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - Ignore
Lockout boolFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - Ignore
Password boolExpiry - User's password will not expire.
Valid values are
true
andfalse
. - Multi
Factor boolAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - Multi
Factor List<Pulumi.Auth Rules Open Stack. Identity. Inputs. User Multi Factor Auth Rule> - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- Name string
- The name of the user.
- Password string
- The password for the user.
- Region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- Default
Project stringId - The default project this user belongs to.
- Description string
- A description of the user.
- Domain
Id string - The domain this user belongs to.
- Enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - Extra map[string]string
- Free-form key/value pairs of extra information.
- Ignore
Change boolPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - Ignore
Lockout boolFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - Ignore
Password boolExpiry - User's password will not expire.
Valid values are
true
andfalse
. - Multi
Factor boolAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - Multi
Factor []UserAuth Rules Multi Factor Auth Rule Args - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- Name string
- The name of the user.
- Password string
- The password for the user.
- Region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project StringId - The default project this user belongs to.
- description String
- A description of the user.
- domain
Id String - The domain this user belongs to.
- enabled Boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Map<String,String>
- Free-form key/value pairs of extra information.
- ignore
Change BooleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout BooleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password BooleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor BooleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor List<UserAuth Rules Multi Factor Auth Rule> - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name String
- The name of the user.
- password String
- The password for the user.
- region String
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project stringId - The default project this user belongs to.
- description string
- A description of the user.
- domain
Id string - The domain this user belongs to.
- enabled boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra {[key: string]: string}
- Free-form key/value pairs of extra information.
- ignore
Change booleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout booleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password booleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor booleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor UserAuth Rules Multi Factor Auth Rule[] - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name string
- The name of the user.
- password string
- The password for the user.
- region string
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default_
project_ strid - The default project this user belongs to.
- description str
- A description of the user.
- domain_
id str - The domain this user belongs to.
- enabled bool
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Mapping[str, str]
- Free-form key/value pairs of extra information.
- ignore_
change_ boolpassword_ upon_ first_ use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore_
lockout_ boolfailure_ attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore_
password_ boolexpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi_
factor_ boolauth_ enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi_
factor_ Sequence[Userauth_ rules Multi Factor Auth Rule Args] - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name str
- The name of the user.
- password str
- The password for the user.
- region str
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
- default
Project StringId - The default project this user belongs to.
- description String
- A description of the user.
- domain
Id String - The domain this user belongs to.
- enabled Boolean
- Whether the user is enabled or disabled. Valid
values are
true
andfalse
. - extra Map<String>
- Free-form key/value pairs of extra information.
- ignore
Change BooleanPassword Upon First Use - User will not have to
change their password upon first use. Valid values are
true
andfalse
. - ignore
Lockout BooleanFailure Attempts - User will not have a failure
lockout placed on their account. Valid values are
true
andfalse
. - ignore
Password BooleanExpiry - User's password will not expire.
Valid values are
true
andfalse
. - multi
Factor BooleanAuth Enabled - Whether to enable multi-factor
authentication. Valid values are
true
andfalse
. - multi
Factor List<Property Map>Auth Rules - A multi-factor authentication rule. The structure is documented below. Please see the Ocata release notes for more information on how to use mulit-factor rules.
- name String
- The name of the user.
- password String
- The password for the user.
- region String
- The region in which to obtain the V3 Keystone client.
If omitted, the
region
argument of the provider is used. Changing this creates a new User.
Supporting Types
UserMultiFactorAuthRule, UserMultiFactorAuthRuleArgs
- Rules List<string>
- A list of authentication plugins that the user must authenticate with.
- Rules []string
- A list of authentication plugins that the user must authenticate with.
- rules List<String>
- A list of authentication plugins that the user must authenticate with.
- rules string[]
- A list of authentication plugins that the user must authenticate with.
- rules Sequence[str]
- A list of authentication plugins that the user must authenticate with.
- rules List<String>
- A list of authentication plugins that the user must authenticate with.
Import
Users can be imported using the id
, e.g.
$ pulumi import openstack:identity/user:User user_1 89c60255-9bd6-460c-822a-e2b959ede9d2
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- OpenStack pulumi/pulumi-openstack
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
openstack
Terraform Provider.