openstack/openstack-manuals
Code Issues Proposed changes

Clean up project and role section

Browse Source 
Restructured procedures, removing numbered lists
as appropriate and dividing content with titles.

Change-Id: I3ce74158d44fd7392f42f27e71f12cca0c945a91
Closes-Bug: #1476889
This commit is contained in:
Brian Moss 2015-07-22 15:25:40 +10:00
parent 3f938bbc9b
commit 3a8c34699a
1 changed files with 189 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

411
doc/user-guide-admin/source/manage_projects_users_and_roles.rst
View File

@ -38,50 +38,42 @@ virtual machines. In Object Storage, a project owns containers. Users
can be associated with more than one project. Each project and user
pairing can have a role associated with it.
List projects
^^^^^^^^^^^^^
List all projects with their ID, name, and whether they are
enabled or disabled:
.. code:: console
$ openstack project list
+----------------------------------+--------------------+
| id | name |
+----------------------------------+--------------------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin |
| c150ab41f0d9443f8874e32e725a4cc8 | alt_demo |
| a9debfe41a6d4d09a677da737b907d5e | demo |
| 9208739195a34c628c58c95d157917d7 | invisible_to_admin |
| 3943a53dc92a49b2827fae94363851e1 | service |
| 80cab5e1f02045abad92a2864cfd76cb | test_project |
+----------------------------------+--------------------+
Create a project
^^^^^^^^^^^^^^^^
#. To list all projects with their ID, name, and whether they are
enabled or disabled:
Create a project named ``new-project``:
.. code::
.. code:: console
$ openstack project list
.. code::
+----------------------------------+--------------------+
| id | name |
+----------------------------------+--------------------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin |
| c150ab41f0d9443f8874e32e725a4cc8 | alt_demo |
| a9debfe41a6d4d09a677da737b907d5e | demo |
| 9208739195a34c628c58c95d157917d7 | invisible_to_admin |
| 3943a53dc92a49b2827fae94363851e1 | service |
| 80cab5e1f02045abad92a2864cfd76cb | test_project |
+----------------------------------+--------------------+
#. Create a project named ``new-project``:
.. code::
$ openstack project create --description 'my new project' new-project
By default, the project is enabled.
.. code::
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | my new project |
| enabled | True |
| id | 1a4a0618b306462c9830f876b0bd6af2 |
| name | new-project |
+-------------+----------------------------------+
Note the ID for the project so you can update it in the next
procedure.
$ openstack project create --description 'my new project' new-project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | my new project |
| enabled | True |
| id | 1a4a0618b306462c9830f876b0bd6af2 |
| name | new-project |
+-------------+----------------------------------+
Update a project
^^^^^^^^^^^^^^^^
@ -89,32 +81,29 @@ Update a project
Specify the project ID to update a project. You can update the name,
description, and enabled status of a project.
#. To temporarily disable a project:
- To temporarily disable a project:
.. code::
.. code:: console
$ openstack project set PROJECT_ID --disable
#. To enable a disabled project:
- To enable a disabled project:
.. code::
.. code:: console
$ openstack project set PROJECT_ID --enable
#. To update the name of a project:
- To update the name of a project:
.. code::
.. code:: console
$ openstack project set PROJECT_ID --name project-new
#. To verify your changes, show information for the updated project:
- To verify your changes, show information for the updated project:
.. code::
.. code:: console
$ openstack project show PROJECT_ID
.. code::
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
@ -127,68 +116,63 @@ description, and enabled status of a project.
Delete a project
^^^^^^^^^^^^^^^^
- To delete a project:
Specify the project ID to delete a project:
.. code::
.. code:: console
$ openstack project delete PROJECT_ID
$ openstack project delete PROJECT_ID
User
~~~~
List users
^^^^^^^^^^
List all users:
.. code:: console
$ openstack user list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 352b37f5c89144d4ad0534139266d51f | admin |
| 86c0de739bcb4802b8dc786921355813 | demo |
| 32ec34aae8ea432e8af560a1cec0e881 | glance |
| 7047fcb7908e420cb36e13bbd72c972c | nova |
+----------------------------------+----------+
Create a user
^^^^^^^^^^^^^
#. To list all users:
To create a user, you must specify a name. Optionally, you can
specify a tenant ID, password, and email address. It is recommended
that you include the tenant ID and password because the user cannot
log in to the dashboard without this information.
.. code::
Create the ``new-user`` user:
$ openstack user list
.. code:: console
The output shows the ID and name for each user:
.. code::
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 352b37f5c89144d4ad0534139266d51f | admin |
