openstack/python-openstackclient
Code Issues Proposed changes
bf32cdf3a9
python-openstackclient/doc/source/cli/command-objects/network-rbac.rst
Dongcan Ye 9ca99b9919 Network: Add supports rbac target-all-projects 
Add a boolean option "target-all-projects",
which allows creating rbac policy for all projects.

Change-Id: Ie3af83a1bba7dd66e83b0595bb276bf8fd105831
Closes-Bug: #1728525
Closes-Bug: #1704834
2017-11-05 01:16:48 -05:00

3.3 KiB
Raw Blame History

network rbac

A network rbac is a Role-Based Access Control (RBAC) policy for network resources. It enables both operators and users to grant access to network resources for specific projects.

Network v2

network rbac create

Create network RBAC policy

network rbac create

openstack network rbac create
    --type <type>
    --action <action>
    [--target-project <target-project> | --target-all-projects]
    [--target-project-domain <target-project-domain>]
    [--project <project> [--project-domain <project-domain>]]
    <rbac-policy>

--type <type>

Type of the object that RBAC policy affects ("qos_policy" or "network") (required)

--action <action>

Action for the RBAC policy ("access_as_external" or "access_as_shared") (required)

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-all-projects

Allow creating RBAC policy for all projects.

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

--project <project>

The owner project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

The object to which this RBAC policy affects (name or ID)

network rbac delete

Delete network RBAC policy(s)

network rbac delete

openstack network rbac delete
    <rbac-policy> [<rbac-policy> ...]




RBAC policy(s) to delete (ID only)

network rbac list

List network RBAC policies

network rbac list

openstack network rbac list
    [--type <type>]
    [--action <action>]
    [--long]

--type <type>

List network RBAC policies according to given object type ("qos_policy" or "network")

--action <action>

List network RBAC policies according to given action ("access_as_external" or "access_as_shared")

--long

List additional fields in output

network rbac set

Set network RBAC policy properties

network rbac set

openstack network rbac set
    [--target-project <target-project> [--target-project-domain <target-project-domain>]]
    <rbac-policy>

--target-project <target-project>

The project to which the RBAC policy will be enforced (name or ID)

--target-project-domain <target-project-domain>

Domain the target project belongs to (name or ID). This can be used in case collisions between project names exist.

RBAC policy to be modified (ID only)

network rbac show

Display network RBAC policy details

network rbac show

openstack network rbac show
    <rbac-policy>




RBAC policy (ID only)