1. Packages
  2. OpenStack
  3. API Docs
  4. networking
  5. RbacPolicyV2
OpenStack v4.0.0 published on Tuesday, May 21, 2024 by Pulumi


Explore with Pulumi AI

openstack logo
OpenStack v4.0.0 published on Tuesday, May 21, 2024 by Pulumi

    The RBAC policy resource contains functionality for working with Neutron RBAC Policies. Role-Based Access Control (RBAC) policy framework enables both operators and users to grant access to resources for specific projects.

    Sharing an object with a specific project is accomplished by creating a policy entry that permits the target project the access_as_shared action on that object.

    To make a network available as an external network for specific projects rather than all projects, use the access_as_external action. If a network is marked as external during creation, it now implicitly creates a wildcard RBAC policy granting everyone access to preserve previous behavior before this feature was added.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as openstack from "@pulumi/openstack";
    const network1 = new openstack.networking.Network("network_1", {
        name: "network_1",
        adminStateUp: true,
    const rbacPolicy1 = new openstack.networking.RbacPolicyV2("rbac_policy_1", {
        action: "access_as_shared",
        objectId: network1.id,
        objectType: "network",
        targetTenant: "20415a973c9e45d3917f078950644697",
    import pulumi
    import pulumi_openstack as openstack
    network1 = openstack.networking.Network("network_1",
    rbac_policy1 = openstack.networking.RbacPolicyV2("rbac_policy_1",
    package main
    import (
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		network1, err := networking.NewNetwork(ctx, "network_1", &networking.NetworkArgs{
    			Name:         pulumi.String("network_1"),
    			AdminStateUp: pulumi.Bool(true),
    		if err != nil {
    			return err
    		_, err = networking.NewRbacPolicyV2(ctx, "rbac_policy_1", &networking.RbacPolicyV2Args{
    			Action:       pulumi.String("access_as_shared"),
    			ObjectId:     network1.ID(),
    			ObjectType:   pulumi.String("network"),
    			TargetTenant: pulumi.String("20415a973c9e45d3917f078950644697"),
    		if err != nil {
    			return err
    		return nil
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using OpenStack = Pulumi.OpenStack;
    return await Deployment.RunAsync(() => 
        var network1 = new OpenStack.Networking.Network("network_1", new()
            Name = "network_1",
            AdminStateUp = true,
        var rbacPolicy1 = new OpenStack.Networking.RbacPolicyV2("rbac_policy_1", new()
            Action = "access_as_shared",
            ObjectId = network1.Id,
            ObjectType = "network",
            TargetTenant = "20415a973c9e45d3917f078950644697",
    package generated_program;
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.openstack.networking.Network;
    import com.pulumi.openstack.networking.NetworkArgs;
    import com.pulumi.openstack.networking.RbacPolicyV2;
    import com.pulumi.openstack.networking.RbacPolicyV2Args;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    public class App {
        public static void main(String[] args) {
        public static void stack(Context ctx) {
            var network1 = new Network("network1", NetworkArgs.builder()        
            var rbacPolicy1 = new RbacPolicyV2("rbacPolicy1", RbacPolicyV2Args.builder()        
        type: openstack:networking:Network
        name: network_1
          name: network_1
          adminStateUp: 'true'
        type: openstack:networking:RbacPolicyV2
        name: rbac_policy_1
          action: access_as_shared
          objectId: ${network1.id}
          objectType: network
          targetTenant: 20415a973c9e45d3917f078950644697

    Create RbacPolicyV2 Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new RbacPolicyV2(name: string, args: RbacPolicyV2Args, opts?: CustomResourceOptions);
    def RbacPolicyV2(resource_name: str,
                     args: RbacPolicyV2Args,
                     opts: Optional[ResourceOptions] = None)
    def RbacPolicyV2(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     action: Optional[str] = None,
                     object_id: Optional[str] = None,
                     object_type: Optional[str] = None,
                     target_tenant: Optional[str] = None,
                     region: Optional[str] = None)
    func NewRbacPolicyV2(ctx *Context, name string, args RbacPolicyV2Args, opts ...ResourceOption) (*RbacPolicyV2, error)
    public RbacPolicyV2(string name, RbacPolicyV2Args args, CustomResourceOptions? opts = null)
    public RbacPolicyV2(String name, RbacPolicyV2Args args)
    public RbacPolicyV2(String name, RbacPolicyV2Args args, CustomResourceOptions options)
    type: openstack:networking:RbacPolicyV2
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.