| 86c0de739bcb4802b8dc786921355813 | demo |
| 32ec34aae8ea432e8af560a1cec0e881 | glance |
| 7047fcb7908e420cb36e13bbd72c972c | nova |
+----------------------------------+----------+
#. To create a user, you must specify a name. Optionally, you can
specify a tenant ID, password, and email address. It is recommended
that you include the tenant ID and password because the user cannot
log in to the dashboard without this information.
To create the ``new-user`` user:
.. code::
$ openstack user create --project new-project --password PASSWORD new-user
.. code::
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 6e5140962b424cb9814fb172889d3be2 |
| name | new-user |
| tenantId | new-project |
+----------+----------------------------------+
$ openstack user create --project new-project --password PASSWORD new-user
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 6e5140962b424cb9814fb172889d3be2 |
| name | new-user |
| tenantId | new-project |
+----------+----------------------------------+
Update a user
^^^^^^^^^^^^^
You can update the name, email address, and enabled status for a user.
#. To temporarily disable a user account:
- To temporarily disable a user account:
.. code::
.. code:: console
$ openstack user set USER_NAME --disable
@ -196,189 +180,172 @@ You can update the name, email address, and enabled status for a user.
dashboard. However, data for the user account is maintained, so you
can enable the user at any time.
#. To enable a disabled user account:
- To enable a disabled user account:
.. code::
.. code:: console
$ openstack user set USER_NAME --enable
#. To change the name and description for a user account:
- To change the name and description for a user account:
.. code::
.. code:: console
$ openstack user set USER_NAME --name user-new --email new-user@example.com
.. code::
User has been updated.
Delete a user
^^^^^^^^^^^^^
- To delete a specified user account:
Delete a specified user account:
.. code::
.. code:: console
$ openstack user delete USER_NAME
$ openstack user delete USER_NAME
Roles and role assignments
~~~~~~~~~~~~~~~~~~~~~~~~~~
Create and assign a role
^^^^^^^^^^^^^^^^^^^^^^^^
List available roles
^^^^^^^^^^^^^^^^^^^^
List the available roles:
.. code:: console
$ openstack user list
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 6ecf391421604da985db2f141e46a7c8 | admin |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
+----------------------------------+---------------+
Create a role
^^^^^^^^^^^^^
Users can be members of multiple projects. To assign users to multiple
projects, define a role and assign that role to a user-project pair.
#. To list the available roles:
Create the ``new-role`` role:
.. code::
.. code:: console
$ openstack user list
$ openstack role create new-role
+--------+----------------------------------+
| Field | Value |
+--------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+--------+----------------------------------+
.. code::
Assign a role
^^^^^^^^^^^^^
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 6ecf391421604da985db2f141e46a7c8 | admin |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
+----------------------------------+---------------+
To assign a user to a project, you must assign the role to a
user-project pair. To do this, you need the user, role, and project
IDs.
#. To create the ``new-role`` role:
#. List users and note the user ID you want to assign to the role:
.. code::
.. code:: console
$ openstack role create new-role
$ openstack user list
+----------------------------------+----------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
| 352b37f5c89144d4ad0534139266d51f | admin | True | admin@example.com |
| 981422ec906d4842b2fc2a8658a5b534 | alt_demo | True | alt_demo@example.com |
| 036e22a764ae497992f5fb8e9fd79896 | cinder | True | cinder@example.com |
| 86c0de739bcb4802b8dc786921355813 | demo | True | demo@example.com |
| 32ec34aae8ea432e8af560a1cec0e881 | glance | True | glance@example.com |
| 7047fcb7908e420cb36e13bbd72c972c | nova | True | nova@example.com |
+----------------------------------+----------+---------+----------------------+
.. code::
#. List role IDs and note the role ID you want to assign:
+--------+----------------------------------+
| Field | Value |
+--------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+--------+----------------------------------+
.. code:: console
#. To assign a user to a project, you must assign the role to a
user-project pair. To do this, you need the user, role, and project
IDs.
$ openstack role list
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 6ecf391421604da985db2f141e46a7c8 | admin |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
| bef1f95537914b1295da6aa038ef4de6 | new-role |
+----------------------------------+---------------+
#. To list users:
