Manages a V3 User resource within OpenStack Keystone.
resource "openstack_identity_project_v3" "project_1" {
name = "project_1"
}
resource "openstack_identity_user_v3" "user_1" {
default_project_id = openstack_identity_project_v3.project_1.id
name = "user_1"
description = "A user"
password = "password123"
ignore_change_password_upon_first_use = true
multi_factor_auth_enabled = true
multi_factor_auth_rule {
rule = ["password", "totp"]
}
multi_factor_auth_rule {
rule = ["password"]
}
extra = {
email = "user_1@foobar.com"
}
}
The following arguments are supported:
description
- (Optional) A description of the user.
default_project_id
- (Optional) The default project this user belongs to.
domain_id
- (Optional) The domain this user belongs to.
enabled
- (Optional) Whether the user is enabled or disabled. Valid
values are true
and false
.
extra
- (Optional) Free-form key/value pairs of extra information.
ignore_change_password_upon_first_use
- (Optional) User will not have to
change their password upon first use. Valid values are true
and false
.
ignore_password_expiry
- (Optional) User's password will not expire.
Valid values are true
and false
.
ignore_lockout_failure_attempts
- (Optional) User will not have a failure
lockout placed on their account. Valid values are true
and false
.
multi_factor_auth_enabled
- (Optional) Whether to enable multi-factor
authentication. Valid values are true
and false
.
multi_factor_auth_rule
- (Optional) A multi-factor authentication rule.
The structure is documented below. Please see the
Ocata release notes
for more information on how to use mulit-factor rules.
name
- (Optional) The name of the user.
password
- (Optional) The password for the user.
region
- (Optional) The region in which to obtain the V3 Keystone client.
If omitted, the region
argument of the provider is used. Changing this
creates a new User.
The multi_factor_auth_rule
block supports:
rule
- (Required) A list of authentication plugins that the user must
authenticate with.The following attributes are exported:
domain_id
- See Argument Reference above.Users can be imported using the id
, e.g.
$ terraform import openstack_identity_user_v3.user_1 89c60255-9bd6-460c-822a-e2b959ede9d2