    name string
    The unique name of the resource.
    args RbacPolicyV2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RbacPolicyV2Args
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RbacPolicyV2Args
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RbacPolicyV2Args
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RbacPolicyV2Args
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var rbacPolicyV2Resource = new OpenStack.Networking.RbacPolicyV2("rbacPolicyV2Resource", new()
        Action = "string",
        ObjectId = "string",
        ObjectType = "string",
        TargetTenant = "string",
        Region = "string",
    example, err := networking.NewRbacPolicyV2(ctx, "rbacPolicyV2Resource", &networking.RbacPolicyV2Args{
    	Action:       pulumi.String("string"),
    	ObjectId:     pulumi.String("string"),
    	ObjectType:   pulumi.String("string"),
    	TargetTenant: pulumi.String("string"),
    	Region:       pulumi.String("string"),
    var rbacPolicyV2Resource = new RbacPolicyV2("rbacPolicyV2Resource", RbacPolicyV2Args.builder()
    rbac_policy_v2_resource = openstack.networking.RbacPolicyV2("rbacPolicyV2Resource",
    const rbacPolicyV2Resource = new openstack.networking.RbacPolicyV2("rbacPolicyV2Resource", {
        action: "string",
        objectId: "string",
        objectType: "string",
        targetTenant: "string",
        region: "string",
    type: openstack:networking:RbacPolicyV2
        action: string
        objectId: string
        objectType: string
        region: string
        targetTenant: string

    RbacPolicyV2 Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.


    The RbacPolicyV2 resource accepts the following input properties:

    Action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    ObjectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    ObjectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    TargetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    Region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    Action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    ObjectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    ObjectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    TargetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    Region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    action String
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId String
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType String
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    targetTenant String
    The ID of the tenant to which the RBAC policy will be enforced.
    region String
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    targetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    action str
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    object_id str
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    object_type str
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    target_tenant str
    The ID of the tenant to which the RBAC policy will be enforced.
    region str
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    action String
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId String
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType String
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    targetTenant String
    The ID of the tenant to which the RBAC policy will be enforced.
    region String
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.


    All input properties are implicitly available as output properties. Additionally, the RbacPolicyV2 resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ProjectId string
    Id string
    The provider-assigned unique ID for this managed resource.
    ProjectId string
    id String
    The provider-assigned unique ID for this managed resource.
    projectId String
    id string
    The provider-assigned unique ID for this managed resource.
    projectId string
    id str
    The provider-assigned unique ID for this managed resource.
    project_id str
    id String
    The provider-assigned unique ID for this managed resource.
    projectId String

    Look up Existing RbacPolicyV2 Resource

    Get an existing RbacPolicyV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RbacPolicyV2State, opts?: CustomResourceOptions): RbacPolicyV2
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            action: Optional[str] = None,
            object_id: Optional[str] = None,
            object_type: Optional[str] = None,
            project_id: Optional[str] = None,
            region: Optional[str] = None,
            target_tenant: Optional[str] = None) -> RbacPolicyV2
    func GetRbacPolicyV2(ctx *Context, name string, id IDInput, state *RbacPolicyV2State, opts ...ResourceOption) (*RbacPolicyV2, error)
    public static RbacPolicyV2 Get(string name, Input<string> id, RbacPolicyV2State? state, CustomResourceOptions? opts = null)
    public static RbacPolicyV2 get(String name, Output<String> id, RbacPolicyV2State state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The unique name of the resulting resource.
    The unique provider ID of the resource to lookup.
    Any extra arguments used during the lookup.
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    ObjectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    ObjectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    ProjectId string
    Region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    TargetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    Action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    ObjectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    ObjectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    ProjectId string
    Region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    TargetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    action String
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId String
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType String
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    projectId String
    region String
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    targetTenant String
    The ID of the tenant to which the RBAC policy will be enforced.
    action string
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId string
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType string
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    projectId string
    region string
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    targetTenant string
    The ID of the tenant to which the RBAC policy will be enforced.
    action str
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    object_id str
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    object_type str
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    project_id str
    region str
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    target_tenant str
    The ID of the tenant to which the RBAC policy will be enforced.
    action String
    Action for the RBAC policy. Can either be access_as_external or access_as_shared.
    objectId String
    The ID of the object_type resource. An object_type of network returns a network ID and an object_type of qos_policy returns a QoS ID.
    objectType String
    The type of the object that the RBAC policy affects. Can be one of the following: address_scope, address_group, network, qos_policy, security_group or subnetpool.
    projectId String
    region String
    The region in which to obtain the V2 networking client. A networking client is needed to configure a routing entry on a subnet. If omitted, the region argument of the provider is used. Changing this creates a new routing entry.
    targetTenant String
    The ID of the tenant to which the RBAC policy will be enforced.


    RBAC policies can be imported using the id, e.g.

    $ pulumi import openstack:networking/rbacPolicyV2:RbacPolicyV2 rbac_policy_1 eae26a3e-1c33-4cc1-9c31-0cd729c438a1

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    OpenStack pulumi/pulumi-openstack
    This Pulumi package is based on the openstack Terraform Provider.
    openstack logo
    OpenStack v4.0.0 published on Tuesday, May 21, 2024 by Pulumi