@pulumi/openstack

import * as pulumi from "@pulumi/pulumi"; /** * The RBAC policy resource contains functionality for working with Neutron RBAC * Policies. Role-Based Access Control (RBAC) policy framework enables both * operators and users to grant access to resources for specific projects. * * Sharing an object with a specific project is accomplished by creating a * policy entry that permits the target project the `accessAsShared` action * on that object. * * To make a network available as an external network for specific projects * rather than all projects, use the `accessAsExternal` action. * If a network is marked as external during creation, it now implicitly creates * a wildcard RBAC policy granting everyone access to preserve previous behavior * before this feature was added. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as openstack from "@pulumi/openstack"; * * const network1 = new openstack.networking.Network("network_1", { * name: "network_1", * adminStateUp: true, * }); * const rbacPolicy1 = new openstack.networking.RbacPolicyV2("rbac_policy_1", { * action: "access_as_shared", * objectId: network1.id, * objectType: "network", * targetTenant: "20415a973c9e45d3917f078950644697", * }); * ``` * * ## Import * * RBAC policies can be imported using the `id`, e.g. * * ```sh * $ pulumi import openstack:networking/rbacPolicyV2:RbacPolicyV2 rbac_policy_1 eae26a3e-1c33-4cc1-9c31-0cd729c438a1 * ``` */ export declare class RbacPolicyV2 extends pulumi.CustomResource { /** * Get an existing RbacPolicyV2 resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RbacPolicyV2State, opts?: pulumi.CustomResourceOptions): RbacPolicyV2; /** * Returns true if the given object is an instance of RbacPolicyV2. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RbacPolicyV2; /** * Action for the RBAC policy. Can either be * `accessAsExternal` or `accessAsShared`. */ readonly action: pulumi.Output<string>; /** * The ID of the `objectType` resource. An * `objectType` of `network` returns a network ID and an `objectType` of * `qosPolicy` returns a QoS ID. */ readonly objectId: pulumi.Output<string>; /** * The type of the object that the RBAC policy * affects. Can be one of the following: `addressScope`, `addressGroup`, * `network`, `qosPolicy`, `securityGroup`, `subnetpool` or `bgpvpn`. */ readonly objectType: pulumi.Output<string>; readonly projectId: pulumi.Output<string>; /** * The region in which to obtain the V2 networking client. * A networking client is needed to configure a routing entry on a subnet. If omitted, the * `region` argument of the provider is used. Changing this creates a new * routing entry. */ readonly region: pulumi.Output<string>; /** * The ID of the tenant to which the RBAC policy * will be enforced. */ readonly targetTenant: pulumi.Output<string>; /** * Create a RbacPolicyV2 resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RbacPolicyV2Args, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RbacPolicyV2 resources. */ export interface RbacPolicyV2State { /** * Action for the RBAC policy. Can either be * `accessAsExternal` or `accessAsShared`. */ action?: pulumi.Input<string>; /** * The ID of the `objectType` resource. An * `objectType` of `network` returns a network ID and an `objectType` of * `qosPolicy` returns a QoS ID. */ objectId?: pulumi.Input<string>; /** * The type of the object that the RBAC policy * affects. Can be one of the following: `addressScope`, `addressGroup`, * `network`, `qosPolicy`, `securityGroup`, `subnetpool` or `bgpvpn`. */ objectType?: pulumi.Input<string>; projectId?: pulumi.Input<string>; /** * The region in which to obtain the V2 networking client. * A networking client is needed to configure a routing entry on a subnet. If omitted, the * `region` argument of the provider is used. Changing this creates a new * routing entry. */ region?: pulumi.Input<string>; /** * The ID of the tenant to which the RBAC policy * will be enforced. */ targetTenant?: pulumi.Input<string>; } /** * The set of arguments for constructing a RbacPolicyV2 resource. */ export interface RbacPolicyV2Args { /** * Action for the RBAC policy. Can either be * `accessAsExternal` or `accessAsShared`. */ action: pulumi.Input<string>; /** * The ID of the `objectType` resource. An * `objectType` of `network` returns a network ID and an `objectType` of * `qosPolicy` returns a QoS ID. */ objectId: pulumi.Input<string>; /** * The type of the object that the RBAC policy * affects. Can be one of the following: `addressScope`, `addressGroup`, * `network`, `qosPolicy`, `securityGroup`, `subnetpool` or `bgpvpn`. */ objectType: pulumi.Input<string>; /** * The region in which to obtain the V2 networking client. * A networking client is needed to configure a routing entry on a subnet. If omitted, the * `region` argument of the provider is used. Changing this creates a new * routing entry. */ region?: pulumi.Input<string>; /** * The ID of the tenant to which the RBAC policy * will be enforced. */ targetTenant: pulumi.Input<string>; }