#. List projects and note the project ID you want to assign to the role:
.. code::
.. code:: console
$ openstack user list
.. code::
+----------------------------------+----------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
| 352b37f5c89144d4ad0534139266d51f | admin | True | admin@example.com |
| 981422ec906d4842b2fc2a8658a5b534 | alt_demo | True | alt_demo@example.com |
| 036e22a764ae497992f5fb8e9fd79896 | cinder | True | cinder@example.com |
| 86c0de739bcb4802b8dc786921355813 | demo | True | demo@example.com |
| 32ec34aae8ea432e8af560a1cec0e881 | glance | True | glance@example.com |
| 7047fcb7908e420cb36e13bbd72c972c | nova | True | nova@example.com |
+----------------------------------+----------+---------+----------------------+
Note the user ID to be assigned to the role.
#. To list role IDs:
.. code::
$ openstack role list
.. code::
+----------------------------------+---------------+
| id | name |
+----------------------------------+---------------+
| 71ccc37d41c8491c975ae72676db687f | Member |
| 149f50a1fe684bfa88dae76a48d26ef7 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 6ecf391421604da985db2f141e46a7c8 | admin |
| deb4fffd123c4d02a907c2c74559dccf | anotherrole |
| bef1f95537914b1295da6aa038ef4de6 | new-role |
+----------------------------------+---------------+
Note the role ID to be assigned.
#. To list projects:
.. code::
$ openstack project list
.. code::
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin | True |
| c150ab41f0d9443f8874e32e725a4cc8 | alt_demo | True |
| a9debfe41a6d4d09a677da737b907d5e | demo | True |
| 9208739195a34c628c58c95d157917d7 | invisible_to_admin | True |
| caa9b4ce7d5c4225aa25d6ff8b35c31f | new-user | True |
| 1a4a0618b306462c9830f876b0bd6af2 | project-new | True |
| 3943a53dc92a49b2827fae94363851e1 | service | True |
| 80cab5e1f02045abad92a2864cfd76cb | test_project | True |
+----------------------------------+--------------------+---------+
Note the project ID to be assigned to the role.
$ openstack project list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| f7ac731cc11f40efbc03a9f9e1d1d21f | admin | True |
| c150ab41f0d9443f8874e32e725a4cc8 | alt_demo | True |
| a9debfe41a6d4d09a677da737b907d5e | demo | True |
| 9208739195a34c628c58c95d157917d7 | invisible_to_admin | True |
| caa9b4ce7d5c4225aa25d6ff8b35c31f | new-user | True |
| 1a4a0618b306462c9830f876b0bd6af2 | project-new | True |
| 3943a53dc92a49b2827fae94363851e1 | service | True |
| 80cab5e1f02045abad92a2864cfd76cb | test_project | True |
+----------------------------------+--------------------+---------+
#. Assign a role to a user-project pair. In this example, assign the
``new-role`` role to the ``demo`` and ``test-project`` pair:
.. code::
.. code:: console
$ openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME
$ openstack role add --user USER_NAME --project TENANT_ID ROLE_NAME
#. To verify the role assignment:
#. Verify the role assignment:
.. code::
.. code:: console
$ openstack role list --user USER_NAME --project TENANT_ID
$ openstack role list --user USER_NAME --project TENANT_ID
+--------------+----------+---------------------------+--------------+
| id | name | user_id | tenant_id |
+--------------+----------+---------------------------+--------------+
| bef1f9553... | new-role | 86c0de739bcb4802b21355... | 80cab5e1f... |
+--------------+----------+---------------------------+--------------+
.. code::
View role details
^^^^^^^^^^^^^^^^^
+--------------+----------+----------------------------------+--------------+
| id | name | user_id | tenant_id |
+--------------+----------+----------------------------------+--------------+
| bef1f9553... | new-role | 86c0de739bcb4802b8dc786921355813 | 80cab5e1f... |
+--------------+----------+----------------------------------+--------------+
View details for a specified role:
#. To get details for a specified role:
.. code:: console
.. code::
$ openstack role show ROLE_NAME
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+----------+----------------------------------+
$ openstack role show ROLE_NAME
Remove a role
^^^^^^^^^^^^^
.. code::
Remove a role from a user-project pair:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| id | bef1f95537914b1295da6aa038ef4de6 |
| name | new-role |
+----------+----------------------------------+
#. Run :command:`openstack role remove`:
#. To remove a role from a user-project pair:
.. code:: console
.. code::
$ openstack role remove --user USER_NAME --project TENANT_ID ROLE_NAME
$ openstack role remove --user USER_NAME --project TENANT_ID ROLE_NAME
#. Verify the role removal:
#. To verify the role removal, run the following command:
.. code:: console
.. code::
$ openstack role list --user USER_NAME --project TENANT_ID
$ openstack role list --user USER_NAME --project TENANT_ID
If the role was removed, the command output omits the removed role.